probabile infezione da virus o malware

all'avvio di windows vista home edition
mi appare questo messaggio:
run dll
errore durante il caricamento di vtuvvu.dll
impossibile trovare il modulo specificato

ho fatto una ricerca su internet su questa libreria dinamica
ma nn sono riuscito a trovare il sistema per ripristinare..
fra l'altro mi manda in crash firefox e quindi mi rende difficoltoso
navigare

Ciao e Benvenuto/a nel Forum di Manuali.it !
Ti ringraziamo per esserti iscritto/a ed essere entrato/a a far parte della nostra comunità.

Ti invitiamo a leggere con attenzione il Regolamento del Forum che trovi QUI e a personalizzare il tuo profilo utente inserendo una firma e sopratutto un avatar. Per entrare nel tuo profilo ti basterà cliccare sulla scritta "Profilo" nella parte alta di qualsiasi pagina del Forum.

Per qualsiasi problema, dubbio o richiesta non esitare a contattarci nella sezione Contatti con la Redazione o a contattare un membro dello staff via e-mail o Messaggio Privato.

Ci vediamo sul Forum !
Un saluto.
Lo Staff

Segui questa procedura e postaci tutti i log richiesti:

informatica-ed-internet-virus/procedura-per-ripulire-un-pc-infetto-t21749.html

intanto ringrazio riky per la dritta preziosa
ho risolto il problema!! (errore durante il caricamento di vtuvvu.dll) e notevole rallentamento del pc
allego il log di 2 dei programmi consigliati dal link

ComboFix

ComboFix 11-03-30.03 - *** 31/03/2011 19.04.40.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.39.1040.18.3069.1675 [GMT 2:00]
Eseguito da: c:\users\***\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Philips SPC210NC Webcam
c:\programdata\Microsoft\Windows\Start Menu\Programs\Philips SPC210NC Webcam \Uninstall Philips SPC210NC Webcam.lnk
c:\users\***\appdata\local\temp\gebcyy.dll
c:\users\***\AppData\Roaming\cacaoweb
c:\users\***\AppData\Roaming\cacaoweb\adstorage.db
c:\users\***\AppData\Roaming\cacaoweb\cacaoweb.exe
c:\users\***\AppData\Roaming\cacaoweb\replicating2D7D8EC6AD2B6273494500612D358D04.cacao
c:\users\***\AppData\Roaming\cacaoweb\replicatingA52B0415662074E83956FC4033EFCD01.cacao
c:\users\***\AppData\Roaming\cacaoweb\replicatingB57F6611281A20C9258A45818FCD394F.cacao
c:\users\***\AppData\Roaming\cacaoweb\storage.db
c:\users\***\AppData\Roaming\Microsoft\AdjMmsVista.dll
c:\users\***\Documents\Readiris.DUS
c:\youtubemp3downloader\YouTubeMP3Downloader.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2011-02-28 al 2011-03-31 )))))))))))))))))))))))))))))))))))
.
.
2011-03-31 16:38 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-31 16:37 . 2011-03-31 16:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-31 16:37 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-31 16:21 . 2011-03-31 16:21 117780 ----a-w- c:\users\***\cc_20110331_182105.reg
2011-03-31 16:09 . 2011-03-31 16:09 -------- d-----w- c:\program files\CCleaner
2011-03-31 15:44 . 2011-03-31 15:54 -------- d-----w- c:\program files\Wise Registry Cleaner
2011-03-30 21:44 . 2011-03-31 16:59 -------- d-----w- c:\program files\RegZooka
2011-03-30 21:40 . 2011-03-30 21:40 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2011-03-30 21:40 . 2011-03-30 21:40 -------- d-----w- c:\programdata\Malwarebytes
2011-03-29 01:03 . 2011-03-29 01:03 -------- d-----w- c:\program files\Microsoft.NET
2011-03-27 00:15 . 2011-03-27 00:18 -------- d-----w- c:\program files\Amnesia - The Dark Descent Demo
2011-03-14 18:17 . 2011-03-14 18:17 -------- d-----w- c:\program files\Ask.com
2011-03-14 18:16 . 2011-03-14 18:17 -------- d-----w- c:\users\***\AppData\Roaming\Trillian
2011-03-14 18:16 . 2011-03-14 18:17 -------- d-----w- c:\program files\Trillian
2011-03-13 17:51 . 2011-03-13 17:51 -------- d-----w- c:\program files\Audacity
2011-03-11 19:03 . 2011-03-11 19:03 -------- d-----w- c:\users\***\AppData\Local\TechSmith
2011-03-11 19:01 . 2010-03-04 16:27 411480 ----a-w- c:\windows\system32\tsccvid.dll
2011-03-11 19:01 . 2011-03-11 19:01 -------- d-----w- c:\windows\system32\QuickTime
2011-03-11 19:00 . 2011-03-11 19:00 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2011-03-11 19:00 . 2011-03-11 19:00 -------- d-----w- c:\programdata\TechSmith
2011-03-11 19:00 . 2011-03-11 19:00 -------- d-----w- c:\program files\TechSmith
2011-03-09 13:03 . 2010-12-17 16:43 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 13:03 . 2010-12-17 15:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 13:03 . 2010-12-29 17:41 323072 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 13:03 . 2010-12-29 17:41 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 13:03 . 2010-12-29 17:41 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 13:03 . 2010-12-29 17:39 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-06 02:31 . 2011-03-06 02:31 -------- d-----w- c:\programdata\WindowsSearch
2011-03-05 23:08 . 2011-03-05 23:08 -------- d-----w- C:\Games
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-10 15:34 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-02-10 15:34 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-02-02 19:40 . 2010-05-17 17:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-13 09:41 . 2011-01-25 12:43 5890896 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D1C71022-40B6-416A-888C-F040B566CD51}\mpengine.dll
2011-01-08 07:50 . 2011-02-10 22:21 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 05:57 . 2011-02-10 22:21 292352 ----a-w- c:\windows\system32\atmfd.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-16 3872080]
"BitTorrent DNA"="c:\users\***\Program Files\DNA\btdna.exe" [2009-11-13 323392]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-02 24264488]
"FlashGet 3"="c:\program files\FlashGet Network\FlashGet 3\flashget3.exe" [2010-05-11 2385456]
"Aim"="c:\program files\AIM\aim.exe" [2011-01-05 4321112]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"efdcabaudio"="c:\users\***\appdata\local\temp\gebcyy.dll" [2011-03-31 128000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-26 177472]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-10 270336]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-06 98304]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-24 202256]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TrayMin210.exe.lnk - c:\program files\Philips\Philips SPC210NC Webcam\TrayMin210.exe [2009-4-21 278528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Trillian.lnk]
backup=c:\windows\pss\Trillian.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 00:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2009-01-29 22:20 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F.lux]
2009-08-29 06:00 966656 ----a-w- c:\users\***\Local Settings\Apps\F.lux\flux.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FineReader7NewsReaderPro]
2003-09-11 23:15 278528 ----a-w- c:\program files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashGet 3]
2010-05-11 07:36 2385456 ----a-w- c:\program files\FlashGet Network\FlashGet 3\Flashget3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-07-25 10:56 136176 ----atw- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-04-02 14:11 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 14:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-19 07:33 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2008-01-28 09:43 2097488 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-18 22:23 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-12-03 09:15 165304 ----a-w- c:\program files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-03-24 09:37 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-08-03 23:02 36352 ----a-w- c:\program files\Winamp\winampa.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-08-02 3732680]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-24 691696]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-07-07 176128]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-11-09 21992]
S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-03-12 86016]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-04-03 3024168]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-07-07 5882368]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-07-07 210944]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2008-03-17 15144]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1149915083-648106084-1607412571-1000Core.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-25 10:56]
.
2011-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1149915083-648106084-1607412571-1000UA.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-25 10:56]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar2.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar2.dll/cmwordtrans.html
IE: ????3??
IE: ????3??????
IE: Backward Links - c:\program files\Google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar2.dll/cmcache.html
IE: Download all by FlashGet3 - c:\users\***\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\***\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: Similar Pages - c:\program files\Google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar2.dll/cmtrans.html
IE: ????3?? - c:\users\***\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\users\***\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
DPF: {C89BAC33-28B7-4297-AC5B-2BA81E275F91} - hxxp://btool.net/download/btool2009.cab
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\rc5o4cjx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - WR English-Italian
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: ScrapBook: {53A03D43-5363-4669-8190-99061B2DEBA5} - %profile%\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Speed Dial: {64161300-e22b-11db-8314-0800200c9a66} - %profile%\extensions\{64161300-e22b-11db-8314-0800200c9a66}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Illimitux: illimitux@illimitux.net - %profile%\extensions\illimitux@illimitux.net
FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - %profile%\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
FF - Ext: cacaoweb: cacaoweb@cacaoweb.org - %profile%\extensions\cacaoweb@cacaoweb.org
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: 20-20 3D Viewer: 2020Player@2020Technologies.com - %profile%\extensions\2020Player@2020Technologies.com
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.homepage.dontask - true
.
.
------- Associazioni dei file -------
.
.reg=Regedit.Document
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-cacaoweb - c:\users\***\AppData\Roaming\cacaoweb\cacaoweb.exe
HKCU-Run-MSLocality - c:\users\***\AppData\Local\MS\MSLocality.dll
HKLM-Run-ljggfgsys - vtuvvu.dll
HKU-Default-Run-ddaxxxsys - vtuvvu.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-31 19:16
Windows 6.0.6001 Service Pack 1 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
cacaoweb = "c:\users\***\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer?abled:cacaoweb?ng???P???ew??????????P???P???????????P???????P???_w`?ew????????????q???????Service Pack 1??????????????????????????????????????????????????????????????????????????????????Q??????
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-1149915083-648106084-1607412571-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f?3*#N}?]
@="c:\\Users\\***\\AppData\\Roaming\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-1149915083-648106084-1607412571-1000\Software\Microsoft\Internet Explorer\MenuExt\O(uë_f?3*#N}?hQè?þ”¥c]
@="c:\\Users\\***\\AppData\\Roaming\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'Explorer.exe'(2636)
c:\users\***\appdata\local\temp\gebcyy.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\atieclxx.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\PSIService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\windows\system32\conime.exe
c:\windows\System32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
.
**************************************************************************
.
Ora fine scansione: 2011-03-31 19:25:41 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-03-31 17:25
.
Pre-Run: 11.636.695.040 byte disponibili
Post-Run: 11.566.485.504 byte disponibili
.
- - End Of File - - A90FB554DF57269074B2E3A731D1913E

HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.53.35, on 31/03/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\vsnpstd3.exe
C:\Windows\tsnpstd3.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\***\Program Files\DNA\btdna.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\FlashGet Network\FlashGet 3\Flashget3.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Philips\Philips SPC210NC Webcam\TrayMin210.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\***\Downloads\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {60BF5EE3-0105-4858-AD98-17C19F86B042} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\***\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Trillian Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\***\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [FlashGet 3] "C:\Program Files\FlashGet Network\FlashGet 3\flashget3.exe" -minimize
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US /HIDEBL
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [efdcabaudio] rundll32.exe "c:\users\***\appdata\local\temp\gebcyy.dll",s
O4 - Global Startup: TrayMin210.exe.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\***\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\***\AppData\Roaming\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/Messenger ... E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {C89BAC33-28B7-4297-AC5B-2BA81E275F91} (Btool Control) - http://btool.net/download/btool2009.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe

--
End of file - 9571 bytes
per quanto riguarda MalwareBytes
non mi ha permesso di aggiornarlo e non mi ha permesso di eseguirlo
in ogni caso dopo aver usato i 2 programmi di cui ho allegato i log
il problema nn si e' più riproposto
grazie ancora....
e complimenti per il Forum

Ottimo !

Vedo che non hai un antivirus installato.
Scarica e installa AntiVir: http://www.avira.com/it/free-download-a ... r-personal?

Con Hijackthis fixa queste voci:



Infine devi disinstallare la Ask Toolbar e la Trillian Toolbar.

Cercando di installare Avira Antivirus ricevo un messaggio di errore che richiede la disattivazione di Windows Defender. Tuttavia non riesco ad entrare nel programma, tanto meno a disattivarlo, neanche provando ad avviarlo come amministratore. Un doppio clic sull'icona non ha effetto, e neanche tentare di accedervi attraverso il Centro Sicurezza PC da Pannello di Controllo. Come posso disattivare Defender o eventualmente disinstallarlo?

@alien60,
Ciao.

Windows Defender
- Prova a leggere:
http://windows.microsoft.com/it-IT/wind ... -on-or-off

Dal file Hijackthis rilevo inoltre che il tuo SO Windows Vista non è aggiornato con il SP2 e che non è installato Internet Explorer 9.
Per la sicurezza del tuo PC ti consiglio la loro installazione.

Nautilus

Grazie mille Nautilus, ma il mio problema purtroppo è che non riesco ad aprire Defender. Facendo doppio clic sull'icona non succede nulla. E devo disattivarlo in qualche modo per poter installare Avira.
Nel frattempo procederò in ogni caso ad installare IE9 e il SP2 come mi consigli, grazie.

@alien60,
Ciao.

Disinstallare Windows Defender:

In rete leggo:
"..............Clicchiamo su start ->Esegui (o digitiamo il tasto di win+R) e digitiamo msconfig, selezioniamo la scheda avvio e togliamo il segno di spunta da Windows Defender. Diamo OK e riavviamo. A questo punto Windows Defender non verrà più avviato................"