Ciao.
Oltre a eliminare le voci che ti ha consigliato il Boss, elimina anche questa:
O4 - HKCU\..\Run: [mskuw] "c:\users\administrator\appdata\local\mskuw.exe" mskuw
Poi, trova e cancella i file in rosso:
c:\users\administrator\appdata\local\mskuw.exe
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Riavvia il computer.

Ciao.
Che bello....è stato sostituito da un'altro.
Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.

Disinstalla combofix in questo modo: (dopo che avrò visto il log)
Start
Esegui
nella finestra di dialogo, copia ed incolla questo comando: Combofix /u e premi Invio poi cancella le cartelle in "C" di combofix (qoobox)

Poi posta un nuovo log di HJT.

scusate ma cosa vuol dire hai ancora il navipromo??

ComboFix 09-05-19.08 - Administrator 20/05/2009 19.24.26.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.39.1040.18.3326.2292 [GMT 2:00]
Eseguito da: c:\users\Administrator\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Kaspersky Anti-Virus *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\ADMINI~1\AppData\Local\kcewq.dat
c:\users\ADMINI~1\AppData\Local\kcewq.exe
c:\users\ADMINI~1\AppData\Local\kcewq_nav.dat
c:\users\ADMINI~1\AppData\Local\kcewq_navps.dat
c:\users\ADMINI~1\AppData\Roaming\inst.exe
c:\users\Administrator\AppData\Local\kcewq.dat
c:\users\Administrator\AppData\Local\kcewq.exe
c:\users\Administrator\AppData\Local\kcewq_nav.dat
c:\users\Administrator\AppData\Local\kcewq_navps.dat
c:\users\Administrator\AppData\Roaming\inst.exe

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Boonty Games


((((((((((((((((((((((((( Files Creati Da 2009-04-20 al 2009-05-20 )))))))))))))))))))))))))))))))))))
.

2009-05-18 07:58 . 2009-05-18 07:58 -------- d-----w c:\program files\Trend Micro
2009-05-14 15:11 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-14 15:11 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-14 15:11 . 2009-05-14 15:15 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-02 16:31 . 2009-05-20 16:51 -------- d-----w c:\users\Administrator\Tracing
2009-05-02 14:07 . 2009-05-02 14:07 -------- d-----w c:\program files\SimBin
2009-04-30 10:36 . 2009-04-30 10:36 -------- d-----w c:\program files\GUT(x eliminare the sims 2 -collector)
2009-04-30 10:05 . 2009-04-30 10:33 -------- d-----w c:\program files\THE SIMS 2 - COLLECTOR
2009-04-30 09:29 . 2009-04-30 09:29 -------- d-----w c:\users\Administrator\{9956cf00-cd09-44e7-8e5e-20ba7d1ab8ab}
2009-04-30 08:52 . 1998-06-17 16:08 57344 ----a-w c:\windows\system32\Mfc42loc.dll
2009-04-30 08:52 . 2004-04-23 12:23 2506752 ----a-w c:\windows\system32\LWCtPl.dll
2009-04-30 08:52 . 2004-04-14 09:08 21280 ----a-w c:\windows\system32\drivers\WmFilter.sys
2009-04-30 08:52 . 2000-11-28 09:35 27388 ----a-w c:\windows\system32\drivers\ihidfilt.sys
2009-04-30 08:52 . 2004-04-23 12:26 17344 ----a-w c:\windows\system32\drivers\LHidHi.sys
2009-04-30 08:52 . 2004-04-23 12:26 10432 ----a-w c:\windows\system32\drivers\LUsbSys.sys
2009-04-30 08:52 . 2004-04-23 12:26 13888 ----a-w c:\windows\system32\drivers\LHidLo.sys
2009-04-30 08:52 . 2004-04-23 12:25 86016 ----a-w c:\windows\system32\W9xDAPI.dll
2009-04-30 08:52 . 2004-04-23 12:24 356352 ----a-w c:\windows\system32\WMWizard.dll
2009-04-30 08:52 . 2004-04-23 12:24 61440 ----a-w c:\windows\system32\W9XdInst.dll
2009-04-30 08:52 . 2004-04-14 08:54 163840 ----a-w c:\windows\system32\WmJoyFrc.dll
2009-04-30 08:52 . 2004-04-23 12:26 33216 ----a-w c:\windows\system32\LFLoad.sys
2009-04-28 07:19 . 2009-04-28 07:19 -------- d-----w c:\program files\DAEMON Tools Lite

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-20 17:27 . 2009-02-12 20:16 761888 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-20 17:27 . 2009-02-12 20:16 6680608 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-20 17:27 . 2009-02-12 20:16 5780 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-20 17:27 . 2009-02-12 20:16 55368 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-20 15:53 . 2009-01-19 15:22 96 ----a-w c:\users\Administrator\AppData\Local\kkkso.bat
2009-05-20 15:53 . 2009-01-19 15:22 96 ----a-w c:\users\ADMINI~1\AppData\Local\kkkso.bat
2009-05-20 14:27 . 2009-02-12 20:16 94643 ----a-w c:\windows\system32\drivers\klick.dat
2009-05-20 14:27 . 2009-02-12 20:16 105395 ----a-w c:\windows\system32\drivers\klin.dat
2009-05-16 20:19 . 2006-11-06 01:51 662608 ----a-w c:\windows\system32\perfh010.dat
2009-05-16 20:19 . 2006-11-06 01:51 120120 ----a-w c:\windows\system32\perfc010.dat
2009-05-13 12:50 . 2008-11-23 20:38 -------- d-----w c:\program files\Google
2009-05-13 12:07 . 2008-11-22 10:44 131624 ----a-w c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-13 12:07 . 2008-11-22 10:44 131624 ----a-w c:\users\ADMINI~1\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-13 06:19 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-30 09:21 . 2008-11-24 18:53 -------- d-----w c:\program files\Logitech
2009-04-30 09:21 . 2008-11-22 13:26 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-30 08:52 . 2008-11-24 18:53 -------- d-----w c:\program files\Common Files\Logitech
2009-04-29 06:32 . 2008-11-22 15:42 -------- d-----w c:\program files\Microsoft Works
2009-04-28 07:13 . 2009-01-03 09:30 721904 ----a-w c:\windows\system32\drivers\sptd.sys
2009-04-25 17:17 . 2009-04-08 19:38 608 ----a-w c:\windows\eReg.dat
2009-04-24 17:00 . 2008-11-22 16:17 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-04-19 09:50 . 2009-04-19 09:50 -------- d-----w c:\program files\eMule
2009-04-18 09:37 . 2009-04-18 09:37 -------- d-----w c:\program files\CCleaner
2009-03-25 15:50 . 2009-02-28 16:36 -------- d-----w c:\program files\Java
2009-03-22 10:16 . 2009-03-22 10:16 -------- d-----w c:\program files\VS Revo Group
2009-03-17 03:38 . 2009-04-15 06:13 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 06:13 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-09 04:19 . 2009-02-28 16:36 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 11:34 . 2009-03-21 15:35 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-03-21 15:35 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-03-21 15:36 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-03-21 15:35 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-03-21 15:35 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-03-21 15:35 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-03-21 15:35 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-03-21 15:35 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-03-21 15:35 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-03-21 15:35 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-03-21 15:36 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-03-21 15:35 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-03-21 15:35 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-03-21 15:35 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-03-21 15:36 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-03-21 15:36 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-03-21 15:35 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-03-21 15:36 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-03 04:46 . 2009-04-15 06:13 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 06:13 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-15 06:13 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 06:13 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 06:13 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 06:13 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 06:13 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-15 06:13 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 06:13 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 06:13 17408 ----a-w c:\windows\system32\iashost.exe
2008-11-22 11:35 . 2006-11-02 12:49 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-03-11 206088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-08-12 6265376]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080]

c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-1-7 692224]

c:\users\ADMINI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll,c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0FF63A33-267F-4D9A-A37A-A24D663CEDB0}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4AE48E27-C5C5-4243-A6EA-B19184A9430D}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{6CF48FD7-97FF-41C6-A203-D3173429E8AE}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{5D89B7E3-4C84-4849-939C-8E29AB447050}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1771F8A4-11BD-47E0-807D-C8DB6DC68077}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{35417CC1-6C23-4621-9742-1994CAC3BD42}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{D357915E-E980-41A3-89B4-7DFD349F952D}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{91D4A2BF-5099-4A76-B097-6DB2FE345534}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{CDF2D4FF-17A6-4222-8D75-5A0CD65DE619}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{5E7A51D4-1629-42AE-8732-05E4908A9544}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi
"{B1E54B4F-2DC3-4C04-AAFF-4E229D11EFBE}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi
"TCP Query User{C4D71BF1-AC6B-423A-9622-B7E6EECB31D4}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{DD3A48DA-5943-4718-AE38-EAE8F0675F7F}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{B2956E72-6932-4CCA-B938-36AB3669ED70}c:\\program files\\sega\\iron man\\ironman.exe"= UDP:c:\program files\sega\iron man\ironman.exe:A2M Game Engine
"UDP Query User{7176104F-F981-4D34-9101-6A162D4E00B1}c:\\program files\\sega\\iron man\\ironman.exe"= TCP:c:\program files\sega\iron man\ironman.exe:A2M Game Engine
"TCP Query User{871948A0-808B-4857-AF4B-81FA3521CBBE}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{7DAF3094-A1DE-4426-B0DF-D800917E5D9A}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{AF508883-5961-45BF-84F0-C331ADEBD840}"= UDP:6823:emule
"{A1BE8321-3923-4CF4-9C05-9D49FB6C7E3B}"= TCP:6795:emule
"{B04FDDA4-165B-4189-AEF2-FBABB3C84D45}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{93C57012-425A-414A-8726-6FE7AA129DD1}c:\\users\\administrator\\desktop\\skype.exe"= UDP:c:\users\administrator\desktop\skype.exe:skype.exe
"UDP Query User{18EEF0F2-1301-422F-99A1-89B01736751C}c:\\users\\administrator\\desktop\\skype.exe"= TCP:c:\users\administrator\desktop\skype.exe:skype.exe
"TCP Query User{319AE597-E256-4157-A99A-04A5F46C3878}c:\\program files\\pinnacle\\studio 12\\programs\\studio.exe"= UDP:c:\program files\pinnacle\studio 12\programs\studio.exe:Studio program file
"UDP Query User{E462BAF6-CC27-426E-9ADA-DD12170AD541}c:\\program files\\pinnacle\\studio 12\\programs\\studio.exe"= TCP:c:\program files\pinnacle\studio 12\programs\studio.exe:Studio program file
"{A3B4D043-4CC1-45A1-AE1E-DD424D09CF09}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{30A75A93-46F9-4A4F-97FE-BC67D36004DB}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"{0F8AD4CB-3C10-47C5-ABB8-EC3BDBB62128}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{4F8C0703-6488-4DA5-9D97-3E84943D51E2}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{7781D5EE-6A71-4041-85DE-457A149795BA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{694DCF6E-BA3A-43C3-86B9-5C54EFC1916B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{97AFD15F-D00E-489F-9CDB-E8BC0755B1F0}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F5B74507-CF39-4947-8CC5-53816878BC3E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{FAF1E11E-55EC-4150-8498-F45027F2B985}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{68FE31EF-5D2C-4A18-A847-9583AAFBCA62}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{445AB94D-0DE8-4AF0-B85A-7AA7A9745420}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{09E59E11-7078-4EE0-B3FF-153C86176B63}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{92CB4DD6-5281-4ABF-83E4-C2605FBB6903}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4E496BAF-9FBF-4BDA-8B7D-6B8BBB63B1B3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4E36CCF3-2D08-4003-8AEA-E27EEB4D2395}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C9940C17-BD07-4ED4-8529-CAFA7098677B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C1ADF28B-202D-47C7-A41F-E3661C2AF900}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4BB018AB-CAA2-4D78-9751-3240D67DE0A4}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{1B7AB81D-BFF7-41FD-BCB6-AB44715FEAFF}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E35ED1C1-74D4-48CF-AF17-588AE11A428A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E9D1D537-A70A-41F5-9BA5-E41EF2463ED1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CB2BBC1A-F757-4EAE-8CD1-C9640E3C874F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{31E7E0EE-5C5B-425A-86CC-B5F422F47CD7}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{68F5DEB8-35F2-458E-9986-7014BBD4437B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{654803B2-44A1-466C-A59C-08492EA6CDB1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0AC146BD-592C-4D95-9CA7-C027F3043D5E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{1110F523-211F-4C3D-8025-AF5EF0D0005E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A7F18CB8-C4ED-4CAF-8C0A-64BB1D3E6CA5}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{58764C3D-1D8F-4BFD-900D-65C559C8955D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3BB8AB4F-3C7A-450E-92F0-3F7C4ACFACA0}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{FD446CF5-5598-4144-A809-59588C2EB960}"= c:\program files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [29/01/2008 19.29.38 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [09/07/2008 18.28.26 20496]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\System32\drivers\l160x86.sys [12/11/2008 15.42.00 46592]
S2 gupdate1c9d3b6879760c6;Google Update Service (gupdate1c9d3b6879760c6);c:\program files\Google\Update\GoogleUpdate.exe [13/05/2009 12.35.15 133104]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
rsmsvcs REG_MULTI_SZ ntmssvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-kcewq - c:\users\administrator\appdata\local\kcewq.exe


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mStart Page = about:blank
IE: &Point&&Go - c:\program files\Common Files\Expert System\PGPlatform\PGPlatform.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-20 19:28
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3a,b1,04,ac,18,58,ad,4c,83,14,29,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3a,b1,04,ac,18,58,ad,4c,83,14,29,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3c,1b,cb,bf,41,fc,a2,44,ad,06,73,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3c,1b,cb,bf,41,fc,a2,44,ad,06,73,\

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="avifile"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dvr-ms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP.DVR-MSFile"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="jpegfile"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M3U"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="NeroShowTime.Files9.m4a"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="MP3File"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.VOB\UserChoice]
@Denied: (2) (Administrator)
"Progid"="NeroShowTime.Files9.vob"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"

[HKEY_USERS\S-1-5-21-715874276-2297462028-3625504099-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,d2,55,3f,ca,22,
43,f1,72,c8,28,51,af,b0,29,a3,98,3e,af,63,4b,26,6b,a3,5d,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,79,1d,13,47,2d,
86,02,f7,71,3b,04,66,8b,46,0d,96,71,ba,ce,41,24,fc,b2,ec,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,4a,cf,60,0a,18,
b9,3d,b1,25,da,ec,7e,55,20,c9,26,29,d3,de,f6,e4,e5,15,ac,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,21,da,8c,00,42,
70,0f,cb,3e,1e,9e,e0,57,5a,93,61,b3,b5,c6,12,17,25,0c,38,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,78,07,ac,28,64,
09,fb,26,cd,44,cd,b9,a6,33,6c,cd,c4,46,a4,e4,85,89,f3,22,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,09,d2,bb,96,15,
09,17,26,b0,18,ed,a7,3f,8d,37,a4,4e,4b,b5,38,90,ec,87,63,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,64,f1,8b,0e,aa,
11,e9,8b,31,77,e1,ba,b1,f8,68,02,9b,09,be,b7,b2,db,2a,89,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,55,1e,d7,74,6f,
7d,8a,19,83,6c,56,8b,a0,85,96,ab,70,b4,84,1b,a2,5f,15,ea,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,92,9f,f1,42,35,
59,3a,f7,51,fa,6e,91,28,9e,14,cc,de,d1,41,a0,c4,42,59,28,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,9c,86,b8,08,a6,
b4,62,49,b1,cd,45,5a,a8,c4,f8,b9,56,25,c7,96,b8,08,13,a9,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,50,d9,3e,12,6a,
b9,4c,b7,e3,0e,66,d5,eb,bc,2f,6b,c0,47,62,f7,d1,20,4e,e9,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,8c,34,48,03,58,
c2,65,ea,fa,ea,66,7f,d4,3b,6b,70,c6,09,64,e1,b1,18,10,6f,6c,43,2d,1e,aa,22,\
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'Explorer.exe'(2484)
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\conime.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\wbem\unsecapp.exe
.
**************************************************************************
.
Ora fine scansione: 2009-05-20 19.31.31 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-05-20 17:31

Pre-Run: 108.137.369.600 byte disponibili
Post-Run: 107.705.798.656 byte disponibili

467 --- E O F --- 2009-05-18 19:08
Ciao spero questo ti possa aiutare .GRAZIE

si, perchè combofix ha levato i file infetti

Ciao.
Esegui queste operazioni:
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Poi:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp. (non eliminare la cartella)
Lancia Hijackthis e pulisci gli ADS in questo modo:(esclusivamente, su partizioni in NTFS):
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan
se venissero rilevati ADS, spunta tutte le caselline e clicca su Remove selected
Posta un log aggiornato di HJT.
NB:
Non eseguire lo svuotamento della cartella Prefetch

poi scusa x lanciare Hijackthis devo cliccare sulla prima scritta in alto(Do a system scan and save a logfile) o altro.Perchè se vado direttamente sulla voce (Open the misc tool section)non mi lascia cliccare.

si sono 2 ,ambedue con392KB eal loro interno stesse cose identiche

ok ma non me li fà eliminare tutti ,esempio questo(DF8CCA.tmp) ed altri con stessa dicitura e mi dice che per eseguire l'operazione è necessaria l'autorizzazione

non è che devo disinstallare combofix?? perchè quelle voci sono dellascansione di oggi.