Da pochi giorni mi succede che quando apro una nuova nel titolo della scheda appare questo messaggio "tbr:res?id=tabs&rep=1" mentra all'interno della scheda non appare più la pagina bianca ma:

Impossibile visualizzare la pagina Web

Probabile causa:
Parte del contenuto o dei file nella pagina Web richiede un
programma non installato.

Possibili operazioni:
Cercare in linea un programma per la visualizzazione di questo
contenuto Web.
Digitare nuovamente l'indirizzo.
Torna alla pagina precedente.

Inoltre ho notato che nel mio spazio di windows live non posso più vedere le mie foto, al posto di caricare l'immagine della foto compare un quadratino con la x rossa, anche per le miniature o l'anteprima delle foto è lo stesso.

Non so come riparare questa situazione, stasera appena riesco posto il log di hijak.

Grazie a tutti, ciao.

Che Sistema Operativo usi?
Comunque, prima verifichiamo se ci sono virus, poi risolviamo il problema.

Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
Posta il log.


-----------------------------------------------------------------------------------------------------
Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.

Disinstalla combofix in questo modo: (dopo che avrò visto il log)
Start
Esegui
nella finestra di dialogo, copia ed incolla questo comando: Combofix /u e premi Invio poi cancella le cartelle in "C" di Combofix e (qoobox)

Ecco il log di combofix.

ComboFix 09-10-07.05 - Luca 08/10/2009 21.21.52.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.39.1040.18.2047.1177 [GMT 2:00]
Eseguito da: c:\users\Luca\Desktop\ComboFix.exe
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-2855423669-3335437794-2644945195-500
c:\$recycle.bin\S-1-5-21-4166659471-477811567-471052203-500
c:\windows\Installer\Ref3580.msi
c:\windows\Installer\RefC029.msi

.
((((((((((((((((((((((((( Files Creati Da 2009-09-08 al 2009-10-08 )))))))))))))))))))))))))))))))))))
.

2009-10-08 19:29 . 2009-10-08 19:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-07 18:52 . 2009-10-07 18:52 -------- d-----w- c:\program files\Trend Micro
2009-10-05 14:10 . 2008-09-30 07:17 1048576 ---h--r- C:\C90S.BIN
2009-10-05 10:33 . 2009-10-05 15:21 -------- d-----w- c:\users\Luca\AppData\Roaming\Download Manager
2009-10-05 09:52 . 2009-10-05 09:55 -------- d-----w- c:\programdata\NVIDIA
2009-10-05 09:51 . 2009-10-05 09:51 -------- d-----w- c:\program files\AGEIA Technologies
2009-10-05 09:51 . 2009-10-05 09:51 -------- d-----w- c:\windows\system32\AGEIA
2009-10-05 09:44 . 2009-10-05 09:44 -------- d-----w- c:\programdata\TOSHIBA
2009-10-05 09:36 . 2009-10-05 09:36 -------- d-sh--w- c:\windows\system32\%APPDATA%
2009-10-05 09:03 . 2009-10-05 09:03 -------- d-----w- C:\NVIDIA
2009-10-05 09:01 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-05 09:01 . 2009-10-05 09:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-05 09:01 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-05 07:42 . 2009-10-05 07:42 -------- d-----w- c:\program files\ma-config.com
2009-10-05 07:42 . 2009-10-05 07:42 -------- d-----w- c:\programdata\ma-config.com
2009-10-05 07:08 . 2009-10-05 09:28 -------- d-----w- c:\users\Luca\AppData\Roaming\Software Informer
2009-10-05 06:53 . 2009-10-05 06:53 -------- d-----w- c:\program files\SystemRequirementsLab
2009-10-03 07:10 . 2009-10-01 08:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-03 07:06 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-03 07:06 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-03 07:06 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-03 07:06 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-03 07:06 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-03 07:06 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-03 07:06 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-03 07:06 . 2009-08-06 17:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-03 07:06 . 2009-08-06 16:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-09-30 19:50 . 2009-09-30 19:50 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-30 19:09 . 2009-10-05 17:06 -------- d-----w- c:\users\Luca\AppData\Roaming\vlc
2009-09-25 10:33 . 2009-09-25 10:54 -------- d-----w- c:\programdata\Ultima_T15
2009-09-23 19:19 . 2009-09-23 19:19 -------- d-----w- c:\users\Luca\AppData\Roaming\InfraRecorder
2009-09-23 19:19 . 2009-09-23 19:19 -------- d-----w- c:\program files\InfraRecorder
2009-09-23 19:10 . 2009-09-23 19:10 -------- d-----w- c:\programdata\eMule
2009-09-23 19:09 . 2009-09-23 19:10 -------- d-----w- c:\users\Luca\AppData\Local\eMule
2009-09-23 19:09 . 2009-09-23 19:09 -------- d-----w- c:\program files\eMule
2009-09-23 18:58 . 2009-09-23 18:58 -------- d-----w- c:\program files\CDBurnerXP
2009-09-23 18:47 . 2009-09-23 18:47 -------- d-----w- c:\programdata\Azureus
2009-09-23 18:47 . 2009-09-23 18:54 -------- d-----w- c:\users\Luca\AppData\Roaming\Azureus
2009-09-23 18:46 . 2009-09-23 18:47 -------- d-----w- c:\program files\Vuze
2009-09-23 18:40 . 2009-09-23 18:40 -------- d-----w- c:\programdata\eMule AdunanzA
2009-09-23 18:38 . 2009-09-23 18:38 -------- d-----w- c:\program files\eMule AdunanzA
2009-09-23 18:38 . 2009-09-23 18:38 -------- d-----w- c:\users\Luca\AppData\Local\eMule AdunanzA
2009-09-23 18:20 . 2009-09-23 18:20 -------- d-----w- c:\program files\JRE
2009-09-22 20:56 . 2009-09-22 20:56 -------- d-----w- c:\program files\Microsoft Research
2009-09-22 20:54 . 2009-09-22 20:54 -------- d-----w- c:\program files\Google
2009-09-22 20:40 . 2009-09-22 20:40 -------- d-----w- c:\program files\uTorrent
2009-09-22 19:56 . 2009-03-08 11:33 18944 ----a-w- c:\windows\system32\corpol.dll
2009-09-22 19:54 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-09-22 19:54 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-09-22 19:54 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-22 19:54 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-09-22 19:54 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-09-22 19:54 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-09-22 19:54 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-09-22 19:54 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-09-22 19:39 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-09-22 16:33 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-09-22 16:33 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-09-22 16:22 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-22 16:22 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-22 16:20 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-09-22 16:20 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-09-22 16:20 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-09-22 16:20 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-09-22 16:19 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-22 16:19 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-22 16:19 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-08 19:14 . 2007-10-24 10:36 -------- d-----w- c:\program files\FlashCAD
2009-10-08 19:11 . 2009-10-05 09:52 31776 ----a-w- c:\programdata\nvModes.dat
2009-10-08 05:36 . 2007-04-18 08:33 12 ----a-w- c:\windows\bthservsdp.dat
2009-10-08 05:34 . 2008-12-20 10:04 -------- d-----w- c:\programdata\Spyware Terminator
2009-10-08 05:33 . 2008-12-20 10:04 -------- d-----w- c:\program files\Spyware Terminator
2009-10-08 04:35 . 2008-12-20 10:04 -------- d-----w- c:\users\Luca\AppData\Roaming\Spyware Terminator
2009-10-07 19:16 . 2007-09-26 21:07 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-10-07 19:04 . 2008-09-30 17:00 -------- d-----w- c:\programdata\NOS
2009-10-05 16:04 . 2008-08-27 17:18 -------- d-----w- c:\program files\PhotoScape
2009-10-05 14:06 . 2007-09-11 07:31 -------- d-----w- c:\program files\ASUS
2009-10-05 13:57 . 2009-09-25 10:54 20 ---h--w- c:\programdata\PKP_DLdw.DAT
2009-10-05 10:05 . 2009-09-25 10:33 20 ---h--w- c:\programdata\PKP_DLdu.DAT
2009-10-05 09:51 . 2007-10-21 00:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-05 09:44 . 2007-10-25 14:19 -------- d-----w- c:\users\Luca\AppData\Roaming\Toshiba
2009-10-05 07:08 . 2008-09-10 17:20 -------- d-----w- c:\program files\Software Informer
2009-10-03 07:24 . 2007-04-18 09:25 677352 ----a-w- c:\windows\system32\perfh010.dat
2009-10-03 07:24 . 2007-04-18 09:25 125404 ----a-w- c:\windows\system32\perfc010.dat
2009-09-30 20:10 . 2009-09-25 17:30 -------- d-----w- c:\users\Luca\AppData\Roaming\Nikon
2009-09-25 17:30 . 2009-09-25 10:35 -------- d-----w- c:\program files\Common Files\Nikon
2009-09-25 11:22 . 2009-09-25 11:22 -------- d-----w- c:\program files\Macrium
2009-09-25 11:21 . 2008-09-10 17:17 -------- d-----w- c:\program files\QuickTime Alternative
2009-09-25 11:20 . 2008-08-01 15:30 -------- d-----w- c:\program files\Real Alternative
2009-09-25 11:19 . 2009-09-25 11:19 -------- d-----w- c:\program files\MPC HomeCinema
2009-09-25 11:14 . 2009-09-25 11:13 -------- d-----w- c:\program files\FrostWire
2009-09-25 11:09 . 2009-09-25 10:39 -------- d-----w- c:\program files\Nikon
2009-09-25 10:54 . 2009-09-25 10:54 -------- d-----w- c:\programdata\Automatic Filter
2009-09-25 10:54 . 2009-09-25 10:33 -------- d-----w- c:\programdata\EnterNHelp
2009-09-25 10:42 . 2009-09-25 10:42 20 ---h--w- c:\programdata\PKP_DLer.DAT
2009-09-25 10:42 . 2009-09-25 10:42 -------- d-----w- c:\programdata\Carbon
2009-09-25 10:39 . 2009-09-25 10:39 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-09-25 10:39 . 2009-09-25 10:39 -------- d-----w- c:\programdata\Nikon
2009-09-25 10:37 . 2009-09-25 10:37 -------- d-----w- c:\program files\ArcSoft
2009-09-25 10:37 . 2007-09-11 07:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-25 10:33 . 2009-09-25 10:33 -------- d-----w- c:\programdata\Analog Mono
2009-09-23 19:00 . 2007-09-29 01:17 -------- d-----w- c:\program files\Free Download Manager
2009-09-23 18:56 . 2007-09-26 19:05 -------- d-----w- c:\program files\ClamWin
2009-09-23 18:47 . 2007-09-26 17:36 141440 ----a-w- c:\users\Luca\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-23 18:37 . 2008-10-15 17:24 -------- d-----w- c:\program files\OpenOffice.org 3
2009-09-23 18:14 . 2008-12-11 17:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-23 18:14 . 2007-09-27 09:01 -------- d-----w- c:\program files\Java
2009-09-23 18:04 . 2008-12-20 10:04 -------- d-----w- c:\program files\Crawler
2009-09-22 20:50 . 2009-04-03 10:57 -------- d-----w- c:\program files\Opera
2009-09-22 20:42 . 2009-02-06 14:46 -------- d-----w- c:\users\Luca\AppData\Roaming\uTorrent
2009-09-22 20:37 . 2007-10-02 18:16 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-09-22 20:32 . 2007-09-26 21:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-22 20:28 . 2007-10-22 13:41 -------- d-----w- c:\program files\SpywareBlaster
2009-09-22 20:15 . 2008-05-24 10:27 81984 ----a-w- c:\windows\system32\bdod.bin
2009-09-22 19:42 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-22 19:29 . 2008-03-01 14:39 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-22 16:01 . 2009-03-06 12:03 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-22 16:01 . 2009-03-06 12:03 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-22 16:01 . 2009-03-06 12:03 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-22 16:01 . 2009-03-06 12:03 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-05 12:25 . 2009-09-05 12:25 1183744 ----a-w- c:\windows\system32\drivers\athr.sys
2009-08-25 10:16 . 2009-08-25 10:16 32224 ----a-w- c:\windows\system32\drivers\psmounter.sys
2009-08-21 11:17 . 2007-09-11 07:05 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-08-19 11:35 . 2009-08-19 11:35 9787488 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-08-19 11:35 . 2009-08-19 11:35 795104 ----a-w- c:\windows\system32\dpinst.exe
2009-08-19 11:35 . 2009-08-19 11:35 678432 ----a-w- c:\windows\system32\nvcuvid.dll
2009-08-19 11:35 . 2009-08-19 11:35 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-08-19 11:35 . 2009-08-19 11:35 4224 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2009-08-19 11:35 . 2009-08-19 11:35 3197952 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-08-19 11:35 . 2009-08-19 11:35 1740800 ----a-w- c:\windows\system32\nvcuda.dll
2009-08-19 11:35 . 2009-08-19 11:35 155648 ----a-w- c:\windows\system32\nvcod163.dll
2009-08-19 11:35 . 2009-08-19 11:35 155648 ----a-w- c:\windows\system32\nvcod.dll
2009-08-19 11:35 . 2009-08-19 11:35 1317408 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-08-19 11:35 . 2009-08-19 11:35 10420224 ----a-w- c:\windows\system32\nvoglv32.dll
2009-08-19 11:35 . 2007-04-20 13:31 991744 ----a-w- c:\windows\system32\nvapi.dll
2009-08-19 11:35 . 2007-04-20 13:31 7660544 ----a-w- c:\windows\system32\nvd3dum.dll
2009-08-14 17:07 . 2009-09-22 16:23 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 16:29 . 2009-09-22 16:23 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 14:16 . 2009-09-22 16:23 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16 . 2009-09-22 16:23 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:16 . 2009-09-22 16:23 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16 . 2009-09-22 16:23 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:16 . 2009-09-22 16:23 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16 . 2009-09-22 16:23 10240 ----a-w- c:\windows\system32\finger.exe
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-21 21:52 . 2009-09-22 19:58 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-09-22 19:58 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-09-22 19:58 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-09-22 19:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-09-22 16:21 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-11 19:32 . 2009-09-22 16:21 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-07-11 19:32 . 2009-09-22 16:21 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:32 . 2009-09-22 16:21 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 19:29 . 2009-09-22 16:21 127488 ----a-w- c:\windows\system32\L2SecHC.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-01-05 20:41 2857984 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-01-05 20:41 2857984 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"Free Uploader Oe Integration"="c:\program files\Free Download Manager\FUM\fumoei.exe" [2007-06-10 40960]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"ledBirdXP"="c:\program files\ledBirdXP\ledBirdXP.exe" [2007-08-11 38912]
"Update Service"="c:\progra~1\COMMON~1\TEKNUM~1\update.exe" [2008-01-06 19456]
"FlashCAD"="c:\program files\FlashCAD\FlashCAD.exe" [2009-01-14 8163328]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-09-23 3055616]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-18 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"Turbo Gear Enhanced VGA Driver"="c:\program files\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe" [2007-05-31 90112]
"PowerForPhone"="c:\program files\PowerForPhone\PowerForPhone\PowerForPhone.exe" [2006-09-08 778240]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-01-05 49168]
"ASUS C90 Tutorial"="c:\program files\ASUS\ASUS C90 Tutorial\Tutorial.exe" [2007-06-28 823296]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2009-06-11 86016]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-12-12 1186904]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-12-12 1962736]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-12-12 87584]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2008-05-06 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2008-05-06 1057064]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-07 2023704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-23 149280]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-07-03 479232]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2008-12-19 83336]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-19 13793824]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-06-20 4493312]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-6-19 2528608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-01-05 20:28 90112 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ChkMail"=c:\program files\ChkMail\ChkMail\ChkMail.exe
"Turbo Gear"="c:\program files\ASUS\Turbo Gear\TurboGear.exe" -r
"Turbo Gear Help"="c:\program files\ASUS\Turbo Gear\GearHelp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2855423669-3335437794-2644945195-1000]
"EnableNotificationsRef"=dword:00000003

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C727E539-2E90-4224-8C8F-AB3689CD0E8D}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{0E9DDBC9-124F-4EA3-B9F4-709AD52AFCF0}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{CA376D5F-1738-454E-9BD9-51EF09B55CAA}c:\\program files\\flashcad\\flashcad.exe"= UDP:c:\program files\flashcad\flashcad.exe:FlashCAD
"UDP Query User{755B98F2-0C97-4870-AE3E-454CF013D03A}c:\\program files\\flashcad\\flashcad.exe"= TCP:c:\program files\flashcad\flashcad.exe:FlashCAD
"{8FAF065D-D3D5-4B44-8963-12C82FCBE0BB}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{845158D3-DE8D-4C5F-AD7D-1F48AA59CE5B}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{7AAAA4BD-0A6B-4F5E-A8C0-AB328E284E54}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{7321FC2D-C10E-4C7B-9109-6F48EBD39C01}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{BD628D97-D7F7-4E31-BFE8-CAED21A32526}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{092B3144-97BD-4E6D-B461-89A4F074A08A}c:\\program files\\spyware terminator\\spywareterminatorupdate.exe"= UDP:c:\program files\spyware terminator\spywareterminatorupdate.exe:Crawler Spyware Terminator
"UDP Query User{BECA287B-2F35-487F-91A2-D4F4EB9BA08C}c:\\program files\\spyware terminator\\spywareterminatorupdate.exe"= TCP:c:\program files\spyware terminator\spywareterminatorupdate.exe:Crawler Spyware Terminator
"TCP Query User{D6981828-FFDD-46BF-9963-848E5BA97741}c:\\program files\\emule adunanza\\emule_adnza.exe"= UDP:c:\program files\emule adunanza\emule_adnza.exe:eMule
"UDP Query User{4B26D7FF-822A-46E7-AB02-02EA56D6332B}c:\\program files\\emule adunanza\\emule_adnza.exe"= TCP:c:\program files\emule adunanza\emule_adnza.exe:eMule
"TCP Query User{254B7ECD-216B-4595-BBFB-FE15E81C47F9}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{244EF075-7FB2-459B-80EE-73B6BAFE8BA1}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{800CE95F-ACA8-4437-80A0-A831CBECF726}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{73758DE7-83FB-46A3-8525-63CBF45C37E7}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{0AC4CB97-4EC2-45D3-B5B5-232A3D0B4F50}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{DFFE5CED-C1F2-4F7E-BD2B-DB2935646B50}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{86949A21-7648-4558-80A9-A307083F7DBC}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{1B111F76-D3F8-4C78-AC3B-D3AFA064A7D3}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{8C06AE24-DFDF-4D52-A6D2-88F4B56C3C7D}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

R0 pssnap;Paramount Software Snapshot Filter;c:\windows\System32\drivers\pssnap.sys [20/05/2008 9.32.40 15328]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [06/03/2009 14.03.04 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [06/03/2009 14.03.15 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [22/09/2009 18.01.18 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [22/09/2009 18.01.16 297752]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [25/08/2009 12.16.36 220128]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [02/02/2008 3.09.55 1153368]
R3 DCamUSBGene;GenesysLogic USB2.0 PC Camera;c:\windows\System32\drivers\USBGENE.sys [02/07/2007 13.00.39 127872]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [19/03/2007 8.51.49 47616]
R3 SbieDrv;SbieDrv;c:\program files\Sandboxie\SbieDrv.sys [28/05/2009 15.32.24 108032]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [18/08/2005 1.00.00 7168]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [20/04/2008 9.46.01 21504]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [23/09/2009 14.50.28 238960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-10-08 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-08-27 08:49]

2009-10-08 c:\windows\Tasks\User_Feed_Synchronization-{00DCC489-BD9E-4E5A-8747-EE69C6ED312F}.job
- c:\windows\system32\msfeedssync.exe [2009-09-22 20:13]
.
.
------- Scansione supplementare -------
.
uSearchURL,(Default) = hxxp://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
IE: E&xport to Microsoft Excel
IE: Scarica con Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Scarica i video con Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Scarica selezionati con Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Scarica tutto con Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: {{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - c:\program files\Free Download Manager\FUM\fumiebtn.dll
Trusted Zone: live.com\safety
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
FF - ProfilePath - c:\users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\ok48ml2c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (it)
FF - prefs.js: browser.startup.homepage - hxxp://it.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:it:official
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\OpenOffice.org 3\program\npsoplugin.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-fsm - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-08 21:29
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(952)
c:\windows\system32\relog_ap.dll
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll
.
Ora fine scansione: 2009-10-08 21.31.34
ComboFix-quarantined-files.txt 2009-10-08 19:31

Pre-Run: 48.324.050.944 byte disponibili
Post-Run: 48.117.202.944 byte disponibili

383 --- E O F --- 2009-10-08 19:01

La situazione si complica, mi sa che è sicuramente un qualche cosa che mi ha infettato, ho fatto come consigliato da r16 ed effettivamente le nuove schede funzionano, ma IE8 non caricava le foto dal mio windows live spaces, allora ho reimpostato il browser con l'apposito comando e tutto è andato a posto, ma ora è il firefox che non mi carica la foto del mio windows live spaces, entrambe le immagini da internete le caricano è solo con le mie che fanno capricci!
Per caso c'è un modo per reimpostare anche firefox?

Strano che qualche cosa sia riuscito ad entrare nel mio pc, ci sto molto attento e non clicco su nulla di sconosciuto, inoltre ho parecchi programmi di protezione, anche se devo dire che tutto è cominciato dopo uno dei purtroppo oramai numerosi errori bluscreen del mio asus c90s (mi si è presentato il problema dei driver della porta a infrarossi non trovati, credo, il bello è che la porta ad infrarossi non esiste su questo notebook) che causano il riavvio automatico, ho aggiornato tutti i driver, ma niente, ho tentato di aggiornare il BIOS ma mi da errore dopo il riavvio (credo sia a causa del grub di ubuntu), ma questa è un'altra lunga storia...

Dopo le 12:00 metto anche il log di malwarebytes, che non ha trovato nulla e anche quello di hijack.

Grazie a tutti, ciao

Prova a disistallare, firefox, e reistallarlo.

Vorrei sapere se conosci questi programmi, e se li usi:
ledBirdXP
FlashCAD

Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [Turbo Gear Enhanced VGA Driver] "C:\Program Files\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe"
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [ASUS C90 Tutorial] "C:\Program Files\ASUS\ASUS C90 Tutorial\Tutorial.exe" -r
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ledBirdXP] C:\Program Files\ledBirdXP\ledBirdXP.exe -autostart
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [FlashCAD] "C:\Program Files\FlashCAD\FlashCAD.exe" -resident
O4 - Global Startup: Bluetooth Manager.lnk = ?
O15 - Trusted Zone: http://safety.live.com
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.c ab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} -
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} -
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.ma-config.com/activex/MaConfig_3_5_3_0.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi esegui le pulizie)

N.B:
Se la voce 023 non si elimina, prova eliminarla in Modalità provvisoria.

Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Salvalo sul desktop.

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.

Disinstalla combofix in questo modo: (dopo che avrò visto il log)
Start
Esegui
nella finestra di dialogo, copia ed incolla questo comando: Combofix /u e premi Invio poi cancella le cartelle in "C" di Combofix e (qoobox)

L'eleminazione di quelle voci, serve per "alleggerire" l'avvio.
Nessun programma verrà eliminato.
Mi interessa di più la scansione di Combofix.
E sapere se il problema permane, o no.

Ecco il Log di Combofix

ComboFix 09-10-07.05 - Luca 09/10/2009 15.08.28.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.39.1040.18.2047.1209 [GMT 2:00]
Eseguito da: c:\users\Luca\Desktop\ComboFix.exe
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Creati Da 2009-09-09 al 2009-10-09 )))))))))))))))))))))))))))))))))))
.

2009-10-09 13:15 . 2009-10-09 13:15 -------- d-----w- c:\users\Luca\AppData\Local\temp
2009-10-09 13:15 . 2009-10-09 13:15 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-10-09 13:15 . 2009-10-09 13:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-07 18:52 . 2009-10-07 18:52 -------- d-----w- c:\program files\Trend Micro
2009-10-05 14:10 . 2008-09-30 07:17 1048576 ---h--r- C:\C90S.BIN
2009-10-05 10:33 . 2009-10-05 15:21 -------- d-----w- c:\users\Luca\AppData\Roaming\Download Manager
2009-10-05 09:52 . 2009-10-05 09:55 -------- d-----w- c:\programdata\NVIDIA
2009-10-05 09:51 . 2009-10-05 09:51 -------- d-----w- c:\program files\AGEIA Technologies
2009-10-05 09:51 . 2009-10-05 09:51 -------- d-----w- c:\windows\system32\AGEIA
2009-10-05 09:44 . 2009-10-05 09:44 -------- d-----w- c:\programdata\TOSHIBA
2009-10-05 09:36 . 2009-10-05 09:36 -------- d-sh--w- c:\windows\system32\%APPDATA%
2009-10-05 09:03 . 2009-10-05 09:03 -------- d-----w- C:\NVIDIA
2009-10-05 09:01 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-05 09:01 . 2009-10-05 09:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-05 09:01 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-05 07:42 . 2009-10-05 07:42 -------- d-----w- c:\program files\ma-config.com
2009-10-05 07:42 . 2009-10-05 07:42 -------- d-----w- c:\programdata\ma-config.com
2009-10-05 07:08 . 2009-10-05 09:28 -------- d-----w- c:\users\Luca\AppData\Roaming\Software Informer
2009-10-05 06:53 . 2009-10-05 06:53 -------- d-----w- c:\program files\SystemRequirementsLab
2009-10-03 07:10 . 2009-10-01 08:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-03 07:06 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-03 07:06 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-03 07:06 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-03 07:06 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-03 07:06 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-03 07:06 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-03 07:06 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-03 07:06 . 2009-08-06 17:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-03 07:06 . 2009-08-06 16:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-09-30 19:50 . 2009-09-30 19:50 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-30 19:09 . 2009-10-05 17:06 -------- d-----w- c:\users\Luca\AppData\Roaming\vlc
2009-09-25 10:33 . 2009-09-25 10:54 -------- d-----w- c:\programdata\Ultima_T15
2009-09-23 19:19 . 2009-09-23 19:19 -------- d-----w- c:\users\Luca\AppData\Roaming\InfraRecorder
2009-09-23 19:19 . 2009-09-23 19:19 -------- d-----w- c:\program files\InfraRecorder
2009-09-23 19:10 . 2009-09-23 19:10 -------- d-----w- c:\programdata\eMule
2009-09-23 19:09 . 2009-09-23 19:10 -------- d-----w- c:\users\Luca\AppData\Local\eMule
2009-09-23 19:09 . 2009-09-23 19:09 -------- d-----w- c:\program files\eMule
2009-09-23 18:58 . 2009-09-23 18:58 -------- d-----w- c:\program files\CDBurnerXP
2009-09-23 18:47 . 2009-09-23 18:47 -------- d-----w- c:\programdata\Azureus
2009-09-23 18:47 . 2009-09-23 18:54 -------- d-----w- c:\users\Luca\AppData\Roaming\Azureus
2009-09-23 18:46 . 2009-09-23 18:47 -------- d-----w- c:\program files\Vuze
2009-09-23 18:40 . 2009-09-23 18:40 -------- d-----w- c:\programdata\eMule AdunanzA
2009-09-23 18:38 . 2009-09-23 18:38 -------- d-----w- c:\program files\eMule AdunanzA
2009-09-23 18:38 . 2009-09-23 18:38 -------- d-----w- c:\users\Luca\AppData\Local\eMule AdunanzA
2009-09-23 18:20 . 2009-09-23 18:20 -------- d-----w- c:\program files\JRE
2009-09-22 20:56 . 2009-09-22 20:56 -------- d-----w- c:\program files\Microsoft Research
2009-09-22 20:54 . 2009-09-22 20:54 -------- d-----w- c:\program files\Google
2009-09-22 20:40 . 2009-09-22 20:40 -------- d-----w- c:\program files\uTorrent
2009-09-22 19:56 . 2009-03-08 11:33 18944 ----a-w- c:\windows\system32\corpol.dll
2009-09-22 19:54 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-09-22 19:54 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-09-22 19:54 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-22 19:54 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-09-22 19:54 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-09-22 19:54 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-09-22 19:54 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-09-22 19:54 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-09-22 19:39 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-09-22 16:33 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-09-22 16:33 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-09-22 16:22 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-22 16:22 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-22 16:20 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-09-22 16:20 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-09-22 16:20 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-09-22 16:20 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-09-22 16:19 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-22 16:19 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-22 16:19 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-09 11:05 . 2007-12-25 11:43 -------- d-----w- c:\program files\Windows Live Safety Center
2009-10-09 10:29 . 2007-10-24 10:36 -------- d-----w- c:\program files\FlashCAD
2009-10-09 10:28 . 2009-10-05 09:52 31776 ----a-w- c:\programdata\nvModes.dat
2009-10-09 05:41 . 2007-04-18 08:33 12 ----a-w- c:\windows\bthservsdp.dat
2009-10-08 05:34 . 2008-12-20 10:04 -------- d-----w- c:\programdata\Spyware Terminator
2009-10-08 05:33 . 2008-12-20 10:04 -------- d-----w- c:\program files\Spyware Terminator
2009-10-08 04:35 . 2008-12-20 10:04 -------- d-----w- c:\users\Luca\AppData\Roaming\Spyware Terminator
2009-10-07 19:16 . 2007-09-26 21:07 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-10-07 19:04 . 2008-09-30 17:00 -------- d-----w- c:\programdata\NOS
2009-10-05 16:04 . 2008-08-27 17:18 -------- d-----w- c:\program files\PhotoScape
2009-10-05 14:06 . 2007-09-11 07:31 -------- d-----w- c:\program files\ASUS
2009-10-05 13:57 . 2009-09-25 10:54 20 ---h--w- c:\programdata\PKP_DLdw.DAT
2009-10-05 10:05 . 2009-09-25 10:33 20 ---h--w- c:\programdata\PKP_DLdu.DAT
2009-10-05 09:51 . 2007-10-21 00:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-05 09:44 . 2007-10-25 14:19 -------- d-----w- c:\users\Luca\AppData\Roaming\Toshiba
2009-10-05 07:08 . 2008-09-10 17:20 -------- d-----w- c:\program files\Software Informer
2009-10-03 07:24 . 2007-04-18 09:25 677352 ----a-w- c:\windows\system32\perfh010.dat
2009-10-03 07:24 . 2007-04-18 09:25 125404 ----a-w- c:\windows\system32\perfc010.dat
2009-09-30 20:10 . 2009-09-25 17:30 -------- d-----w- c:\users\Luca\AppData\Roaming\Nikon
2009-09-25 17:30 . 2009-09-25 10:35 -------- d-----w- c:\program files\Common Files\Nikon
2009-09-25 11:22 . 2009-09-25 11:22 -------- d-----w- c:\program files\Macrium
2009-09-25 11:21 . 2008-09-10 17:17 -------- d-----w- c:\program files\QuickTime Alternative
2009-09-25 11:20 . 2008-08-01 15:30 -------- d-----w- c:\program files\Real Alternative
2009-09-25 11:19 . 2009-09-25 11:19 -------- d-----w- c:\program files\MPC HomeCinema
2009-09-25 11:14 . 2009-09-25 11:13 -------- d-----w- c:\program files\FrostWire
2009-09-25 11:09 . 2009-09-25 10:39 -------- d-----w- c:\program files\Nikon
2009-09-25 10:54 . 2009-09-25 10:54 -------- d-----w- c:\programdata\Automatic Filter
2009-09-25 10:54 . 2009-09-25 10:33 -------- d-----w- c:\programdata\EnterNHelp
2009-09-25 10:42 . 2009-09-25 10:42 20 ---h--w- c:\programdata\PKP_DLer.DAT
2009-09-25 10:42 . 2009-09-25 10:42 -------- d-----w- c:\programdata\Carbon
2009-09-25 10:39 . 2009-09-25 10:39 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-09-25 10:39 . 2009-09-25 10:39 -------- d-----w- c:\programdata\Nikon
2009-09-25 10:37 . 2009-09-25 10:37 -------- d-----w- c:\program files\ArcSoft
2009-09-25 10:37 . 2007-09-11 07:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-25 10:33 . 2009-09-25 10:33 -------- d-----w- c:\programdata\Analog Mono
2009-09-23 19:00 . 2007-09-29 01:17 -------- d-----w- c:\program files\Free Download Manager
2009-09-23 18:56 . 2007-09-26 19:05 -------- d-----w- c:\program files\ClamWin
2009-09-23 18:47 . 2007-09-26 17:36 141440 ----a-w- c:\users\Luca\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-23 18:37 . 2008-10-15 17:24 -------- d-----w- c:\program files\OpenOffice.org 3
2009-09-23 18:14 . 2008-12-11 17:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-23 18:14 . 2007-09-27 09:01 -------- d-----w- c:\program files\Java
2009-09-23 18:04 . 2008-12-20 10:04 -------- d-----w- c:\program files\Crawler
2009-09-22 20:50 . 2009-04-03 10:57 -------- d-----w- c:\program files\Opera
2009-09-22 20:42 . 2009-02-06 14:46 -------- d-----w- c:\users\Luca\AppData\Roaming\uTorrent
2009-09-22 20:37 . 2007-10-02 18:16 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-09-22 20:32 . 2007-09-26 21:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-22 20:28 . 2007-10-22 13:41 -------- d-----w- c:\program files\SpywareBlaster
2009-09-22 20:15 . 2008-05-24 10:27 81984 ----a-w- c:\windows\system32\bdod.bin
2009-09-22 19:42 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-22 19:29 . 2008-03-01 14:39 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-22 16:01 . 2009-03-06 12:03 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-22 16:01 . 2009-03-06 12:03 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-22 16:01 . 2009-03-06 12:03 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-22 16:01 . 2009-03-06 12:03 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-05 12:25 . 2009-09-05 12:25 1183744 ----a-w- c:\windows\system32\drivers\athr.sys
2009-08-25 10:16 . 2009-08-25 10:16 32224 ----a-w- c:\windows\system32\drivers\psmounter.sys
2009-08-21 11:17 . 2007-09-11 07:05 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-08-19 11:35 . 2009-08-19 11:35 9787488 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-08-19 11:35 . 2009-08-19 11:35 795104 ----a-w- c:\windows\system32\dpinst.exe
2009-08-19 11:35 . 2009-08-19 11:35 678432 ----a-w- c:\windows\system32\nvcuvid.dll
2009-08-19 11:35 . 2009-08-19 11:35 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-08-19 11:35 . 2009-08-19 11:35 4224 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2009-08-19 11:35 . 2009-08-19 11:35 3197952 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-08-19 11:35 . 2009-08-19 11:35 1740800 ----a-w- c:\windows\system32\nvcuda.dll
2009-08-19 11:35 . 2009-08-19 11:35 155648 ----a-w- c:\windows\system32\nvcod163.dll
2009-08-19 11:35 . 2009-08-19 11:35 155648 ----a-w- c:\windows\system32\nvcod.dll
2009-08-19 11:35 . 2009-08-19 11:35 1317408 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-08-19 11:35 . 2009-08-19 11:35 10420224 ----a-w- c:\windows\system32\nvoglv32.dll
2009-08-19 11:35 . 2007-04-20 13:31 991744 ----a-w- c:\windows\system32\nvapi.dll
2009-08-19 11:35 . 2007-04-20 13:31 7660544 ----a-w- c:\windows\system32\nvd3dum.dll
2009-08-14 17:07 . 2009-09-22 16:23 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 16:29 . 2009-09-22 16:23 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 14:16 . 2009-09-22 16:23 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16 . 2009-09-22 16:23 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:16 . 2009-09-22 16:23 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16 . 2009-09-22 16:23 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:16 . 2009-09-22 16:23 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16 . 2009-09-22 16:23 10240 ----a-w- c:\windows\system32\finger.exe
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-21 21:52 . 2009-09-22 19:58 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-09-22 19:58 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-09-22 19:58 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-09-22 19:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-09-22 16:21 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-11 19:32 . 2009-09-22 16:21 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-07-11 19:32 . 2009-09-22 16:21 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:32 . 2009-09-22 16:21 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 19:29 . 2009-09-22 16:21 127488 ----a-w- c:\windows\system32\L2SecHC.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-08_19.29.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-04-18 08:46 . 2009-10-09 10:30 68828 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-10-09 10:30 90832 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:05 . 2009-10-08 19:13 90832 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-09-26 17:35 . 2009-10-09 10:30 14746 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2855423669-3335437794-2644945195-1000_UserData.bin
+ 2007-09-26 17:29 . 2009-10-09 10:51 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-09-26 17:29 . 2009-10-07 18:33 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-09-26 17:29 . 2009-10-09 10:51 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-09-26 17:29 . 2009-10-07 18:33 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-09-26 17:29 . 2009-10-09 10:51 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-09-26 17:29 . 2009-10-07 18:33 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-05 09:36 . 2009-10-05 09:36 16384 c:\windows\System32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2009-10-05 09:36 . 2009-10-08 23:11 16384 c:\windows\System32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2009-10-09 11:02 . 2009-10-09 11:02 39424 c:\windows\Installer\1f15b8.msi
+ 2007-10-01 00:57 . 2009-10-09 04:39 3892 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-10-09 10:28 . 2009-10-09 10:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-10-08 18:53 . 2009-10-08 19:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-10-09 10:28 . 2009-10-09 10:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-10-08 18:53 . 2009-10-08 19:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-08-24 15:40 . 2009-10-09 04:15 168328 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-10-09 11:05 . 2009-10-09 11:05 326144 c:\windows\Installer\1f15fd.msp
+ 2009-10-09 11:02 . 2009-10-09 11:02 170496 c:\windows\Installer\1f15dc.msp
+ 2009-10-09 11:02 . 2009-10-09 11:02 162304 c:\windows\Installer\1f15d5.msp
+ 2009-10-09 11:02 . 2009-10-09 11:02 217088 c:\windows\Installer\1f15ce.msp
+ 2009-10-09 11:02 . 2009-10-09 11:02 189952 c:\windows\Installer\1f15c7.msp
+ 2009-10-09 11:02 . 2009-10-09 11:02 374784 c:\windows\Installer\1f15c0.msp
+ 2009-10-09 11:05 . 2009-10-09 11:05 9443328 c:\windows\Installer\1f15f6.msp
+ 2009-10-09 11:05 . 2009-10-09 11:05 1393152 c:\windows\Installer\1f15ef.msp
+ 2009-10-09 11:02 . 2009-10-09 11:02 2001920 c:\windows\Installer\1f15e3.msp
+ 2009-10-09 11:04 . 2009-10-09 11:04 30402560 c:\windows\Installer\1f15e9.msp
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-01-05 20:41 2857984 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-01-05 20:41 2857984 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-09-23 3055616]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-18 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2009-06-11 86016]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-12-12 1962736]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-07 2023704]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2008-12-19 83336]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-19 13793824]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-06-20 4493312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-01-05 20:28 90112 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ChkMail"=c:\program files\ChkMail\ChkMail\ChkMail.exe
"Turbo Gear"="c:\program files\ASUS\Turbo Gear\TurboGear.exe" -r
"Turbo Gear Help"="c:\program files\ASUS\Turbo Gear\GearHelp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2855423669-3335437794-2644945195-1000]
"EnableNotificationsRef"=dword:00000003

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C727E539-2E90-4224-8C8F-AB3689CD0E8D}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{0E9DDBC9-124F-4EA3-B9F4-709AD52AFCF0}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{CA376D5F-1738-454E-9BD9-51EF09B55CAA}c:\\program files\\flashcad\\flashcad.exe"= UDP:c:\program files\flashcad\flashcad.exe:FlashCAD
"UDP Query User{755B98F2-0C97-4870-AE3E-454CF013D03A}c:\\program files\\flashcad\\flashcad.exe"= TCP:c:\program files\flashcad\flashcad.exe:FlashCAD
"{8FAF065D-D3D5-4B44-8963-12C82FCBE0BB}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{845158D3-DE8D-4C5F-AD7D-1F48AA59CE5B}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{7AAAA4BD-0A6B-4F5E-A8C0-AB328E284E54}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{7321FC2D-C10E-4C7B-9109-6F48EBD39C01}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{BD628D97-D7F7-4E31-BFE8-CAED21A32526}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{092B3144-97BD-4E6D-B461-89A4F074A08A}c:\\program files\\spyware terminator\\spywareterminatorupdate.exe"= UDP:c:\program files\spyware terminator\spywareterminatorupdate.exe:Crawler Spyware Terminator
"UDP Query User{BECA287B-2F35-487F-91A2-D4F4EB9BA08C}c:\\program files\\spyware terminator\\spywareterminatorupdate.exe"= TCP:c:\program files\spyware terminator\spywareterminatorupdate.exe:Crawler Spyware Terminator
"TCP Query User{D6981828-FFDD-46BF-9963-848E5BA97741}c:\\program files\\emule adunanza\\emule_adnza.exe"= UDP:c:\program files\emule adunanza\emule_adnza.exe:eMule
"UDP Query User{4B26D7FF-822A-46E7-AB02-02EA56D6332B}c:\\program files\\emule adunanza\\emule_adnza.exe"= TCP:c:\program files\emule adunanza\emule_adnza.exe:eMule
"TCP Query User{254B7ECD-216B-4595-BBFB-FE15E81C47F9}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{244EF075-7FB2-459B-80EE-73B6BAFE8BA1}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{800CE95F-ACA8-4437-80A0-A831CBECF726}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{73758DE7-83FB-46A3-8525-63CBF45C37E7}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{0AC4CB97-4EC2-45D3-B5B5-232A3D0B4F50}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{DFFE5CED-C1F2-4F7E-BD2B-DB2935646B50}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{86949A21-7648-4558-80A9-A307083F7DBC}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{1B111F76-D3F8-4C78-AC3B-D3AFA064A7D3}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{8C06AE24-DFDF-4D52-A6D2-88F4B56C3C7D}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

R0 pssnap;Paramount Software Snapshot Filter;c:\windows\System32\drivers\pssnap.sys [20/05/2008 9.32.40 15328]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [06/03/2009 14.03.04 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [06/03/2009 14.03.15 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [22/09/2009 18.01.18 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [22/09/2009 18.01.16 297752]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [25/08/2009 12.16.36 220128]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [02/02/2008 3.09.55 1153368]
R3 DCamUSBGene;GenesysLogic USB2.0 PC Camera;c:\windows\System32\drivers\USBGENE.sys [02/07/2007 13.00.39 127872]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [19/03/2007 8.51.49 47616]
R3 SbieDrv;SbieDrv;c:\program files\Sandboxie\SbieDrv.sys [28/05/2009 15.32.24 108032]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [18/08/2005 1.00.00 7168]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [20/04/2008 9.46.01 21504]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [23/09/2009 14.50.28 238960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-10-09 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-08-27 08:49]

2009-10-09 c:\windows\Tasks\User_Feed_Synchronization-{00DCC489-BD9E-4E5A-8747-EE69C6ED312F}.job
- c:\windows\system32\msfeedssync.exe [2009-09-22 20:13]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.asus.com
mStart Page = hxxp://www.asus.com
uSearchURL,(Default) = hxxp://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
IE: {{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - c:\program files\Free Download Manager\FUM\fumiebtn.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

Toolbar-Locked - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-09 15:15
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


c:\users\Luca\AppData\Local\Temp\catchme.dll 53248 bytes executable

Scansione completata con successo
Files nascosti: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(880)
c:\windows\system32\relog_ap.dll
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll

- - - - - - - > 'Explorer.exe'(4896)
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infra.dll
.
Ora fine scansione: 2009-10-09 15.17.50
ComboFix-quarantined-files.txt 2009-10-09 13:17
ComboFix2.txt 2009-10-08 19:31

Pre-Run: 64.349.749.248 byte disponibili
Post-Run: 64.348.790.784 byte disponibili

374 --- E O F --- 2009-10-08 19:01


Grazie.

Ho reinstallato firefox e funziona tutto, non saprei che prove fare oltre ad usarlo, mi sembra normale.
Grazie tante, ciao.