Ciao a tutti mi potete controllare il log di hijack.... perchè c'erano un paio di virus e trojan sul computer e dopo avere fatto un paio di scansioni con Avira, Malwarebytes, Trojan Remover e Spy Bot credo di averli tolti .... Potete controllare se vi sono rimaste delle tracce... Vi ringrazio anticipatamente x l'aiuto.... grazie

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.44.05, on 21/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\COMODO\Firewall\cfp.exe
C:\WINDOWS\vVX6000.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
D:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
D:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Microsoft LifeCam\MSCamS32.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
D:\Programmi\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
d:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.personalfirewall.comodo.com/uninst_survey.html?serial=3.0.25.376_E33C8A2CD88A4ed3B2BD332E72436F25
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - D:\Programmi\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - D:\Programmi\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [vx6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [bluetoothauthenticationagent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [lifecam] "C:\Programmi\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programmi\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - D:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237842482531
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE9B2EEB-6D7D-4216-AAFF-F996702F2109}: NameServer = 192.168.1.1
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Servizio trasferimento intelligente in background (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Programmi\COMODO\Firewall\cmdagent.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - D:\Programmi\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - d:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Aggiornamenti automatici (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 8602 bytes

Mi sa che non ho risolto niente ....ho riprovato a installare il programma startup Delayer che avevo cancellato prima xke mi mandava in crash il pc.... Ma La cosa mi risuccede .... e adesso non mi va nemmeno il bluetooth più....

gli aggiornamenti automatici lo disabilitati io veramente .... cmq cosa ho fatto di sbagliato?


P.S. Faccio quello che mi hai detto....

ecco il log:

ComboFix 09-09-20.04 - G & S 21/09/2009 22.29.41.5.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1599 [GMT 2:00]
Eseguito da: c:\documents and settings\G & S\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {00000000-0000-0000-1200-140000FCFD7F}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0012-0014-00DC-FD7F00000802}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0012-0014-00EC-FD7F00000802}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0012-0014-00FC-FD7F00000802}
AV: Antivirus BitDefender *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
ADS - WINDOWS: deleted 48 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\system32\msconfig.exe
c:\windows\system32\SelfDel.bat

.
((((((((((((((((((((((((( Files Creati Da 2009-08-21 al 2009-09-21 )))))))))))))))))))))))))))))))))))
.

2009-09-21 15:50 . 2009-09-21 15:50 -------- d-----w- c:\documents and settings\G & S\Dati applicazioni\Malwarebytes
2009-09-21 15:50 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-21 15:50 . 2009-09-21 15:50 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-09-21 15:50 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-21 13:04 . 2009-09-21 13:04 -------- d-----w- C:\found.000
2009-09-21 12:28 . 2009-09-21 12:28 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-09-21 12:28 . 2009-07-15 09:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2009-09-21 12:28 . 2009-09-21 12:28 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-09-21 12:28 . 2009-09-21 12:28 -------- d-----w- c:\documents and settings\G & S\Dati applicazioni\TuneUp Software
2009-09-21 12:27 . 2009-09-21 12:27 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2009-09-21 12:23 . 2009-09-21 12:26 -------- d-----w- c:\programmi\AnVir Task Manager Free
2009-09-21 12:23 . 2009-09-21 12:26 -------- d-----w- c:\documents and settings\G & S\Impostazioni locali\Dati applicazioni\AnVir
2009-09-21 08:57 . 2009-09-21 08:58 -------- d-----w- c:\documents and settings\G & S\Dati applicazioni\GetRightToGo
2009-09-20 19:57 . 2005-05-25 05:00 90112 ------w- c:\windows\SDUnInst.exe
2009-09-20 17:33 . 2009-09-20 18:24 -------- d-----w- c:\windows\system32\NtmsData
2009-09-20 16:31 . 2009-09-20 16:31 -------- d-----w- c:\documents and settings\G & S\Dati applicazioni\JAM Software
2009-09-20 12:40 . 2009-09-20 12:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PPLive
2009-09-20 12:40 . 2009-09-20 12:40 -------- d-----w- c:\documents and settings\G & S\Dati applicazioni\PPLive
2009-09-20 12:33 . 2009-09-20 12:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\CCTV
2009-09-20 12:28 . 2009-09-20 12:28 -------- d-----w- c:\programmi\TVAnts
2009-09-18 12:24 . 2009-09-18 12:24 157696 ----a-w- c:\windows\msa.exe.vir
2009-09-17 13:19 . 2009-09-17 13:39 -------- d-----w- c:\programmi\Hard Disk Sentinel
2009-09-07 11:45 . 2009-09-07 11:46 -------- d-----w- c:\windows\speech
2009-09-07 11:45 . 2009-09-07 11:45 -------- d-----w- c:\windows\Lhsp
2009-09-07 09:33 . 2009-09-07 09:33 -------- d-----w- c:\documents and settings\G & S\Impostazioni locali\Dati applicazioni\IsolatedStorage
2009-09-07 09:32 . 2009-09-07 09:32 -------- d-----w- c:\documents and settings\G & S\Dati applicazioni\SAU KP
2009-09-03 19:12 . 2009-09-03 19:12 -------- d-----w- c:\programmi\File comuni\PCSuite
2009-09-03 14:09 . 2009-09-03 22:02 -------- d-----w- c:\programmi\AudioCommander
2009-09-03 14:01 . 2009-09-03 14:01 -------- d-----w- c:\programmi\MIKSOFT
2009-09-03 13:57 . 2009-09-03 13:57 249856 ------w- c:\windows\Setup1.exe
2009-09-03 13:57 . 2009-09-03 13:57 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-08-25 16:58 . 2009-08-25 16:58 -------- d-----w- c:\documents and settings\G & S\Impostazioni locali\Dati applicazioni\Thinstall
2009-08-25 16:58 . 2009-08-25 16:58 -------- d-----w- c:\documents and settings\G & S\Dati applicazioni\Thinstall
2009-08-24 15:31 . 2009-09-21 16:53 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-21 20:21 . 2009-03-02 15:36 -------- d-----w- c:\documents and settings\G & S\Dati applicazioni\uTorrent
2009-09-21 15:40 . 2001-08-31 09:00 79910 ----a-w- c:\windows\system32\perfc010.dat
2009-09-21 15:40 . 2001-08-31 09:00 479740 ----a-w- c:\windows\system32\perfh010.dat
2009-09-21 13:51 . 2009-03-02 14:22 53896 ----a-w- c:\documents and settings\G & S\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-09-21 11:21 . 2009-03-20 13:05 -------- d-----w- c:\programmi\Codice Fiscale
2009-09-20 14:12 . 2009-07-28 10:10 -------- d-----w- c:\documents and settings\G & S\Dati applicazioni\Superenalotto 3000
2009-09-20 13:42 . 2009-03-02 16:56 -------- d-sh--w- c:\documents and settings\All Users\Dati applicazioni\{55A29068-F2CE-456C-9148-C869879E2357}
2009-09-18 08:57 . 2009-03-02 14:26 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-09-18 08:57 . 2009-03-02 14:26 179792 ----a-w- c:\windows\system32\guard32.dll
2009-09-18 08:57 . 2009-03-02 14:26 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-09-18 08:57 . 2009-03-02 14:26 132296 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-09-16 14:46 . 2009-04-27 18:41 -------- d-----w- c:\documents and settings\G & S\Dati applicazioni\SolidDocuments
2009-09-14 14:55 . 2009-03-04 19:09 -------- d-----w- c:\programmi\Google
2009-09-13 14:10 . 2009-03-10 19:53 -------- d-----w- c:\programmi\File comuni\uusee
2009-09-07 09:46 . 2009-04-02 09:29 -------- d-----w- c:\documents and settings\G & S\Dati applicazioni\mIRC
2009-09-03 19:12 . 2009-06-20 13:13 -------- d-----w- c:\programmi\File comuni\Nokia
2009-09-03 19:05 . 2009-04-01 09:45 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Installations
2009-09-03 13:53 . 2009-04-01 09:57 -------- d-----w- c:\documents and settings\G & S\Dati applicazioni\Nokia
2009-08-28 13:13 . 2009-03-10 12:03 -------- d-----w- c:\documents and settings\G & S\Dati applicazioni\dvdcss
2009-08-21 11:44 . 2009-03-17 20:03 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-08-20 11:53 . 2009-03-23 13:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-18 13:35 . 2009-08-18 13:35 -------- d-----w- c:\documents and settings\G & S\Dati applicazioni\OxyCube
2009-08-18 13:30 . 2009-08-18 13:30 -------- d-----w- c:\programmi\Oxygen Software
2009-08-07 22:32 . 2009-03-02 14:23 -------- d-----w- c:\programmi\Alice ti aiuta
2009-07-31 17:31 . 2009-03-02 14:22 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-07-31 16:35 . 2009-07-29 19:10 -------- d-----w- c:\programmi\Telecom Italia
2009-07-31 16:22 . 2009-07-29 19:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Motive
.

------- Sigcheck -------

[-] 2008-04-13 . 97CBB1689BB951AD8DEE44C9F9C44318 . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2008-04-13 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\VistaMizer\old\comctl32.dll
[7] 2008-04-13 . 9530E35D9033ACED20CDA2509A21073A . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2001-08-31 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[-] 2009-03-01 . 1F39C7BDBA4C5F3F01C4EABF7EDBF4B3 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[-] 2009-03-01 13:10 . EA518D0002F4338DB0E7D83370D61845 . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll

[7] 2008-12-12 . 46E1D684E24EFE0EFCCD4D7D85FD4FC2 . 3088896 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3QFE\mshtml.dll
[-] 2008-12-12 . 6F22D63B02033FFEA8C9677BCF81B5C4 . 3481600 . . [6.00.2900.5726] . . c:\windows\system32\mshtml.dll
[-] 2008-12-12 . 6F22D63B02033FFEA8C9677BCF81B5C4 . 3481600 . . [6.00.2900.5726] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2008-12-12 . 88C1FE139BF3B61F521248F3ABCAA2D7 . 3088896 . . [6.00.2900.5726] . . c:\windows\VistaMizer\old\mshtml.dll
[7] 2008-10-16 . 1100FFE5E67742680E220C8CAA14E73F . 3088896 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\mshtml.dll

[-] 2009-03-01 . E0C98D37A349DC9688FE802F623B16F6 . 247296 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll

[-] 2009-03-01 . 948FD43022363203761659A8B27B5E94 . 2450176 . . [5.1.2600.5657] . . c:\windows\system32\ntoskrnl.exe
[-] 2009-03-01 . 0EE73494680235D59F4E57301D7AD580 . 2192896 . . [5.1.2600.5657] . . c:\windows\VistaMizer\old\ntoskrnl.exe

[-] 2008-04-13 . 3DBD6DC6D74C517D55A1B3AECA88EF48 . 588800 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[7] 2008-04-13 . FA94696C0727BD59E517C674CD6E7C72 . 579584 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\user32.dll

[7] 2008-10-16 . BF40401A6E416E9E1CB9DDAEC7C319D4 . 669696 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
[-] 2008-10-16 . A1C1AC8E0B407338585B2FA79BA0E846 . 813568 . . [6.00.2900.5694] . . c:\windows\system32\wininet.dll
[-] 2008-10-16 . A1C1AC8E0B407338585B2FA79BA0E846 . 813568 . . [6.00.2900.5694] . . c:\windows\system32\dllcache\wininet.dll
[7] 2008-10-16 . 98CB139F777B4A3101DB3642BFFFEB23 . 668672 . . [6.00.2900.5694] . . c:\windows\VistaMizer\old\wininet.dll

[-] 2008-04-13 . 6DC43081C760EEC1130D2C8C145DF375 . 549888 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2008-04-13 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\winlogon.exe

[-] 2008-04-13 . 287B3020F1324E99F313C9E7FCFCCCCC . 1554944 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-13 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\VistaMizer\old\explorer.exe

[-] 2008-04-13 . 91B6AAC828F8BBE1796275424E44DFB0 . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2008-04-13 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\ctfmon.exe

[-] 2009-03-01 . 2D10EEB83EEBDCE43E9F0214057C03F2 . 2327040 . . [5.1.2600.5657] . . c:\windows\system32\ntkrnlpa.exe
[-] 2009-03-01 . C812D8551FD3B6ACDBF7EB6B18B1B992 . 2069760 . . [5.1.2600.5657] . . c:\windows\VistaMizer\old\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-04 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Firewall Pro"="c:\programmi\COMODO\Firewall\cfp.exe" [2009-09-18 1799952]
"vx6000"="c:\windows\vVX6000.exe" [2006-10-13 994096]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"lifecam"="c:\programmi\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296]
"COMODO Internet Security"="c:\programmi\COMODO\Firewall\cfp.exe" [2009-09-18 1799952]
"bluetoothauthenticationagent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-13 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 25088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-04-13 101888]

c:\documents and settings\G & S\Menu Avvio\Programmi\Esecuzione automatica\
Stardock ObjectDock.lnk - d:\programmi\Stardock\ObjectDock\ObjectDock.exe [2009-3-2 3450608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"bgmonitor_{79662e04-7c6c-4d9f-84c7-88d8a56b10aa}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"epson stylus c42 series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
"sunjavaupdatesched"="d:\programmi\Java\jre6\bin\jusched.exe"
"remotecontrol"=c:\windows\system32\rmctrl.exe
"QuickTime Task"=c:\windows\system32\qttask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Programmi\\uusee\\UUSeePlayer.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeExp.exe"=
"d:\\Programmi\\PoivY.com\\PoivY\\PoivY.exe"=
"d:\\Programmi\\PPMate\\ppmate.exe"=
"d:\\Programmi\\PPMate\\ppamnet.exe"=

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [02/03/2009 16.26.27 132296]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [02/03/2009 16.26.27 25160]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [21/09/2006 11.19.04 347648]
S3 aspi;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [05/04/2009 18.17.33 16512]
S3 CrystalSysInfo;CrystalSysInfo;d:\programmi\MediaCoder\SysInfo.sys [25/09/2007 16.59.46 15152]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [20/06/2009 15.07.36 136704]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [13/10/2006 18.04.44 2383152]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\programmi\File comuni\LightScribe\LSRunOnce.exe"
.
Contenuto della cartella 'Scheduled Tasks'

2009-09-21 c:\windows\Tasks\Manutenzione in 1 clic.job
- d:\programmi\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 10:28]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.personalfirewall.comodo.com/uninst_survey.html?serial=3.0.25.376_E33C8A2CD88A4ed3B2BD332E72436F25
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Invia a &Bluetooth - d:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
TCP: {BE9B2EEB-6D7D-4216-AAFF-F996702F2109} = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\G & S\Dati applicazioni\Mozilla\Firefox\Profiles\kx1lt5y4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.inter.it/aas/hp?L=it
FF - component: d:\programmi\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: d:\programmi\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: d:\programmi\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: d:\programmi\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: d:\programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: d:\programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-connections-per-server - 8
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-21 22:52
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(972)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1064)
c:\windows\system32\scecli.dll
c:\windows\system32\SETUPAPI.dll
.
Ora fine scansione: 2009-09-21 22.56.51
ComboFix-quarantined-files.txt 2009-09-21 20:56
ComboFix2.txt 2009-04-09 17:36
ComboFix3.txt 2009-04-09 11:18
ComboFix4.txt 2009-04-09 08:51
ComboFix5.txt 2009-09-21 20:27

Pre-Run: 6.387.736.576 byte disponibili
Post-Run: 6.383.022.080 byte disponibili

243

E' questo:
http://technet.microsoft.com/it-it/library/cc779136(WS.10).aspx

Scarica Norman Malware Cleaner: http://normanasa.vo.llnwd.net/o29/public/Norman_Malware_Cleaner.exe e salvalo sul desktop

Accedi al sistema in modalità provvisoria con un account con privilegi di Amministratore

lancia Norman ed esegui una scansione completa

al termine della scansione verrà rilasciato un log: salvalo sul Desktop con il nome Norman1 e riavvia il sistema


accedi nuovamente al sistema in modalità provvisoria con un account con privilegi di Amministratore

rilancia Norman ed esegui una seconda scansione completa

al termine della scansione verrà rilasciato un log: salvalo sul Desktop con il nome Norman2

riavvia il sistema in modalità normale

Collegati ad internet e vai alla pagina WikiSend: http://www.wikisend.com/
Clicca sul bottone "Sfoglia"
Seleziona i file appena salvati (li carichi uno alla volta)
Clicca su Upload file
Dopo qualche secondo, vieni spostato su una nuova pagina con il link in diversi formati:
Download Link / Forum Link
Seleziona Forum Link, copialo e incollalo in un nuovo messaggio per il forum.

Bene.
Come vedi, fra le scansioni di Combofix e Norman, sono state levate ben 16 infezioni.
Pensi di tenerlo installato ancora Trojan Remover ?

Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Poi:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp. (non eliminare la cartella)
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO
Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan.
Aspetta pazientemente la fine della scansione.
se venissero rilevati ADS, spunta tutte (senza paura) le caselline e clicca su Remove selected

Riferisci se ci sono stati miglioramenti, oppure non è cambiato nulla.

Ma disistallando questo startup Delayer , cambia qualcosa?
Prova, se non lo hai già fatto.

Ma la CPU, dopo averlo disistallato è ancora al 100%?

Per il bluetooth leggi (è un pò lungo, ma vedi se ti può essere utile) questo link:
http://support.microsoft.com/kb/883258/it

Elimina questa voce di HJT:
O4 - HKLM\..\Run: [bluetoothauthenticationagent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

Posta un log aggiornato di HJT.

E' evidente, che quel programma, (startup Delayer ) entra in conflitto con un'altro programma. (che non sò quale).
Forse il problema si è verificato DOPO che hai installato qualcosa?

Poi, Bluetooth è un software vero?
E precisamente di questa ditta: broadcom.com
Può essere stato danneggiato da uno dei virus che avevi.
Una disistallazione , con la pulizia di CCleaner, un riavvio e una reistallazione, pensi sia possibile?

ho risinstallato il software del bluetooth e adesso va...