per ora non la metto, sarà di certo la penna che metteva mia figlia anche a scuola, prima che mettessi l'antivirus sulla pen drive, adesso mi pare sia stata formattato caso mai più tardi provvedo
grazie dell'avviso. comunque il pc va lo stesso male, mi da sempre explorer ha avuto un problema... ho la forte impressione che mi tocca formattare

ComboFix 10-06-03.01 - Antonella 05/06/2010 12.44.48.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1535.919 [GMT 2:00]
Eseguito da: c:\documents and settings\Antonella\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Antonella\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Sunbelt Kerio Personal Firewall *enabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2010-05-05 al 2010-06-05 )))))))))))))))))))))))))))))))))))
.

2010-06-05 09:57 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-06-04 19:00 . 2010-06-04 19:00 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-06-02 15:38 . 2010-06-02 15:38 -------- d-----w- c:\documents and settings\Antonella\Dati applicazioni\Malwarebytes
2010-06-02 15:37 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-02 15:37 . 2010-06-02 15:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-06-02 15:37 . 2010-06-02 15:37 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-06-02 15:37 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-29 15:49 . 2010-05-29 15:49 73448 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-05-19 10:03 . 2010-05-19 10:03 -------- d-----w- c:\documents and settings\Antonella\Dati applicazioni\Foxit
2010-05-19 10:03 . 2010-05-19 10:03 -------- d-----w- c:\programmi\Foxit Software
2010-05-17 16:02 . 2010-05-17 16:02 -------- d-----w- C:\$AVG
2010-05-17 16:01 . 2010-05-17 16:01 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-17 16:01 . 2010-06-03 07:46 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-17 16:01 . 2010-05-17 16:01 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-17 16:01 . 2010-06-05 09:59 -------- d-----w- c:\windows\system32\drivers\Avg
2010-05-17 16:01 . 2010-06-03 07:46 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-17 16:00 . 2010-05-17 16:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2010-05-09 16:49 . 2010-05-09 16:49 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-05-08 15:13 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-05 09:55 . 2009-02-15 16:34 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-06-04 17:53 . 2004-08-19 17:27 93084 ----a-w- c:\windows\system32\perfc010.dat
2010-06-04 17:53 . 2004-08-19 17:27 510826 ----a-w- c:\windows\system32\perfh010.dat
2010-06-03 13:17 . 2007-11-01 19:38 188152 ----a-w- c:\documents and settings\Antonella\Dati applicazioni\Mozilla\Firefox\Profiles\yi54jybw.default\FlashGot.exe
2010-06-03 07:47 . 2010-06-03 07:47 242896 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgtdix.sys
2010-06-03 07:47 . 2010-06-03 07:47 29512 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgmfx86.sys
2010-06-02 07:31 . 2007-08-12 11:31 -------- d-----w- c:\programmi\Windows Live
2010-05-29 15:46 . 2007-08-16 05:17 30369 -c--a-w- c:\windows\system32\drivers\fwdrv.err
2010-05-19 09:16 . 2007-08-12 11:51 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2010-05-17 17:13 . 2007-08-12 11:51 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-05-17 17:12 . 2008-04-24 23:03 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-05-17 17:12 . 2007-08-12 11:48 -------- d-----w- c:\programmi\SpywareBlaster
2010-05-17 17:08 . 2007-08-12 11:53 -------- d-----w- c:\programmi\CCleaner
2010-05-17 16:00 . 2008-04-24 21:24 -------- d-----w- c:\programmi\AVG
2010-05-09 17:07 . 2007-08-11 22:12 73448 -c--a-w- c:\documents and settings\Antonella\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-05-09 16:38 . 2009-11-24 18:46 -------- d-----w- c:\programmi\Microsoft
2010-05-09 16:37 . 2007-08-11 21:55 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-05-09 16:33 . 2007-08-12 10:38 -------- d-----w- c:\programmi\IncrediMail
2010-04-26 17:05 . 2008-08-25 09:40 -------- d-----w- c:\programmi\Canon
2010-04-26 16:17 . 2007-08-14 18:10 -------- d-----w- c:\programmi\Java
2010-04-26 16:17 . 2007-08-14 18:09 -------- d-----w- c:\programmi\File comuni\Java
2010-04-26 16:00 . 2007-08-12 11:29 -------- d-----w- c:\programmi\FreePOPs
2010-04-22 12:21 . 2007-08-12 12:39 -------- d-----w- c:\programmi\eMule
2010-04-22 11:54 . 2010-04-22 11:54 503808 ----a-w- c:\documents and settings\Antonella\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3deaa0bf-n\msvcp71.dll
2010-04-22 11:54 . 2010-04-22 11:54 499712 ----a-w- c:\documents and settings\Antonella\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3deaa0bf-n\jmc.dll
2010-04-22 11:54 . 2010-04-22 11:54 348160 ----a-w- c:\documents and settings\Antonella\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-3deaa0bf-n\msvcr71.dll
2010-04-22 11:54 . 2010-04-22 11:54 61440 ----a-w- c:\documents and settings\Antonella\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-56c5d840-n\decora-sse.dll
2010-04-22 11:54 . 2010-04-22 11:54 12800 ----a-w- c:\documents and settings\Antonella\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-56c5d840-n\decora-d3d.dll
2010-04-17 00:24 . 2010-04-17 00:24 306544 ----a-w- c:\windows\WLXPGSS.SCR
2010-04-16 20:12 . 2010-04-16 20:12 48464 ----a-w- c:\windows\system32\sirenacm.dll
2010-04-12 15:29 . 2010-04-22 11:54 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-03-10 06:15 . 2004-08-19 17:27 420352 ----a-w- c:\windows\system32\vbscript.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Magentic"="c:\progra~1\Magentic\bin\Magentic.exe" [2007-07-10 475180]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2006-03-01 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"KBDriver"="c:\programmi\Keyboard Driver\OEMDriver.exe" [2004-08-25 151552]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2007-06-29 286720]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]
"SkyTel"="SkyTel.EXE" [2007-10-11 1826816]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Antonella\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Ralink Wireless Utility.lnk - c:\programmi\Ralink\Common\RaUI.exe [2009-4-9 1634304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-05-17 16:01 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Magentic\\bin\\MgImp.exe"=
"c:\\Programmi\\Magentic\\bin\\Magentic.exe"=
"c:\\Programmi\\Magentic\\bin\\MgApp.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [17/05/2010 18.01.21 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [17/05/2010 18.01.23 242896]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [18/07/2006 12.02.50 284184]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [18/07/2006 12.02.52 91672]
R2 avg9wd;AVG Free WatchDog;c:\programmi\AVG\AVG9\avgwdsvc.exe [17/05/2010 18.00.58 308064]
R3 pctvnet;Pinnacle PCTV Ethernet Driver;c:\windows\system32\drivers\pctvnet.sys [12/08/2007 1.16.56 9340]
S3 netr73;D-Link DWA-111 Wireless G USB Adapter Driver;c:\windows\system32\drivers\netr73.sys [08/04/2009 19.38.50 256000]
S3 PAC207;Trust WB-1200p Mini Webcam;c:\windows\system32\DRIVERS\pfc027.sys --> c:\windows\system32\DRIVERS\pfc027.sys [?]
S3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [12/08/2007 1.26.31 6400]
.
Contenuto della cartella 'Scheduled Tasks'

2010-06-05 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/webhp?hl=it
uInternet Connection Wizard,ShellNext = iexplore
TCP: {50558C43-21D4-474E-AD03-CB31B327721C} = 212.216.112.112,212.216.172.62
TCP: {89F85571-C206-4140-8D25-26722273F96F} = 212.216.112.112,212.216.172.62
FF - ProfilePath - c:\documents and settings\Antonella\Dati applicazioni\Mozilla\Firefox\Profiles\yi54jybw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/intl/it/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\programmi\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-05 12:53
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(3256)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\AVG\AVG9\avgchsvx.exe
c:\programmi\AVG\AVG9\avgrsx.exe
c:\programmi\AVG\AVG9\avgcsrvx.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe
c:\programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\programmi\Ralink\Common\RalinkRegistryWriter.exe
c:\programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\PAStiSvc.exe
c:\windows\system32\wscntfy.exe
c:\programmi\AVG\AVG9\avgnsx.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\progra~1\Magentic\bin\MgApp.exe
.
**************************************************************************
.
Ora fine scansione: 2010-06-05 13:01:43 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-06-05 11:01
ComboFix2.txt 2010-06-04 18:42

Pre-Run: 5.976.289.280 byte disponibili
Post-Run: 5.933.154.304 byte disponibili

- - End Of File - - 45E2692BA854E02F42744EB068F59757

fatto tutto, non è cambiato nulla, anzi si il primo tool mi ha cambiato le impostazioni di visualizzazioni dei file in c. e adesso non riesco a far funzionare da li neanche firefox

infatti sembra strano anche a me. e poi mi da sempre explorer non ie ma explorer ha avuto un problema e quindi verrà chiuso.
e spesso che firefox non è impostato come predefinito quando lo è da sempre... boh.
ti ringrazio ci abbiamo provato. diciamo dopo circa due anni forse è ora. magari con la scusa lo insegno anche a mia figlia, se mi ricordo come si fa ancora
grazie r16

certo lo so ma comunque dovrei averlo scritto da qualche parte. io sono una brava alunna e ho preso appunti dai miei aiutamaestri