Prova a seguie il consiglio di monsee.

Poi,come "rampa di lancio" potresti:

1.Scarica HijackThis da qui: http://software.aiutamici.com/software?ID=11175
2.Segui bene le istruzioni che ci sono nel link che ti ho postato
3.Posta qui il log che rilascia.

---

segui bene queste istruzioni:

1.Disabilita il U.A.C. http://blog.aiutamici.com/post/2009/04/22/Disattivare-lUAC-in-Windows-Vista.aspx
2.Installa Malwarebytes' (sulla scheda ci sono tutte le istruzioni): http://software.aiutamici.com/software?ID=80346
3.Lo avvi come Amministratore (Tasto destro sull'icona di malwarebytes', Esegui come amministratore)
4.Aggiornalo
5.Esegui la scansione COMPLETA del tuo sistema
6.Se rileva qualcosa NON ELIMINARE NULLA ma posta qui il log che rilascerà

Intanto esegui la scansione NON con il tuo antivirus, ma bensì con malwarebytes, ci sono tutte le istruzioni nel mio post.

Esegui tutto in modalità normale. Per andare in provvisoria, subito dopo il caricamento del bios, e prima del caricamento del S.O. devi premere il tasto F8

Vediamo se malwarebytes rileva qualcosa..in caso contrario bisogna provare con Gmer o Combofix...in quel caso affido tutto ai più esperti.

Si fai tranquillo nell'ordine che vuoi, ma fai però!!

Acci....ha vista


combofix eseguilo così: clic destro sulla sua icona, esegui come amministratore.

Prima disabilita il U.A.C

e questo il report di combofix

ComboFix 09-08-24.06 - Utente 25/08/2009 17.33.04.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.2046.1166 [GMT 2:00]
Eseguito da: c:\users\Utente\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
c:\windows\Installer\RefA524.msi
c:\windows\system\svhost.exe
c:\windows\system32\config\systemprofile\ntuser.dat{c92be680-c7c0-11dc-8ff1-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
c:\windows\System32\Desktop_.ini
c:\windows\system32\drivers\sysdrv32.sys
c:\windows\system32\msvcrt2.dll
c:\windows\system32\sysmgr.exe
c:\users\Utente\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms . . . . Eliminazione Fallita
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms . . . . Eliminazione Fallita
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms . . . . Eliminazione Fallita

.
((((((((((((((((((((((((( Files Creati Da 2009-07-25 al 2009-08-25 )))))))))))))))))))))))))))))))))))
.

2009-08-25 15:40 . 2009-08-25 15:42 -------- d-----w- c:\users\Utente\AppData\Local\temp
2009-08-25 15:40 . 2009-08-25 15:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-25 14:39 . 2009-08-25 14:39 -------- d-----w- c:\users\Utente\AppData\Roaming\Malwarebytes
2009-08-25 14:39 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-25 14:39 . 2009-08-25 14:39 -------- d-----w- c:\programdata\Malwarebytes
2009-08-25 14:39 . 2009-08-25 14:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-25 14:39 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-25 07:30 . 2009-08-25 07:30 31744 --sh--r- c:\windows\system\winmsgi.exe
2009-08-20 12:29 . 2009-08-20 12:34 -------- d-----w- c:\users\Utente\AppData\Roaming\avidemux
2009-08-20 12:28 . 2009-08-20 13:39 -------- d-----w- c:\program files\Avidemux 2.5
2009-08-19 18:31 . 2009-08-25 14:06 -------- d-----w- c:\users\Utente\Tracing
2009-08-19 18:29 . 2009-08-19 18:29 -------- d-----w- c:\program files\Microsoft
2009-08-19 18:29 . 2009-08-19 18:29 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-08-19 18:29 . 2009-08-19 18:29 -------- d-----w- c:\program files\Windows Live
2009-08-19 18:28 . 2009-08-19 18:28 -------- d-----w- c:\windows\PCHEALTH
2009-08-19 18:16 . 2009-08-19 18:16 -------- d-----w- c:\program files\Common Files\Windows Live
2009-08-19 08:58 . 2009-08-20 10:47 -------- d-----w- c:\users\Utente\fumetti
2009-08-19 08:56 . 2009-08-19 08:56 -------- d-----w- c:\program files\CDisplay
2009-08-17 18:35 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-17 18:35 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-17 18:35 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-17 18:35 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-17 18:35 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-17 18:35 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-17 18:35 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-17 18:35 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-17 18:31 . 2009-07-17 13:54 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-17 18:31 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-17 18:31 . 2009-06-04 12:07 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-17 18:31 . 2009-06-10 11:38 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-17 18:30 . 2009-07-15 12:39 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-17 18:30 . 2009-07-15 12:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-17 18:30 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-17 18:30 . 2009-07-15 12:40 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-04 20:44 . 2009-08-04 20:44 -------- d-----w- c:\program files\IZArc
2009-08-04 15:09 . 2009-08-04 16:06 -------- d-----w- c:\users\Utente\JDownloader 0.6.193
2009-08-03 08:58 . 2009-08-03 09:11 -------- d-----w- c:\users\Utente\Vdownloader
2009-08-03 08:58 . 2009-08-03 08:58 -------- d-----w- c:\users\Utente\AppData\Local\vdownloader
2009-08-03 08:57 . 2009-08-03 08:57 -------- d-----w- c:\program files\VDOWNLOADER
2009-08-01 20:42 . 2009-08-01 20:42 -------- d-----w- c:\users\Utente\AppData\Roaming\Systenance
2009-08-01 20:41 . 2009-08-01 20:42 -------- d-----w- c:\program files\Index.dat Analyzer
2009-08-01 20:34 . 2009-08-01 20:34 -------- d-----w- c:\program files\MRU-Blaster
2009-08-01 20:18 . 2009-08-01 20:20 -------- d-----w- c:\program files\Disk Cleaner
2009-07-28 11:04 . 2009-07-28 11:05 -------- d-----w- c:\program files\Crawler
2009-07-28 11:04 . 2009-07-28 11:04 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2009-07-28 11:04 . 2009-07-28 11:04 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2009-07-28 11:04 . 2009-07-28 11:04 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-07-28 11:04 . 2009-08-25 14:31 -------- d-----w- c:\users\Utente\AppData\Roaming\Spyware Terminator
2009-07-28 11:04 . 2009-08-25 14:11 -------- d-----w- c:\programdata\Spyware Terminator
2009-07-28 11:04 . 2009-08-25 14:31 -------- d-----w- c:\program files\Spyware Terminator
2009-07-27 20:21 . 2009-07-30 18:58 -------- d-----w- c:\users\Utente\AppData\Roaming\dvdcss

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-25 14:11 . 2008-01-21 06:30 662846 ----a-w- c:\windows\system32\perfh010.dat
2009-08-25 14:11 . 2008-01-21 06:30 120326 ----a-w- c:\windows\system32\perfc010.dat
2009-08-25 07:44 . 2009-07-14 15:29 1 ----a-w- c:\users\Utente\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-08-23 12:42 . 2009-07-24 08:43 -------- d-----w- c:\users\Utente\AppData\Roaming\vlc
2009-08-17 18:37 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-17 18:33 . 2009-07-14 14:55 -------- d-----w- c:\program files\Java
2009-08-01 16:21 . 2009-07-23 15:48 -------- d-----w- c:\program files\SpywareBlaster
2009-08-01 15:19 . 2009-07-24 17:43 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-25 03:23 . 2009-07-14 14:55 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-23 13:40 . 2009-07-23 13:40 629072 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-23 13:40 . 2009-07-23 13:40 520024 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-23 13:40 . 2009-07-23 13:40 1029456 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-07-23 13:37 . 2009-07-23 10:42 -------- dc-h--w- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-07-23 13:37 . 2009-07-23 13:37 -------- d-----w- c:\program files\Lavasoft
2009-07-23 08:41 . 2009-07-23 08:41 0 ----a-w- c:\windows\nsreg.dat
2009-07-23 07:56 . 2009-07-14 15:25 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-23 07:56 . 2009-07-14 15:25 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-23 07:56 . 2009-07-14 15:25 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-23 07:56 . 2009-07-14 15:25 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-21 21:52 . 2009-07-29 08:29 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 08:29 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 08:29 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 08:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-21 20:05 . 2009-07-21 20:05 -------- d-----w- c:\programdata\Macrium
2009-07-21 19:34 . 2009-07-21 19:34 43646 ----a-r- c:\users\Utente\AppData\Roaming\Microsoft\Installer\{3BAD2D97-4900-4014-A2F5-B549802CEEE2}\_DD40D204F74587FE3F9B05.exe
2009-07-21 19:34 . 2009-07-21 19:34 43646 ----a-r- c:\users\Utente\AppData\Roaming\Microsoft\Installer\{3BAD2D97-4900-4014-A2F5-B549802CEEE2}\_D707CE1C009F1381803C2C.exe
2009-07-21 19:34 . 2009-07-21 19:34 43646 ----a-r- c:\users\Utente\AppData\Roaming\Microsoft\Installer\{3BAD2D97-4900-4014-A2F5-B549802CEEE2}\_21F3885A18D238E15AAE81.exe
2009-07-21 19:34 . 2009-07-21 19:34 43646 ----a-r- c:\users\Utente\AppData\Roaming\Microsoft\Installer\{3BAD2D97-4900-4014-A2F5-B549802CEEE2}\_1A755B1E5FC9C78C27FDD0.exe
2009-07-21 19:34 . 2009-07-21 19:34 29926 ----a-r- c:\users\Utente\AppData\Roaming\Microsoft\Installer\{3BAD2D97-4900-4014-A2F5-B549802CEEE2}\_F981D78D294B92C2276660.exe
2009-07-21 19:34 . 2009-07-21 19:34 109534 ----a-r- c:\users\Utente\AppData\Roaming\Microsoft\Installer\{3BAD2D97-4900-4014-A2F5-B549802CEEE2}\_6FEFF9B68218417F98F549.exe
2009-07-21 19:34 . 2009-07-21 19:34 -------- d-----w- c:\program files\Macrium
2009-07-14 15:29 . 2009-07-14 15:29 -------- d-----w- c:\users\Utente\AppData\Roaming\OpenOffice.org
2009-07-14 15:25 . 2009-07-14 15:25 -------- d-----w- c:\programdata\avg8
2009-07-14 15:25 . 2009-07-14 15:25 -------- d-----w- c:\program files\AVG
2009-07-14 15:20 . 2009-07-14 15:20 -------- d-----w- c:\program files\VideoLAN
2009-07-14 15:10 . 2009-07-13 16:49 52776 ----a-w- c:\users\Utente\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-14 15:03 . 2009-07-14 08:45 356352 ----a-w- c:\windows\system32\nvusmu.exe
2009-07-14 15:03 . 2009-07-14 08:45 356352 ----a-w- c:\windows\system32\nvusmb.exe
2009-07-14 14:56 . 2009-07-14 14:56 -------- d-----w- c:\program files\JRE
2009-07-14 14:56 . 2009-07-14 14:55 -------- d-----w- c:\program files\OpenOffice.org 3
2009-07-14 14:42 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-07-14 14:42 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-07-14 14:42 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-07-14 14:42 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-07-14 14:42 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-14 14:42 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-07-14 14:41 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-14 14:11 . 2009-07-14 14:09 -------- d-----w- c:\program files\WebCam_Bison
2009-07-14 10:22 . 2009-07-14 08:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-14 09:59 . 2009-07-14 09:59 -------- d-----w- c:\program files\ACER Crystal Eye webcam
2009-07-14 09:59 . 2009-07-14 09:59 -------- d-----w- c:\program files\SUYIN
2009-07-14 09:18 . 2009-07-14 14:09 94208 ----a-w- c:\users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LiveCa07.exe
2009-07-14 09:07 . 2009-07-14 09:07 -------- d-----w- c:\program files\Atheros
2009-07-14 09:06 . 2009-07-14 09:06 -------- d-----w- c:\programdata\Atheros
2009-07-14 08:55 . 2007-06-06 14:07 521128 ----a-w- c:\windows\system32\dpinst.exe
2009-07-14 08:55 . 2009-07-13 16:48 680 ----a-w- c:\users\Utente\AppData\Local\d3d9caps.dat
2009-07-14 08:49 . 2007-05-16 18:47 32256 ----a-w- c:\windows\system32\drivers\enecir.sys
2009-07-14 08:44 . 2009-07-14 08:44 -------- d-----w- c:\users\Utente\AppData\Roaming\InstallShield
2009-07-14 08:44 . 2007-02-16 06:50 12032 ----a-w- c:\windows\system32\drivers\nvsmu.sys
2009-07-14 08:09 . 2009-07-14 08:09 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-07-13 16:46 . 2009-07-13 16:46 -------- d-sh--we c:\programdata\Preferiti
2009-07-13 16:46 . 2009-07-13 16:46 -------- d-sh--we c:\programdata\Modelli
2009-07-13 16:46 . 2009-07-13 16:46 -------- d-sh--we c:\programdata\Menu Avvio
2009-07-13 16:46 . 2009-07-13 16:46 -------- d-sh--we c:\programdata\Documenti
2009-07-13 16:46 . 2009-07-13 16:46 -------- d-sh--we c:\programdata\Dati applicazioni
2009-07-13 16:46 . 2009-07-13 16:46 -------- d-sh--we c:\program files\File comuni
2009-06-15 14:53 . 2009-07-23 07:23 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 14:52 . 2009-07-23 07:23 23552 ----a-w- c:\windows\system32\lpk.dll
2009-06-15 14:52 . 2009-07-23 07:23 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 14:51 . 2009-07-23 07:23 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:42 . 2009-07-23 07:23 289792 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2009-07-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 81920]
"BisonInst0402"="c:\windows\BR040286.exe" [2007-05-08 53248]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-23 1948440]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-23 520024]
"SpywareTerminator"="c:\progra~1\SPYWAR~2\SpywareTerminatorShield.exe" [2009-07-28 2173440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2009-07-14 4669440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):bb,fb,d9,fd,91,04,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3346377194-755055378-3928833318-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 1 (0x1)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1A3911F9-61BD-405F-8854-3EA34F216CA2}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{B2251212-711F-46D1-A7A4-254ECF2A01FB}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{DA40014E-7721-4E3D-971C-0D225F56E658}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"TCP Query User{5D1B90FE-8B80-488D-B465-9E04A7603A74}c:\\program files\\spyware terminator\\spywareterminatorupdate.exe"= UDP:c:\program files\spyware terminator\spywareterminatorupdate.exe:Crawler Spyware Terminator
"UDP Query User{FE41C17A-C8E3-45C9-9D3C-E1FB4DB08340}c:\\program files\\spyware terminator\\spywareterminatorupdate.exe"= TCP:c:\program files\spyware terminator\spywareterminatorupdate.exe:Crawler Spyware Terminator
"TCP Query User{CCF78FC4-EA55-4704-BEC5-A742C78E56D5}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{7648FB82-A8BE-4EE9-9ABF-812596D32E15}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{FAC66035-5272-4E26-AE67-4CB47AB08FA8}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{5A771043-70FF-4765-AD79-AF13386A9689}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{27701E1F-8608-43BE-ABEA-05EC42908D99}c:\\windows\\system\\svhost.exe"= UDP:c:\windows\system\svhost.exe:svhost
"UDP Query User{EB203E1D-CF15-474A-9C9A-F57DB6752CCD}c:\\windows\\system\\svhost.exe"= TCP:c:\windows\system\svhost.exe:svhost

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [23/07/2009 15.41.38 64160]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\System32\drivers\pssnap.sys [20/05/2008 8.32.40 15328]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [14/07/2009 17.25.24 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [14/07/2009 17.25.35 108552]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [28/07/2009 13.04.50 142592]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [23/07/2009 9.56.24 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [23/07/2009 9.56.25 298776]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [06/08/2008 11.34.02 216032]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [16/05/2007 20.47.44 32256]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23.34.37 1029456]
S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\System32\drivers\psmounter.sys [08/07/2008 12.39.28 31712]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-07-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 13:41]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-Microsoft(R) System Manager - c:\windows\system32\sysmgr.exe
SafeBoot-SVCWINSPOOL


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\ono2dfwl.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-25 17:42
Windows 6.0.6002 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\System32\rundll32.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\Spyware Terminator\SpywareTerminatorShield.Exe
c:\windows\System32\rundll32.exe
c:\users\Utente\AppData\Local\temp\RtkBtMnt.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Ora fine scansione: 2009-08-25 17.47.16 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-08-25 15:47

Pre-Run: 135.435.124.736 byte disponibili
Post-Run: 135.396.405.248 byte disponibili

312 --- E O F --- 2009-08-17 18:39


devo riportare anche quello di HijackThis o basta così?

Stamattina all'avvio del computer avg non mi ha comunicato nessuna infezione,comunque ho fatto una scansione con avg che però s'è interrotta :
sono usciti fuori alcuni cooki ed un trojan C:\Windows\system\winmsgi.exe.
Adesso ripeto la scansione sperando che non s'interrompa e poi passo a HijackThis.

Si tratta sempre della stessa infezione (che, evidentemente, Prevx non è riuscito a eradicar completamente), come vien confermato QUI.
Perché si è interrotta, la scansione di AVG?

Che è MOOOOOLTO -perdona se le "O" sono poche!- incompleto (insomma, così com'è, mi sa che se ne cava poco): rifallo (in Modalità Normale, ovviamente) e postalo PER INTERO.
Che -io personalmente- nutro una vera e propria allergia per la Crawler Tolbar (che è parte [non-integrante] di Spyware Terminator, ma che io eviterei comunque di installare [la Crawler Toolbar, NON Spyware Terminator])...
E che c'è una voce (che afferisce a un file perduto appartenente a Spybot), che si può tranquillamente "fixare", ma che -da sola- non ti risolverà certo i problemi...
Son sicuro che, comunque, l'ottimo r16 saprà capirci più di me....