Ho fatto come mi hai detton ecco il risultato di combofix
ComboFix 10-05-20.A4 - Utente Microsoft 22/05/2010 19.08.11.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.2046.1175 [GMT 2:00]
Eseguito da: c:\documents and settings\Utente Microsoft\Documenti\Download\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Utente Microsoft\Dati applicazioni\Desktopicon
c:\documents and settings\Utente Microsoft\Dati applicazioni\Desktopicon\config.ini
c:\documents and settings\Utente Microsoft\Impostazioni locali\Dati applicazioni\cmauocwi.dat
c:\documents and settings\Utente Microsoft\Impostazioni locali\Dati applicazioni\cmauocwi_nav.dat
c:\documents and settings\Utente Microsoft\Impostazioni locali\Dati applicazioni\cmauocwi_navps.dat
c:\documents and settings\Utente Microsoft\Preferiti\Games.url
c:\programmi\driver
c:\programmi\Fast Browser Search
c:\programmi\Fast Browser Search\IE\1.bat
c:\programmi\Fast Browser Search\IE\about.html
c:\programmi\Fast Browser Search\IE\affid.dat
c:\programmi\Fast Browser Search\IE\basis.xml
c:\programmi\Fast Browser Search\IE\basis_br.xml
c:\programmi\Fast Browser Search\IE\basis_de.xml
c:\programmi\Fast Browser Search\IE\basis_en.xml
c:\programmi\Fast Browser Search\IE\basis_es.xml
c:\programmi\Fast Browser Search\IE\basis_fr.xml
c:\programmi\Fast Browser Search\IE\basis_it.xml
c:\programmi\Fast Browser Search\IE\basis_nr.xml
c:\programmi\Fast Browser Search\IE\basis_pt.xml
c:\programmi\Fast Browser Search\IE\basis_ru.xml
c:\programmi\Fast Browser Search\IE\basis_tr.xml
c:\programmi\Fast Browser Search\IE\BHO.dll
c:\programmi\Fast Browser Search\IE\ClearRecycleBin.exe
c:\programmi\Fast Browser Search\IE\error.html
c:\programmi\Fast Browser Search\IE\FBSPlugin.dll
c:\programmi\Fast Browser Search\IE\fbsProtection.xml
c:\programmi\Fast Browser Search\IE\FbsSearchProvider.xml
c:\programmi\Fast Browser Search\IE\FbsSearchProviderIE8.exe
c:\programmi\Fast Browser Search\IE\FBStoolbar.dll
c:\programmi\Fast Browser Search\IE\fbstoolbar.jar
c:\programmi\Fast Browser Search\IE\fbstoolbar.manifest
c:\programmi\Fast Browser Search\IE\icons.bmp
c:\programmi\Fast Browser Search\IE\info.txt
c:\programmi\Fast Browser Search\IE\local.xml
c:\programmi\Fast Browser Search\IE\logobg.bmp
c:\programmi\Fast Browser Search\IE\MTWBtoolbar.html
c:\programmi\Fast Browser Search\IE\search.bmp
c:\programmi\Fast Browser Search\IE\search_br.bmp
c:\programmi\Fast Browser Search\IE\search_de.bmp
c:\programmi\Fast Browser Search\IE\search_es.bmp
c:\programmi\Fast Browser Search\IE\search_fr.bmp
c:\programmi\Fast Browser Search\IE\search_it.bmp
c:\programmi\Fast Browser Search\IE\search_pt.bmp
c:\programmi\Fast Browser Search\IE\search_ru.bmp
c:\programmi\Fast Browser Search\IE\SearchAssistant.dll
c:\programmi\Fast Browser Search\IE\SearchGuardPlus.exe
c:\programmi\Fast Browser Search\IE\SearchGuardPlus.ico
c:\programmi\Fast Browser Search\IE\SGPU.ico
c:\programmi\Fast Browser Search\IE\sgpUpdater.exe
c:\programmi\Fast Browser Search\IE\sgpUpdater.xml
c:\programmi\Fast Browser Search\IE\SGPUpdaterS.exe
c:\programmi\Fast Browser Search\IE\tbhelper.dll
c:\programmi\Fast Browser Search\IE\tbs_include_script_003175.js
c:\programmi\Fast Browser Search\IE\tbs_include_script_005064.js
c:\programmi\Fast Browser Search\IE\tbs_include_script_012817.js
c:\programmi\Fast Browser Search\IE\Toolbar Help.htm
c:\programmi\Fast Browser Search\IE\ToolBarBHO.dll
c:\programmi\Fast Browser Search\IE\uninstall.exe
c:\programmi\Fast Browser Search\IE\uninstalSGP.exe
c:\programmi\Fast Browser Search\IE\uninstalSGPU.exe
c:\programmi\Fast Browser Search\IE\update.exe
c:\programmi\Fast Browser Search\IE\version.txt
c:\programmi\PCOptimizer
c:\programmi\SGPSA
c:\programmi\SGPSA\BHO.dll
c:\windows\AUTOLNCH.REG
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\VB40016.DLL
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
((((((((((((((((((((((((( Files Creati Da 2010-04-22 al 2010-05-22 )))))))))))))))))))))))))))))))))))
.
Nessun nuovo file creato in questo arco di tempo
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-22 17:14 . 2008-06-26 20:01 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-05-22 14:09 . 2009-03-06 21:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2010-05-21 22:28 . 2009-11-21 22:05 -------- d-----w- c:\documents and settings\Utente Microsoft\Dati applicazioni\Any Video Converter
2010-05-21 22:26 . 2010-02-11 21:05 -------- d-----w- c:\documents and settings\Utente Microsoft\Dati applicazioni\vlc
2010-05-21 22:22 . 2010-03-16 15:58 -------- d-----w- c:\programmi\Tempario Fiat Auto
2010-05-20 20:43 . 2009-08-19 22:26 -------- d-----w- c:\programmi\Ask.com
2010-05-20 20:43 . 2008-04-05 20:42 -------- d-----w- c:\programmi\MegauploadToolbar
2010-05-19 19:44 . 2009-05-29 21:52 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-05-12 15:44 . 2007-06-26 21:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-05-04 18:16 . 2008-06-30 21:16 -------- d-----w- c:\programmi\PoigpsGo
2010-04-29 13:39 . 2009-05-29 21:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2009-05-29 21:52 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 20:48 . 2004-08-19 12:00 81206 ----a-w- c:\windows\system32\perfc010.dat
2010-04-28 20:48 . 2004-08-19 12:00 483286 ----a-w- c:\windows\system32\perfh010.dat
2010-04-21 17:20 . 2009-11-29 10:15 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-04 18:42 . 2010-04-04 20:03 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-04 18:24 . 2010-04-04 18:24 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2010-04-04 18:24 . 2010-04-04 18:24 -------- d-----w- c:\programmi\Lavasoft
2010-04-04 18:24 . 2008-06-21 07:44 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2010-03-31 21:38 . 2008-10-16 18:40 1 ----a-w- c:\documents and settings\Utente Microsoft\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-17 16:26 . 2010-03-17 16:26 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-17 16:26 . 2009-11-29 10:15 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-17 16:26 . 2009-11-29 10:15 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-11 12:30 . 2004-08-19 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:30 . 2004-08-19 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:30 . 2004-08-19 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2004-08-19 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 13:11 . 2004-08-19 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
"{337d7945-7b40-405d-95d9-b4f5c93148f2}"= "c:\programmi\elenco_radio\tbele0.dll" [2010-02-26 2349080]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\programmi\myBabylon_English\tbmyB0.dll" [2010-05-12 2515552]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_CLASSES_ROOT\clsid\{337d7945-7b40-405d-95d9-b4f5c93148f2}]
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{337d7945-7b40-405d-95d9-b4f5c93148f2}]
2010-02-26 20:00 2349080 ----a-w- c:\programmi\elenco_radio\tbele0.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 08:25 2117704 ----a-w- c:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2010-05-12 14:47 2515552 ----a-w- c:\programmi\myBabylon_English\tbmyB0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{337d7945-7b40-405d-95d9-b4f5c93148f2}"= "c:\programmi\elenco_radio\tbele0.dll" [2010-02-26 2349080]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\programmi\myBabylon_English\tbmyB0.dll" [2010-05-12 2515552]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
[HKEY_CLASSES_ROOT\clsid\{337d7945-7b40-405d-95d9-b4f5c93148f2}]
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{337D7945-7B40-405D-95D9-B4F5C93148F2}"= "c:\programmi\elenco_radio\tbele0.dll" [2010-02-26 2349080]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\programmi\myBabylon_English\tbmyB0.dll" [2010-05-12 2515552]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
[HKEY_CLASSES_ROOT\clsid\{337d7945-7b40-405d-95d9-b4f5c93148f2}]
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="c:\programmi\CyberLink\Power2Go\Power2GoExpress.exe" [2006-12-28 2471472]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-06 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"ATICCC"="c:\programmi\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\programmi\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"InCD"="c:\programmi\Ahead\InCD\InCD.exe" [2004-09-07 1450094]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-28 2652056]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2007-06-26 98304]
"Motive SmartBridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"Nikon Transfer Monitor"="c:\programmi\File comuni\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Utente Microsoft\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 3.0.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
Registrazione Lotus SmartSuite Versione 9.lnk - c:\lotus\register\remind32.exe [1999-7-20 67584]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2007-6-27 110592]
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2008-11-27 217088]
Lotus QuickStart.lnk - c:\lotus\wordpro\ltsstart.exe [1997-5-14 25600]
Lotus SuiteStart.lnk - c:\lotus\smartctr\suitest.exe [1999-7-5 32768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-17 16:26 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Dev-Cpp\\devcpp.exe"=
"c:\programmi\Microsoft ActiveSync\rapimgr.exe"= c:\programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmi\Microsoft ActiveSync\wcescomm.exe"= c:\programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmi\Microsoft ActiveSync\WCESMgr.exe"= c:\programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"47548:TCP"= 47548:TCP:AresChatServer
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [04/04/2010 20.24.56 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [29/11/2009 12.15.29 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [29/11/2009 12.15.34 242896]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [26/06/2007 17.30.23 13696]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [20/01/2009 23.19.17 159600]
R1 SSHDRV82;SSHDRV82;c:\windows\system32\drivers\SSHDRV82.sys [26/06/2007 17.24.19 76288]
R2 avg9wd;AVG Free WatchDog;c:\programmi\AVG\AVG9\avgwdsvc.exe [17/03/2010 18.26.50 308064]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 13.17.32 1181328]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [20/01/2009 23.19.18 73840]
R3 BENDER;Pinnacle DV/AV Capture;c:\windows\system32\drivers\bender.sys [26/06/2007 16.42.43 180480]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [20/01/2009 23.19.10 95640]
S2 gupdate1c99ea5e36e4c3e;Servizio di Google Update (gupdate1c99ea5e36e4c3e);c:\programmi\Google\Update\GoogleUpdate.exe [06/03/2009 23.52.46 133104]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe --> c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [?]
S3 Slnt7554;USB Soft Modem Driver;c:\windows\system32\drivers\slnt7554.sys [26/06/2007 17.04.20 129535]
.
Contenuto della cartella 'Scheduled Tasks'
2010-05-22 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:40]
2010-05-22 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:40]
2010-05-22 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:40]
2010-05-22 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:40]
2010-05-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:40]
2010-05-22 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-06 17:02]
2010-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-03-06 21:52]
2010-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-03-06 21:52]
2010-05-22 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programmi\Ask.com\UpdateTask.exe [2010-02-04 15:50]
2010-05-21 c:\windows\Tasks\User_Feed_Synchronization-{BEF48610-EA17-468C-B63D-4EAF3EBCDB88}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.libero.it/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Scarica link utilizzando Mega Manager... - c:\programmi\Megaupload\Mega Manager\mm_file.htm
TCP: {36290348-99A0-4C5C-A519-3EC0D949467C} = 192.168.0.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game01.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\Utente Microsoft\Dati applicazioni\Mozilla\Firefox\Profiles\dg5pckfy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://libero.it/
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={DC76E445-ACBE-3A66-126C-B537C0AE2C4D}&q=
FF - component: c:\programmi\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\programmi\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\programmi\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\programmi\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\programmi\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\All Users\Dati applicazioni\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
------- Associazioni dei file -------
.
.scr=AutoCADScriptFile
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-AliceMessenger - c:\programmi\Alice Messenger\alicemessenger.exe
AddRemove-cmauocwi - c:\documents and settings\utente microsoft\impostazioni locali\dati applicazioni\cmauocwi.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-05-22 19:16
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(4084)
c:\windows\system32\WININET.dll
c:\progra~1\ALICET~1\SMARTB~1\SBHook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmi\Malwarebytes' Anti-Malware\mbamext.dll
c:\programmi\Lavasoft\Ad-Aware\ShellExt.dll
c:\programmi\Microsoft Office\Office12\1040\GrooveIntlResource.dll
c:\programmi\WinRAR\rarext.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programmi\PC Tools Firewall Plus\FWService.exe
c:\programmi\Ahead\InCD\InCDsrv.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\AVG\AVG9\avgchsvx.exe
c:\programmi\AVG\AVG9\avgrsx.exe
c:\programmi\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\programmi\FreePOPs\freepopsservice.exe
c:\programmi\FreePOPs\freepopsd.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\CyberLink\Shared Files\RichVideo.exe
c:\programmi\AVG\AVG9\avgnsx.exe
c:\windows\RTHDCPL.EXE
c:\programmi\ATI Technologies\ATI.ACE\CLI.EXE
c:\windows\system32\rundll32.exe
c:\progra~1\ALICET~1\vendors\AliceRE\content\template\driven~1\syncer\MCCITR~1.EXE
c:\programmi\Microsoft ActiveSync\Wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\programmi\OpenOffice.org 3\program\soffice.exe
c:\programmi\OpenOffice.org 3\program\soffice.bin
c:\programmi\ATI Technologies\ATI.ACE\cli.exe
c:\programmi\ATI Technologies\ATI.ACE\cli.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\programmi\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Ora fine scansione: 2010-05-22 19:20:39 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-05-22 17:20
ComboFix2.txt 2008-06-24 19:43
Pre-Run: 33.672.077.312 byte disponibili
Post-Run: 34.162.696.192 byte disponibili
WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptOut
- - End Of File - - 6E06F1C39C65C4AC5F980E517F7D5DBB