L'ho messo in C:\Locate, perchè iol sistema di non mi permette di salvarlo sono in C:\, l'ho lanciato andando in setting, etc, etc e mi rilevato il solito file TRIALOC.DL_

Allora ok, l'avevo già messo in programmi fin dall'inizio...

prima di eseguire quello che ti ho indicato nel post precedente, prova in questo modo

elimina il locate 32 e reinstallalo

http://locate32.net/files/exe/locate32-3.0.7.7010.exe

clicca su esegui => avanti x 3 => togli tutte le spunte e spunta solo "create files .dbs files...." => clicca su "fine"
(se vuoi crearti l'icona sul desktop spunta anche la prima voce)

Eseguilo da (start => tutti i programmi => locate => locate 32)
nella finestra che si apre clicca su: options => settings => auto update => add
in "schedule updates" inserisci At Startup => ok

Poi, clicca su "Size and Date"
metti la spunta a minimum filesize " e nella finestra a destra digita 14348 ("bytes")
metti la spunta a "maximum filesize " e nella finestra a destra digita 14348 ("bytes")

Clicca su "find now
Se compare un elenco di files, clicca su file => save reports => salvalo sul desktop e caricalo QUI

HO lanciato ilcomando combofix /u, ma mi fa partire la scanzione e non la disinstallazione del software. Ad ogni modo, la scansione parte ma mi compare il messagio:

Pasasites fuond!! I seguenti file stanno tentando di attaccare Combofix. Verranno disabilitati, annotare i nomi..C:\Programmi\file comuni\logictech\LVMVFM\LVPrcTnj.dll

Questo il report, dopo ti invio anche hijack

ComboFix 10-02-19.04 - Vincenzo Siciliano 21/02/2010 13.39.42.3.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1014.424 [GMT 1:00]
Eseguito da: c:\documents and settings\Vincenzo Siciliano\Desktop\Antivirus\ComboFix.exe
Opzioni usate :: /u
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2010-01-21 al 2010-02-21 )))))))))))))))))))))))))))))))))))
.

2010-02-21 12:16 . 2010-02-21 12:16 -------- d-----w- c:\programmi\Locate
2010-02-20 13:30 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-20 13:30 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-20 13:30 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-02-20 13:30 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-02-20 13:30 . 2010-02-20 13:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2010-02-20 13:30 . 2010-02-20 13:30 -------- d-----w- c:\programmi\Avira
2010-02-20 12:40 . 2010-02-20 12:40 -------- d-----w- c:\programmi\CCleaner
2010-02-19 21:59 . 2010-02-18 15:33 2855006 ----a-w- c:\documents and settings\All Users\Dati applicazioni\{33284F1B-AA9B-4290-B5B9-2F38EBF6EA01}\vnlt6593.exe
2010-02-19 21:59 . 2010-02-19 21:59 -------- d-----w- c:\programmi\VEXPLite
2010-02-19 00:20 . 2010-02-19 00:20 -------- d-----w- c:\documents and settings\Vincenzo Siciliano\Dati applicazioni\Media Player Classic
2010-02-19 00:18 . 2009-12-12 14:15 178176 ----a-w- c:\windows\system32\unrar.dll
2010-02-19 00:18 . 2010-02-19 00:18 -------- d-----w- c:\programmi\K-Lite Codec Pack
2010-02-18 21:51 . 2010-02-18 21:51 -------- d-----w- c:\documents and settings\Vincenzo Siciliano\Dati applicazioni\Locate32
2010-02-17 19:11 . 2010-02-17 19:11 -------- d-----w- c:\programmi\uTorrent
2010-02-17 19:10 . 2010-02-17 19:10 -------- d-----w- c:\documents and settings\Vincenzo Siciliano\Dati applicazioni\uTorrent
2010-02-16 19:55 . 2010-02-16 19:55 -------- d-----w- c:\documents and settings\Vincenzo Siciliano\Dati applicazioni\Malwarebytes
2010-02-16 19:55 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-16 19:55 . 2010-02-16 19:55 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-02-16 19:55 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-16 19:55 . 2010-02-16 19:55 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-02-15 20:54 . 2010-02-15 20:55 388096 ----a-r- c:\documents and settings\Vincenzo Siciliano\Dati applicazioni\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-02-15 20:54 . 2010-02-15 20:54 -------- d-----w- c:\programmi\TrendMicro
2010-02-07 17:18 . 2010-02-07 17:18 -------- d-----w- c:\programmi\PC Cleaner
2010-02-06 16:34 . 2010-02-06 16:34 -------- d-----w- c:\programmi\File comuni\4Team
2010-02-06 16:34 . 2010-02-06 16:34 -------- d-----w- c:\documents and settings\Vincenzo Siciliano\Dati applicazioni\4Team
2010-02-06 16:34 . 2010-02-06 16:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\4Team
2010-02-06 15:37 . 2010-02-06 15:37 -------- d-----w- c:\documents and settings\Vincenzo Siciliano\Dati applicazioni\Uniblue
2010-02-05 23:57 . 2010-02-05 23:57 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\gMozilla
2010-02-05 23:57 . 2010-02-05 23:57 -------- d-----w- c:\documents and settings\NetworkService\Dati applicazioni\gMozilla
2010-02-05 23:51 . 2010-02-05 23:51 -------- d-----w- c:\documents and settings\Vincenzo Siciliano\Dati applicazioni\FLVPlayer4Free
2010-02-05 23:51 . 2010-02-05 23:51 -------- d-----w- c:\programmi\FLVPlayer4Free
2010-01-31 23:09 . 2010-01-31 23:09 -------- d-----w- c:\documents and settings\Vincenzo Siciliano\Dati applicazioni\FLEXnet
2010-01-27 19:50 . 2009-06-29 17:00 102656 ----a-r- c:\windows\system32\drivers\ewusbfake.sys
2010-01-27 19:45 . 2009-06-29 17:00 112640 ----a-r- c:\windows\system32\drivers\ewusbnet.sys
2010-01-27 19:45 . 2009-04-09 12:38 102400 ----a-r- c:\windows\system32\drivers\ewusbmdm.sys
2010-01-27 19:44 . 2010-01-27 19:44 -------- d-----w- c:\documents and settings\Vincenzo Siciliano\Dati applicazioni\Vodafone
2010-01-27 19:44 . 2010-01-27 19:44 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\Vodafone
2010-01-27 19:44 . 2010-01-27 19:44 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Vodafone
2010-01-27 19:43 . 2010-01-27 19:43 -------- d-----w- c:\programmi\Vodafone
2010-01-27 19:43 . 2010-01-27 19:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\FLEXnet
2010-01-27 19:43 . 2010-01-27 19:43 -------- d-----w- c:\documents and settings\Vincenzo Siciliano\Impostazioni locali\Dati applicazioni\{6118B561-4CCF-4F70-B358-73ACA4B8FB39}
2010-01-27 19:28 . 2010-01-27 19:28 -------- d-----w- c:\programmi\vodafonesam
2010-01-27 19:28 . 2010-01-27 19:28 -------- d-----w- c:\programmi\Common Files
2010-01-27 19:24 . 2010-01-27 19:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Motive

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-21 00:13 . 2006-08-30 23:34 12 ----a-w- c:\windows\bthservsdp.dat
2010-02-19 21:49 . 2010-02-19 21:49 -------- d--h--w- c:\documents and settings\All Users\Dati applicazioni\{33284F1B-AA9B-4290-B5B9-2F38EBF6EA01}
2010-02-10 17:44 . 2010-02-19 21:49 352256 ----a-w- c:\documents and settings\All Users\Dati applicazioni\{33284F1B-AA9B-4290-B5B9-2F38EBF6EA01}\OFFLINE\BB22A901\76AC2E42\Scan.dll
2010-02-07 17:16 . 2009-10-19 15:44 0 ---h--w- c:\documents and settings\All Users\Dati applicazioni\PKP_DLbx.DAT
2010-02-07 16:35 . 2009-10-19 15:39 57344 ----a-r- c:\documents and settings\Vincenzo Siciliano\Dati applicazioni\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2010-02-06 15:45 . 2006-08-30 23:13 85070 ----a-w- c:\windows\system32\perfc010.dat
2010-02-06 15:45 . 2006-08-30 23:13 490898 ----a-w- c:\windows\system32\perfh010.dat
2010-02-06 13:25 . 2009-10-19 15:37 20 ---h--w- c:\documents and settings\All Users\Dati applicazioni\PKP_DLdw.DAT
2010-02-05 20:09 . 2006-08-30 04:28 1024 ---h--r- c:\windows\system32\NTIMPEG2.dll
2010-01-11 21:34 . 2010-01-11 21:34 -------- d-----w- c:\programmi\File comuni\Skype
2010-01-07 19:42 . 2010-01-07 19:42 33558 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Google\Toolbar for Firefox\Firefox_Toolbar_Uninstaller.exe
2010-01-07 17:41 . 2010-01-07 17:41 -------- d-----w- c:\programmi\Alwil Software
2010-01-07 17:41 . 2010-01-07 17:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Alwil Software
2010-01-07 17:38 . 2010-01-07 17:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2010-01-07 17:25 . 2010-01-07 17:25 -------- d-----w- c:\documents and settings\Vincenzo Siciliano\Dati applicazioni\gMozilla
2010-01-07 15:44 . 2010-02-19 21:49 274432 ----a-w- c:\documents and settings\All Users\Dati applicazioni\{33284F1B-AA9B-4290-B5B9-2F38EBF6EA01}\OFFLINE\D89A54DE\76AC2E42\MONLITE.exe
2010-01-05 09:53 . 2006-01-09 18:59 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 09:53 . 2004-09-07 19:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:53 . 2004-09-07 19:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-01-01 02:53 . 2010-01-01 02:53 16614 --sh--w- c:\windows\system32\wbem\xiao.vbs
2009-12-31 16:50 . 2004-09-07 19:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-29 21:09 . 2009-12-29 21:09 -------- d--h--w- c:\documents and settings\All Users\Dati applicazioni\{BC13C66E-D01E-4443-A1D1-35EEDF3A964A}
2009-12-29 21:08 . 2009-12-29 21:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Native Instruments
2009-12-29 21:08 . 2009-12-29 21:08 -------- d--h--w- c:\documents and settings\All Users\Dati applicazioni\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
2009-12-29 21:08 . 2009-12-29 21:08 -------- d-----w- c:\programmi\Native Instruments
2009-12-29 21:08 . 2009-12-29 21:08 -------- d-----w- c:\programmi\File comuni\Native Instruments
2009-12-28 22:58 . 2009-12-28 22:07 21856 ----a-w- c:\windows\system32\drivers\BCD3000WDM.SYS
2009-12-28 22:53 . 2009-12-28 22:07 548864 ----a-w- c:\windows\system32\bcd3kcpan.exe
2009-12-28 22:53 . 2009-12-28 22:07 42784 ----a-w- c:\windows\system32\drivers\BCD3000.SYS
2009-12-28 22:53 . 2009-12-28 22:07 106496 ----a-w- c:\windows\system32\bcd3kasio.dll
2009-12-20 11:28 . 2009-10-19 15:34 20 ---h--w- c:\documents and settings\All Users\Dati applicazioni\PKP_DLdu.DAT
2009-12-18 10:18 . 2010-02-19 21:49 122880 ----a-w- c:\documents and settings\All Users\Dati applicazioni\{33284F1B-AA9B-4290-B5B9-2F38EBF6EA01}\OFFLINE\361580F9\76AC2E42\viritupg.dll
2009-12-17 07:40 . 2004-09-07 19:00 346112 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 13:42 . 2010-01-08 22:12 872960 ----a-w- c:\documents and settings\Vincenzo Siciliano\Dati applicazioni\Mozilla\Firefox\Profiles\9xhr90co.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-16 13:42 . 2010-01-08 22:12 43008 ----a-w- c:\documents and settings\Vincenzo Siciliano\Dati applicazioni\Mozilla\Firefox\Profiles\9xhr90co.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-16 13:42 . 2010-01-08 22:12 340480 ----a-w- c:\documents and settings\Vincenzo Siciliano\Dati applicazioni\Mozilla\Firefox\Profiles\9xhr90co.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-16 13:41 . 2010-01-08 22:12 346624 ----a-w- c:\documents and settings\Vincenzo Siciliano\Dati applicazioni\Mozilla\Firefox\Profiles\9xhr90co.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-14 22:27 . 2009-08-26 07:43 180288 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2009-12-14 07:08 . 2004-09-07 19:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:07 . 2005-09-29 19:27 2148864 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:07 . 2005-09-29 19:28 2027520 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-09-07 19:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:12 . 2005-06-29 02:55 1296896 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:12 . 2004-09-07 19:00 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2004-09-07 19:00 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-09-07 19:00 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-09-07 19:00 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07 . 2004-09-07 19:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2004-09-07 19:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 14:10 . 2010-02-19 21:49 69632 ----a-w- c:\documents and settings\All Users\Dati applicazioni\{33284F1B-AA9B-4290-B5B9-2F38EBF6EA01}\OFFLINE\__Nas01_sviluppo_varie\Setup\VIRITLite\Files\viritsvc.exe
2009-11-27 14:06 . 2010-02-19 21:49 815104 ----a-w- c:\documents and settings\All Users\Dati applicazioni\{33284F1B-AA9B-4290-B5B9-2F38EBF6EA01}\OFFLINE\5BF53870\76AC2E42\viritexp.exe
.

------- Sigcheck -------

[7] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ctfmon.exe
[7] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2004-09-07 . 33F14C55448FFA3E9DAE4854CC632D33 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]
"Nokia.PCSync"="c:\programmi\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"Google Update"="c:\documents and settings\Vincenzo Siciliano\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-05-18 133104]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-07 39408]
"Skype"="c:\programmi\Skype\\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-17 64512]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-09-07 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-09-07 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 455168]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 3080704]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 16342528]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2007-12-11 286720]
"BCD3000"="c:\windows\system32\bcd3kcpan.exe" [2009-12-28 548864]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"MobileConnect"="c:\programmi\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-07-03 2328576]
"VIRIT LITE MONITOR"="c:\programmi\VEXPLite\MONLITE.EXE" [2010-02-19 274432]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-09-07 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2006-02-14 11:00 8704 ----a-w- c:\windows\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\SimpleCenter\\Home Media Server.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\eMule0.48\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\System32\\FXSCLNT.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 VIRAGTLT;VIRAGTLT;c:\windows\system32\drivers\VIRAGTLT.sys [11/11/2009 8.53.20 45312]
R2 viritsvclite;VirIT eXplorer Lite;c:\programmi\VEXPLite\VIRITSVC.EXE [27/11/2009 15.10.32 69632]
R2 VMCService;Vodafone Mobile Connect Service;c:\programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [03/07/2009 11.40.30 9216]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [19/06/2006 12.20.24 1097728]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [07/01/2010 20.45.27 135664]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [12/11/2008 19.33.04 8192]
S3 BCD3000;Behringer BCD3000 V1.2.0.0;c:\windows\system32\drivers\BCD3000.SYS [28/12/2009 23.07.26 42784]
S3 BCD3000WDM;Behringer BCD3000WDM V1.2.0.0;c:\windows\system32\drivers\BCD3000WDM.SYS [28/12/2009 23.07.26 21856]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [27/01/2010 20.45.10 112640]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [27/01/2010 20.50.11 102656]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [15/02/2009 23.31.33 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [15/02/2009 23.31.33 8320]
S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\DRIVERS\ONDAusbmdm6k.sys --> c:\windows\system32\DRIVERS\ONDAusbmdm6k.sys [?]
S3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\DRIVERS\ONDAusbnet.sys --> c:\windows\system32\DRIVERS\ONDAusbnet.sys [?]
S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\DRIVERS\ONDAusbser6k.sys --> c:\windows\system32\DRIVERS\ONDAusbser6k.sys [?]
S3 ThSerial;ThSerial;c:\windows\system32\drivers\thserial.sys [12/04/2007 21.47.54 59776]
S3 ThSerMux;ThSerMux;c:\windows\system32\drivers\thsermux.sys [12/04/2007 21.47.54 33408]
S3 thserprt;thserprt;c:\windows\system32\drivers\thserprt.sys [12/04/2007 21.47.54 17664]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - INT15.SYS
.
Contenuto della cartella 'Scheduled Tasks'

2010-02-21 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-07 23:17]

2010-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-01-07 19:44]

2010-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-01-07 19:44]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.libero.it/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://it.intl.acer.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = proxy:8080
uSearchURL,(Default) = hxxp://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Invia a periferica &Bluetooth... - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Vincenzo Siciliano\Dati applicazioni\Mozilla\Firefox\Profiles\9xhr90co.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.libero.it/
FF - component: c:\documents and settings\Vincenzo Siciliano\Dati applicazioni\Mozilla\Firefox\Profiles\9xhr90co.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13);user_pref(general.useragent.extra.zencast, .
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-Symantec PIF AlertEng - c:\programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-21 13:43
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(4200)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2010-02-21 13:45:21
ComboFix-quarantined-files.txt 2010-02-21 12:45
ComboFix2.txt 2010-02-18 18:41

Pre-Run: 5.625.053.184 byte disponibili
Post-Run: 5.586.714.624 byte disponibili

- - End Of File - - BB689ACAA7DE14B3283BBD40EC1B6180

In realtà l'estensione corretta di quel file, segnalato da Combofix alla partenza, è C:\Programmi\file comuni\logictech\LVMVFM\LVPrcTnj.dll.vir

Ho analizzato anche un altro file nella stessa cartella e questo il risultato di virustotal

McAfee-GW-Edition 6.8.5 2010.02.19 Heuristic.BehavesLike.Win32.Worm.L

E' successa una cosa molto strana, ho provato a fare una ricerca inserendo il nome del file Heuristic.BehavesLike.Win32.Worm.L sulla barra indirizzi di google crome ed improvvisamente il pc si è spento (dopo una schermata blu tipo DOS!) ed al riavvio mi partito il controllo dei file system su c:

Il PC non partiva neppure in modalità provvisoria, al terzo tentativo è partito in modalità normale.....Che casino!!!!!!

Avira lo avevo già istallato quando me lo hai segnato, ora sto facendo un'ulteriore scansione, ti posto il log.....Thanks

meno male che c'e' avira...

ora fai un controllo con prevx

vedi se rileva qualcosa

Clicca su start - pannello di controllo - opzioni internet - connessioni. Elimina, se presente, la connessione "internet connection" e imposta la tua come predefinita

ciao,scusate l intrusione...avira ha rilevato 6 infezioni e ne ha rimosse solo 3?non sarebbe il caso di fare una scansione in provvisoria?

per eliminare combofix

Scarica OTC by OldTimer

doppio clic per eseguirlo
clicca su "CleanUP" > "Yes" > "Yes"
riavvia il pc



fai una scansione in piu' meglio essere prudenti

MALWAREBYTES

1) lo installi
2) lo aggiorni
3) fai una scansione scegliendo la modalità completa
4) NON eliminare per ora le ventuali minacce che rileva
5) finita la scansione seleziona il tabellino log, apri il file di testo e postalo sul forum


riesegui FindAWF

nella finestra dos che si apre premi 1 e poi invio


hai controllato se nelle connessioni c'e' ''internet connection''?

@paolopa

vediamo cosa rileva malwarebytes, altrimenti mi dai una mano


@wincensic

elimina i crack che hai nel pc, sicuramente ne hai qualcuno