Buongiorno forum,
sono qui a chiedere aiuto ai più esperti! :-)
Ho avuto il problema del reindirizzamento di internet su siti pubblicitari... ho letto post di utenti col mio stesso problema e mi sono adoperato per scansionare il pc seguendo le indicazioni degli esperti.
Ora sembra essere risolto... ma vorrei un aiuto per un controllo dei log di MBM e Combofix che vado qui sotto a riportare:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Versione database: 5709

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

08/02/2011 9.55.02
mbam-log-2011-02-08 (09-55-02).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi esaminati: 218420
Tempo trascorso: 29 minuti, 46 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 2

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
d:\system volume information\_restore{d85b8321-76a9-4a37-a14a-e78a55dfc808}\RP115\A0087638.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
d:\system volume information\_restore{d85b8321-76a9-4a37-a14a-e78a55dfc808}\RP117\A0087989.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.


ComboFix 11-02-07.01 - Roby 08/02/2011 10.23.02.1.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1023.693 [GMT 1:00]
Eseguito da: c:\documents and settings\Roby\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-6C25-9E7C08000A00}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Uninstall.ini

.
((((((((((((((((((((((((( Files Creati Da 2011-01-08 al 2011-02-08 )))))))))))))))))))))))))))))))))))
.

2011-05-23 09:11 . 2011-05-23 09:11 -------- d-----w- C:\FOUND.001
2011-02-08 08:22 . 2011-02-08 08:22 -------- d-----w- c:\documents and settings\Roby\Dati applicazioni\Malwarebytes
2011-02-08 08:21 . 2011-02-08 08:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2011-02-07 19:04 . 2011-02-07 19:04 -------- d-----w- c:\windows\system32\wbem\Repository
2011-02-07 19:04 . 2011-02-07 19:04 -------- d-----w- c:\documents and settings\Roby\Impostazioni locali\Dati applicazioni\Sunbelt Software
2011-02-07 11:14 . 2011-02-07 11:14 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2011-02-07 11:14 . 2011-02-07 11:14 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2011-02-07 10:21 . 2011-02-07 10:20 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-02-07 10:11 . 2011-02-07 10:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-01 18:14 . 2011-01-01 18:14 4096 ----a-w- c:\windows\system32\drivers\nocashio.sys
2010-12-11 19:40 . 2010-09-19 13:34 98304 ----a-w- c:\windows\DUMP7762.tmp
2010-12-10 08:10 . 2010-09-19 13:34 98304 ----a-w- c:\windows\DUMP754f.tmp
2010-11-21 10:13 . 2010-09-19 13:34 98304 ----a-w- c:\windows\DUMP77fe.tmp
2010-11-12 17:53 . 2010-09-19 20:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 15:34 . 2010-09-19 20:17 73728 ----a-w- c:\windows\system32\javacpl.cpl
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-03-22 126976]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 110592]
"SoundMan"="SOUNDMAN.EXE" [2005-05-12 77824]
"KTPWare"="c:\programmi\Elantech\ktp.exe" [2005-01-29 253952]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-19 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"BkupTray"="c:\programmi\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-23 34040]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AdobeCS4ServiceManager"="c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2005-04-28 544768]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-08-11 200704]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-03-15 2893824]
"TkBellExe"="c:\programmi\real\realplayer\update\realsched.exe" [2010-10-31 274608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\NewTech Infosystems\\NTI Backup Now 5\\Client\\Agentsvc.exe"=
"c:\\Programmi\\NewTech Infosystems\\NTI Backup Now 5\\BackupSvc.exe"=
"c:\\Programmi\\NewTech Infosystems\\NTI Backup Now 5\\SchedulerSvc.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"4685:TCP"= 4685:TCP:Services
"7870:TCP"= 7870:TCP:Services
"9383:TCP"= 9383:TCP:Services
"9384:TCP"= 9384:TCP:Services

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06/11/2010 14.33.40 691696]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\programmi\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [19/09/2010 17.17.05 16384]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\programmi\Nitro PDF\Professional\NitroPDFDriverService.exe [24/06/2010 13.14.08 196928]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\programmi\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [19/09/2010 17.17.04 50424]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\programmi\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [19/09/2010 17.17.05 131072]
S3 ATICDSDr;ATICDSDr;\??\c:\docume~1\ADMINI~1\IMPOST~1\Temp\ATICDSDr.sys --> c:\docume~1\ADMINI~1\IMPOST~1\Temp\ATICDSDr.sys [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [24/09/2010 15.36.50 114432]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [24/09/2010 15.36.50 100736]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 12:43 451872 ----a-w- c:\programmi\File comuni\LightScribe\LSRunOnce.exe
.
Contenuto della cartella 'Scheduled Tasks'

2013-01-28 c:\windows\Tasks\User_Feed_Synchronization-{DA9FBC04-0B3D-4D25-9D97-4A369BF4B4C0}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]

2011-02-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2414684498-3551868020-3392050009-1004.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-10-20 17:32]

2011-02-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2414684498-3551868020-3392050009-1004.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-10-20 17:32]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://libero.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-IgfxTray - c:\windows\system32\igfxtray.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-08 10:26
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(912)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2011-02-08 10:28:17
ComboFix-quarantined-files.txt 2011-02-08 09:28

Pre-Run: 15.400.697.856 byte disponibili
Post-Run: 16.043.573.248 byte disponibili

- - End Of File - - 4ABEC8D50983B91C27D3768761F009CC

Quancuno può dirmi se è tutto a posto o se ci sono eventuali altre azioni da compiere??
Grazie in anticipo per le risposte!

Saluti

E' tutto a posto.
Disattiva il ripristino configurazione sistema.
Riavvia il pc, e lo riattivi.