Il mio avg mi rileva sei infezioni(troyan) che non riesce ad eliminare. Posto il log per una verifica. Grazie

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8.07.28, on 12/07/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\AVG\AVG9\avgchsvx.exe
C:\Programmi\AVG\AVG9\avgrsx.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\ASUS\TurboV\TurboV.exe
C:\Programmi\ASUS\AI Suite\AiNap\AiNap.exe
C:\Programmi\ASUS\AI Suite\QFan3\QFanHelp.exe
C:\Programmi\ASUS\EPU-6 Engine\SixEngine.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Programmi\Logitech\Logitech WebCam Software\LWS.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICLE.EXE
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\Programmi\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Programmi\AVG\AVG9\avgwdsvc.exe
C:\ASUS.SYS\config\DVMExportService.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\AVG\AVG9\avgemc.exe
C:\Programmi\AVG\AVG9\avgnsx.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\Salvatore\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Salvatore\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [TurboV] C:\Programmi\ASUS\TurboV\TurboV.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Programmi\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [QFan Help] "C:\Programmi\ASUS\AI Suite\QFan3\QFanHelp.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] "C:\Programmi\ASUS\AI Suite\CpuLevelUpHelp.exe"
O4 - HKLM\..\Run: [Six Engine] "C:\Programmi\ASUS\EPU-6 Engine\SixEngine.exe" -b
O4 - HKLM\..\Run: [nwiz] C:\Programmi\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [EPSON Stylus Photo RX585 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICLE.EXE /FU "C:\WINDOWS\TEMP\E_SC6.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Salvatore\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Programmi\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgwdsvc.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM - C:\ASUS.SYS\config\DVMExportService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8361 bytes

in attesa che arrivi una delle persone da te citate ti consiglio questa scansione,li aiutera' quando entreranno:
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
se trova infezioni posta il log che ti rilascera'.
sarebbe utile conoscere anche il nome ed il percorso delle infezioni che il tuo antivirus ti trova,tra l altro c è una voce nel log che dice che gli manca qualcosa...

ciao pidue,volevo fare trovare qualche informazione aggiuntiva quando entravate...comunque vedo che non ci discostiamo dalla linea di azione,mi fa certamente piacere.

Ecco il log:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versione database: 4304

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/07/2010 13.35.54
mbam-log-2010-07-12 (13-35-54).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi esaminati: 156355
Tempo trascorso: 15 minuti, 57 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 3

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000020040000} (Trojan.Dialer) -> No action taken.

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
C:\Documents and Settings\Salvatore\Impostazioni locali\Temp\update.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Salvatore\Dati applicazioni\Microsoft\a1.7z (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Salvatore\Dati applicazioni\Microsoft\n (Malware.Traces) -> No action taken.

Eccomi amici: come mi hai consigliato Paolopa; ho eliminato ciò che ha trovato malwarebytes e scaricato combofix come da te richiesto. Ho eseguito tutto alla lettera: ecco il report


ComboFix 10-07-11.03 - Salvatore 12/07/2010 14.22.58.2.8 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3062.2620 [GMT 2:00]
Eseguito da: c:\documents and settings\Salvatore\Desktop\ComboFix.exe

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Creati Da 2010-06-12 al 2010-07-12 )))))))))))))))))))))))))))))))))))
.

2010-07-12 06:06 . 2010-07-12 06:06 388096 ----a-r- c:\documents and settings\Salvatore\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-12 06:06 . 2010-07-12 06:06 -------- d-----w- c:\programmi\Trend Micro
2010-07-12 05:36 . 2010-07-12 05:36 -------- d-----w- c:\documents and settings\Salvatore\Dati applicazioni\Malwarebytes
2010-07-12 05:35 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-12 05:35 . 2010-07-12 05:36 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-07-12 05:35 . 2010-07-12 05:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-07-12 05:35 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-11 16:14 . 2010-07-11 16:14 53319 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Temp\{8C20787A-7402-4FA7-BF25-6E5750930FDC}\PostBuild.exe
2010-07-11 09:18 . 2010-07-11 15:32 -------- d-----w- c:\documents and settings\Salvatore\Impostazioni locali\Dati applicazioni\Cyberlink
2010-07-11 09:08 . 2010-07-11 09:24 53319 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2010-07-11 08:51 . 2010-07-11 15:32 -------- d-----w- c:\documents and settings\Salvatore\Dati applicazioni\CyberLink
2010-07-11 08:51 . 2010-07-11 16:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\CyberLink
2010-07-11 08:49 . 2010-07-11 16:21 53319 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Temp\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\PostBuild.exe
2010-07-11 08:49 . 2010-07-11 16:14 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Temp
2010-07-11 07:57 . 2010-07-11 07:57 -------- d-----w- c:\documents and settings\Salvatore\Dati applicazioni\dvdcss
2010-07-10 17:31 . 2010-07-10 17:31 -------- d-----w- c:\programmi\PowerQuest
2010-06-27 07:43 . 2010-06-27 07:43 -------- d-----w- c:\programmi\File comuni\SWF Studio
2010-06-27 07:43 . 2010-06-27 07:43 -------- d-----w- c:\programmi\Riva
2010-06-12 14:32 . 2010-06-12 14:32 -------- d-----w- c:\documents and settings\Salvatore\LocalLow
2010-06-12 14:32 . 2010-06-12 14:32 -------- d-----w- c:\programmi\TVUPlayer
2010-06-12 14:26 . 2010-06-12 14:26 -------- d-----w- c:\documents and settings\Salvatore\Impostazioni locali\Dati applicazioni\TVU Networks
2010-06-12 14:26 . 2010-06-12 14:26 -------- d-----w- c:\documents and settings\Salvatore\Impostazioni locali\Dati applicazioni\LocalLow
2010-06-12 14:26 . 2010-06-12 14:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TVU Networks
2010-06-12 14:26 . 2010-06-12 14:26 -------- d-----w- c:\windows\system32\TVUAx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-12 12:26 . 2010-02-27 13:54 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-07-12 12:26 . 2010-02-27 13:53 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-07-12 11:21 . 2001-08-31 12:00 80490 ----a-w- c:\windows\system32\perfc010.dat
2010-07-12 11:21 . 2001-08-31 12:00 482036 ----a-w- c:\windows\system32\perfh010.dat
2010-07-12 05:27 . 2010-03-02 09:22 -------- d-----w- c:\programmi\uTorrent
2010-07-11 16:22 . 2010-02-24 20:18 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-07-11 16:14 . 2010-01-12 05:48 505128 ----a-w- c:\windows\system32\msvcp71.dll
2010-07-11 16:14 . 2010-01-12 05:48 353576 ----a-w- c:\windows\system32\msvcr71.dll
2010-07-11 15:23 . 2010-03-02 09:20 -------- d-----w- c:\documents and settings\Salvatore\Dati applicazioni\uTorrent
2010-07-11 07:58 . 2010-02-27 17:21 -------- d-----w- c:\documents and settings\Salvatore\Dati applicazioni\vlc
2010-06-26 16:50 . 2010-02-27 14:14 -------- d-----w- c:\programmi\CCleaner
2010-06-21 23:27 . 2010-02-27 14:10 -------- d-----w- c:\documents and settings\Salvatore\Dati applicazioni\Skype
2010-06-21 23:26 . 2010-02-27 14:11 -------- d-----w- c:\documents and settings\Salvatore\Dati applicazioni\skypePM
2010-06-10 21:57 . 2010-02-27 14:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-06-04 14:01 . 2010-03-06 17:00 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-05-26 04:43 . 2010-05-26 04:43 503808 ----a-w- c:\documents and settings\Salvatore\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-20e04cf5-n\msvcp71.dll
2010-05-26 04:43 . 2010-05-26 04:43 499712 ----a-w- c:\documents and settings\Salvatore\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-20e04cf5-n\jmc.dll
2010-05-26 04:43 . 2010-05-26 04:43 348160 ----a-w- c:\documents and settings\Salvatore\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-20e04cf5-n\msvcr71.dll
2010-05-26 04:43 . 2010-05-26 04:43 61440 ----a-w- c:\documents and settings\Salvatore\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-66d94a9f-n\decora-sse.dll
2010-05-26 04:43 . 2010-05-26 04:43 12800 ----a-w- c:\documents and settings\Salvatore\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-66d94a9f-n\decora-d3d.dll
2010-05-06 10:32 . 2008-04-13 17:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:06 . 2008-04-13 16:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-25 10:04 . 2010-04-24 13:37 47360 ----a-w- c:\documents and settings\Salvatore\Dati applicazioni\pcouffin.sys
2010-04-25 10:04 . 2010-04-24 13:37 47360 ----a-w- c:\documents and settings\Salvatore\Dati applicazioni\pcouffin.sys
2010-04-24 17:56 . 2010-04-24 13:37 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-04-20 05:30 . 2008-04-13 17:11 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 21:48 . 2010-04-16 21:48 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-16 20:12 . 2010-04-16 20:12 48464 ----a-w- c:\windows\system32\sirenacm.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-07-12_12.10.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-12 12:26 . 2010-07-12 12:26 16384 c:\windows\Temp\Perflib_Perfdata_578.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"Google Update"="c:\documents and settings\Salvatore\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2010-04-10 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-04-03 17567744]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2009-03-09 36864]
"TurboV"="c:\programmi\ASUS\TurboV\TurboV.exe" [2009-05-25 5391872]
"Ai Nap"="c:\programmi\ASUS\AI Suite\AiNap\AiNap.exe" [2009-05-25 1431040]
"QFan Help"="c:\programmi\ASUS\AI Suite\QFan3\QFanHelp.exe" [2009-04-30 598528]
"Cpu Level Up help"="c:\programmi\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"Six Engine"="c:\programmi\ASUS\EPU-6 Engine\SixEngine.exe" [2009-05-25 6017024]
"nwiz"="c:\programmi\NVIDIA Corporation\nView\nwiz.exe" [2009-09-23 1657448]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"LogitechQuickCamRibbon"="c:\programmi\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\File comuni\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R2 AsSysCtrlService;ASUS System Control Service;c:\programmi\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [24/02/2010 22.34.46 90112]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [18/02/2009 16.31.56 294912]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [24/02/2010 22.19.18 1684736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'

2010-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-839522115-1801674531-1003Core.job
- c:\documents and settings\Salvatore\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-04-10 05:33]

2010-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-839522115-1801674531-1003UA.job
- c:\documents and settings\Salvatore\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-04-10 05:33]

2010-07-12 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-12 14:27
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(5516)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
c:\programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Ora fine scansione: 2010-07-12 14:28:56 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-07-12 12:28

Pre-Run: 197.592.059.904 byte disponibili
Post-Run: 197.594.615.808 byte disponibili

- - End Of File - - F2D6A6C1EE78C7B963459BA3E5A7D3BB

eccomi Paolopa...fatto tutto ti posto il log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16.17.27, on 12/07/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\ASUS.SYS\config\DVMExportService.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\ASUS\TurboV\TurboV.exe
C:\Programmi\ASUS\AI Suite\AiNap\AiNap.exe
C:\Programmi\ASUS\AI Suite\QFan3\QFanHelp.exe
C:\Programmi\ASUS\EPU-6 Engine\SixEngine.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Logitech\Logitech WebCam Software\LWS.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\AVG\AVG9\avgwdsvc.exe
C:\Programmi\AVG\AVG9\avgnsx.exe
C:\Programmi\AVG\AVG9\avgchsvx.exe
C:\Programmi\AVG\AVG9\avgrsx.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\Programmi\AVG\AVG9\avgtray.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe
C:\Documents and Settings\Salvatore\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Salvatore\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [TurboV] C:\Programmi\ASUS\TurboV\TurboV.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Programmi\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [QFan Help] "C:\Programmi\ASUS\AI Suite\QFan3\QFanHelp.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] "C:\Programmi\ASUS\AI Suite\CpuLevelUpHelp.exe"
O4 - HKLM\..\Run: [Six Engine] "C:\Programmi\ASUS\EPU-6 Engine\SixEngine.exe" -b
O4 - HKLM\..\Run: [nwiz] C:\Programmi\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Salvatore\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Programmi\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgwdsvc.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM - C:\ASUS.SYS\config\DVMExportService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7540 bytes

Ok allora aspetto r16 o pidue per consigli. Grazie cmq Paolopa

Ecco il report r16:


ComboFix 10-07-11.03 - Salvatore 12/07/2010 17.15.41.3.8 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3062.2636 [GMT 2:00]
Eseguito da: c:\documents and settings\Salvatore\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Salvatore\Desktop\CFScript.txt

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"c:\windows\system32\drivers\logiflt.iad"
"c:\windows\system32\drivers\lvuvc.hs"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\logiflt.iad
c:\windows\system32\drivers\lvuvc.hs

.
((((((((((((((((((((((((( Files Creati Da 2010-06-12 al 2010-07-12 )))))))))))))))))))))))))))))))))))
.

2010-07-12 13:55 . 2010-07-12 13:55 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2010-07-12 06:06 . 2010-07-12 06:06 388096 ----a-r- c:\documents and settings\Salvatore\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-12 06:06 . 2010-07-12 06:06 -------- d-----w- c:\programmi\Trend Micro
2010-07-12 05:36 . 2010-07-12 05:36 -------- d-----w- c:\documents and settings\Salvatore\Dati applicazioni\Malwarebytes
2010-07-12 05:35 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-12 05:35 . 2010-07-12 05:36 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-07-12 05:35 . 2010-07-12 05:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-07-12 05:35 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-11 16:14 . 2010-07-11 16:14 53319 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Temp\{8C20787A-7402-4FA7-BF25-6E5750930FDC}\PostBuild.exe
2010-07-11 09:18 . 2010-07-11 15:32 -------- d-----w- c:\documents and settings\Salvatore\Impostazioni locali\Dati applicazioni\Cyberlink
2010-07-11 09:08 . 2010-07-11 09:24 53319 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2010-07-11 08:51 . 2010-07-11 15:32 -------- d-----w- c:\documents and settings\Salvatore\Dati applicazioni\CyberLink
2010-07-11 08:51 . 2010-07-11 16:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\CyberLink
2010-07-11 08:49 . 2010-07-11 16:21 53319 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Temp\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\PostBuild.exe
2010-07-11 08:49 . 2010-07-11 16:14 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Temp
2010-07-11 07:57 . 2010-07-11 07:57 -------- d-----w- c:\documents and settings\Salvatore\Dati applicazioni\dvdcss
2010-07-10 17:31 . 2010-07-10 17:31 -------- d-----w- c:\programmi\PowerQuest
2010-06-27 07:43 . 2010-06-27 07:43 -------- d-----w- c:\programmi\File comuni\SWF Studio
2010-06-27 07:43 . 2010-06-27 07:43 -------- d-----w- c:\programmi\Riva

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-12 15:17 . 2001-08-31 12:00 80490 ----a-w- c:\windows\system32\perfc010.dat
2010-07-12 15:17 . 2001-08-31 12:00 482036 ----a-w- c:\windows\system32\perfh010.dat
2010-07-12 05:27 . 2010-03-02 09:22 -------- d-----w- c:\programmi\uTorrent
2010-07-11 16:22 . 2010-02-24 20:18 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-07-11 16:14 . 2010-01-12 05:48 505128 ----a-w- c:\windows\system32\msvcp71.dll
2010-07-11 16:14 . 2010-01-12 05:48 353576 ----a-w- c:\windows\system32\msvcr71.dll
2010-07-11 15:23 . 2010-03-02 09:20 -------- d-----w- c:\documents and settings\Salvatore\Dati applicazioni\uTorrent
2010-07-11 07:58 . 2010-02-27 17:21 -------- d-----w- c:\documents and settings\Salvatore\Dati applicazioni\vlc
2010-06-26 16:50 . 2010-02-27 14:14 -------- d-----w- c:\programmi\CCleaner
2010-06-21 23:27 . 2010-02-27 14:10 -------- d-----w- c:\documents and settings\Salvatore\Dati applicazioni\Skype
2010-06-21 23:26 . 2010-02-27 14:11 -------- d-----w- c:\documents and settings\Salvatore\Dati applicazioni\skypePM
2010-06-12 14:32 . 2010-06-12 14:32 -------- d-----w- c:\programmi\TVUPlayer
2010-06-12 14:26 . 2010-06-12 14:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TVU Networks
2010-06-10 21:57 . 2010-02-27 14:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-06-04 14:01 . 2010-03-06 17:00 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-05-26 04:43 . 2010-05-26 04:43 503808 ----a-w- c:\documents and settings\Salvatore\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-20e04cf5-n\msvcp71.dll
2010-05-26 04:43 . 2010-05-26 04:43 499712 ----a-w- c:\documents and settings\Salvatore\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-20e04cf5-n\jmc.dll
2010-05-26 04:43 . 2010-05-26 04:43 348160 ----a-w- c:\documents and settings\Salvatore\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-20e04cf5-n\msvcr71.dll
2010-05-26 04:43 . 2010-05-26 04:43 61440 ----a-w- c:\documents and settings\Salvatore\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-66d94a9f-n\decora-sse.dll
2010-05-26 04:43 . 2010-05-26 04:43 12800 ----a-w- c:\documents and settings\Salvatore\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-66d94a9f-n\decora-d3d.dll
2010-05-06 10:32 . 2008-04-13 17:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:06 . 2008-04-13 16:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-25 10:04 . 2010-04-24 13:37 47360 ----a-w- c:\documents and settings\Salvatore\Dati applicazioni\pcouffin.sys
2010-04-25 10:04 . 2010-04-24 13:37 47360 ----a-w- c:\documents and settings\Salvatore\Dati applicazioni\pcouffin.sys
2010-04-24 17:56 . 2010-04-24 13:37 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-04-20 05:30 . 2008-04-13 17:11 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 21:48 . 2010-04-16 21:48 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-16 20:12 . 2010-04-16 20:12 48464 ----a-w- c:\windows\system32\sirenacm.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-07-12_12.10.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-12 15:19 . 2010-07-12 15:19 16384 c:\windows\temp\Perflib_Perfdata_568.dat
+ 2001-08-31 12:00 . 2010-07-12 15:17 68292 c:\windows\system32\perfc009.dat
- 2001-08-31 12:00 . 2010-07-12 11:21 68292 c:\windows\system32\perfc009.dat
+ 2010-07-12 15:19 . 2009-10-07 00:47 109080 c:\windows\temp\logishrd\LVPrcInj01.dll
- 2010-07-12 12:09 . 2010-07-12 12:10 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
+ 2001-08-31 12:00 . 2010-07-12 15:17 435396 c:\windows\system32\perfh009.dat
- 2001-08-31 12:00 . 2010-07-12 11:21 435396 c:\windows\system32\perfh009.dat
+ 2009-03-10 21:18 . 2009-06-25 11:20 1485176 c:\windows\system32\LegitCheckControl.DLL
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"Google Update"="c:\documents and settings\Salvatore\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2010-04-10 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-04-03 17567744]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2009-03-09 36864]
"TurboV"="c:\programmi\ASUS\TurboV\TurboV.exe" [2009-05-25 5391872]
"Ai Nap"="c:\programmi\ASUS\AI Suite\AiNap\AiNap.exe" [2009-05-25 1431040]
"QFan Help"="c:\programmi\ASUS\AI Suite\QFan3\QFanHelp.exe" [2009-04-30 598528]
"Cpu Level Up help"="c:\programmi\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"Six Engine"="c:\programmi\ASUS\EPU-6 Engine\SixEngine.exe" [2009-05-25 6017024]
"nwiz"="c:\programmi\NVIDIA Corporation\nView\nwiz.exe" [2009-09-23 1657448]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"LogitechQuickCamRibbon"="c:\programmi\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\File comuni\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"c:\\Programmi\\SopCast\\SopCast.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R2 AsSysCtrlService;ASUS System Control Service;c:\programmi\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [24/02/2010 22.34.46 90112]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [18/02/2009 16.31.56 294912]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [24/02/2010 22.19.18 1684736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'

2010-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-839522115-1801674531-1003Core.job
- c:\documents and settings\Salvatore\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-04-10 05:33]

2010-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-839522115-1801674531-1003UA.job
- c:\documents and settings\Salvatore\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-04-10 05:33]

2010-07-12 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-12 17:20
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(548)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
c:\programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Ora fine scansione: 2010-07-12 17:21:48 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-07-12 15:21
ComboFix2.txt 2010-07-12 12:28

Pre-Run: 196.887.019.520 byte disponibili
Post-Run: 197.093.576.704 byte disponibili

- - End Of File - - 64EBDE62619026B6CD4929A50CB22001

grazie...tutto a posto