Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
C:\Programmi\Brother\Brmfcmon\BrMfcWnd.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\Programmi\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\OpenOffice.org 3\program\soffice.exe
C:\Programmi\OpenOffice.org 3\program\soffice.bin
C:\Programmi\Brother\Brmfcmon\BrMfcmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Programmi\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Programmi\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Dati applicazioni\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Programmi\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Programmi\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

--
End of file - 2683 bytes

ciao giuseppe 66

dovresti postare il log completo

devi copiarlo e incollarlo per intero

fai nuovamente la scansione e posta il log- gia' da quello che vedo hai una brutta infezione

e questo ho sbaglio in qualche passaggio?

ComboFix 09-10-14.09 - Giuseppe 15/10/2009 17.17.28.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.511.131 [GMT 2:00]
Eseguito da: c:\documents and settings\Giuseppe\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-09-15 al 2009-10-15 )))))))))))))))))))))))))))))))))))
.

2009-09-25 15:55 . 2009-09-25 15:55 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\Media Player Classic
2009-09-25 09:33 . 2009-09-25 09:33 -------- d-----w- c:\programmi\MSXML 4.0
2009-09-25 09:28 . 2008-06-14 17:32 272768 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-09-25 09:28 . 2008-06-14 17:32 272768 ------w- c:\windows\system32\drivers\bthport.sys
2009-09-25 09:27 . 2009-02-09 11:23 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-09-25 09:27 . 2009-02-09 11:22 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-09-25 09:27 . 2009-02-09 11:23 2027520 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-09-25 08:46 . 2008-04-13 15:13 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-09-23 09:25 . 2009-09-23 09:25 -------- d-----w- c:\documents and settings\Giuseppe\Impostazioni locali\Dati applicazioni\Identities
2009-09-20 08:47 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-13 09:53 . 2009-09-13 08:48 1636 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-01 06:59 . 2001-08-31 08:00 47592 ----a-w- c:\windows\system32\perfc010.dat
2009-10-01 06:59 . 2001-08-31 08:00 345010 ----a-w- c:\windows\system32\perfh010.dat
2009-09-12 06:54 . 2009-09-09 14:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg8
2009-09-10 16:26 . 2009-09-10 16:10 17544 ----a-w- c:\documents and settings\Giuseppe\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-09-10 16:25 . 2009-09-10 16:25 -------- d-----w- c:\programmi\Microsoft
2009-09-10 16:25 . 2009-09-10 16:24 -------- d-----w- c:\programmi\Windows Live
2009-09-10 16:25 . 2009-09-10 16:25 -------- d-----w- c:\programmi\Windows Live SkyDrive
2009-09-10 16:23 . 2009-09-10 16:23 -------- d-----w- c:\programmi\File comuni\Windows Live
2009-09-10 15:09 . 2009-09-10 15:09 50 ----a-w- c:\windows\system32\bridf07a.dat
2009-09-10 15:08 . 2009-09-10 15:08 -------- d-----w- c:\programmi\Brother
2009-09-10 15:08 . 2009-09-10 15:08 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-09-10 15:07 . 2009-09-10 15:07 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\InstallShield
2009-09-10 15:06 . 2009-09-10 15:06 -------- d-----w- c:\programmi\Nuance
2009-09-10 15:06 . 2009-09-10 15:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ScanSoft
2009-09-10 15:06 . 2009-09-10 15:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\InstallShield
2009-09-10 15:05 . 2009-09-10 15:05 -------- d-----w- c:\programmi\File comuni\ScanSoft Shared
2009-09-10 15:05 . 2009-09-10 15:04 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-09-10 15:05 . 2009-09-10 15:05 -------- d-----w- c:\programmi\ScanSoft
2009-09-10 15:04 . 2009-09-10 15:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Brother
2009-09-09 17:13 . 2009-09-09 17:13 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\OpenOffice.org
2009-09-09 17:09 . 2009-09-09 17:09 -------- d-----w- c:\programmi\JRE
2009-09-09 17:09 . 2009-09-09 17:09 -------- d-----w- c:\programmi\OpenOffice.org 3
2009-09-09 17:08 . 2009-09-09 17:08 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-09 17:08 . 2009-09-09 17:08 -------- d-----w- c:\programmi\Java
2009-09-09 16:25 . 2009-09-09 16:25 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\Nero
2009-09-09 16:23 . 2009-09-09 16:21 -------- d-----w- c:\programmi\File comuni\Nero
2009-09-09 16:21 . 2009-09-09 16:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nero
2009-09-09 16:21 . 2009-09-09 16:21 -------- d-----w- c:\programmi\Nero
2009-09-09 16:00 . 2009-09-09 16:00 0 ----a-w- c:\windows\nsreg.dat
2009-09-09 16:00 . 2009-09-09 16:00 -------- d-----w- c:\programmi\K-Lite Codec Pack
2009-09-09 15:31 . 2009-09-09 15:30 -------- d-----w- c:\programmi\File comuni\Adobe
2009-09-09 14:41 . 2009-09-09 14:41 -------- d-----w- c:\programmi\Trend Micro
2009-09-09 14:39 . 2009-09-09 14:26 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-09 14:39 . 2009-09-09 14:25 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-09 14:39 . 2009-09-09 14:25 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-09 14:26 . 2009-09-09 14:26 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-09 14:25 . 2009-09-09 14:25 -------- d-----w- c:\programmi\AVG
2009-09-08 18:09 . 2009-09-08 18:09 -------- d-----w- c:\programmi\microsoft frontpage
2009-09-08 18:07 . 2009-09-08 18:07 -------- d-----w- c:\programmi\Servizi in linea
2009-09-08 18:04 . 2009-09-08 18:04 21840 ----a-w- c:\windows\system32\emptyregdb.dat
2009-08-06 17:24 . 2009-09-08 18:06 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2009-09-08 18:06 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 17:24 . 2009-09-08 18:06 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2008-10-16 12:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2009-09-08 18:06 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2008-04-13 15:13 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2009-09-08 18:06 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2009-09-11 10:14 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 17:23 . 2009-09-11 10:14 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 17:23 . 2009-09-08 18:06 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 08:59 . 2008-04-13 15:13 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:34 . 2008-04-13 15:13 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:34 . 2008-04-13 15:13 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-17 19:01 . 2008-04-13 15:13 58880 ----a-w- c:\windows\system32\atl.dll
.

------- Sigcheck -------

[-] 2009-01-29 . 3316C8A8EC07A9D4C0BE10310809A9E5 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-04 2023704]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NeroFilterCheck"="c:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-09-09 149280]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\programmi\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\programmi\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\programmi\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\programmi\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\programmi\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\Giuseppe\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 3.1.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-09 14:39 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [09/09/2009 16.25.58 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [09/09/2009 16.26.05 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [09/09/2009 16.25.49 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [09/09/2009 16.25.49 297752]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1A43B51D-2671-4bcc-89F0-9BC42DB29016}]
rundll32 fos64.dll,InitO
.
.
------- Scansione supplementare -------
.
FF - ProfilePath - c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\4rykw1yo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/ig?hl=it
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-15 17:21
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(3796)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
.
Ora fine scansione: 2009-10-15 17.23.54
ComboFix-quarantined-files.txt 2009-10-15 15:23
ComboFix2.txt 2009-10-15 14:29

Pre-Run: 24.601.952.256 byte disponibili
Post-Run: 24.572.887.040 byte disponibili

150 --- E O F --- 2009-09-25 13:25

ciao ,la cosa strana e che rilancio hijack e non mi trova piu
-O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

prova ad aprire il registro, ma non toccare niente

fai in questo modo

start\esegui\regedit

segui questo percorso

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

quando sei su System vai sulla cartellina gialla e col tassto destro scegli esporta- salva il file sul desktop e caricalo qui

www.wikisend.com

dove lo hai inviato?

devi caricarlo qui ====>> www.wikisend.com

ma hai letto quello che ho scritto nel post precedente?

scusa ....ma come fccio a controllare se non mi posti niente? :(