un saluto a tutti gli amici, premetto che ho appena formattato(ieri)


Malwarebytes' Anti-Malware 1.41
Versione del database: 3029
Windows 5.1.2600 Service Pack 3

25/10/2009 10.34.11
mbam-log-2009-10-25 (10-34-01).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 135144
Tempo trascorso: 38 minute(s), 25 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 1
Cartelle infette: 0
File infetti: 1

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Documents and Settings\Utente\Dati applicazioni\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> No action taken.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.36.50, on 25/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
C:\Programmi\WinAlarm\WinAlarm.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\RocketDock\RocketDock.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Utente\Documenti\x Pulizia x\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virgilio.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [WinAlarm] C:\Programmi\WinAlarm\WinAlarm.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: &Tastiera Virtuale - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: C&ontrollo URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256112690609
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

--
End of file - 7556 bytes

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing

queste voci non servono, puoi eliminarle, per la scansione col malwarebytes aspetta gli esperti che ti diranno cosa fare.

nessuno può aiutarmi?
r16....

grazie r16 x aver risposto
ho fatto del mio meglio ecco il log


ComboFix 09-10-25.01 - Utente 25/10/2009 23.04.08.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.512.255 [GMT 1:00]
Eseguito da: c:\documents and settings\Utente\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Utente\Dati applicazioni\Desktopicon

.
((((((((((((((((((((((((( Files Creati Da 2009-09-25 al 2009-10-25 )))))))))))))))))))))))))))))))))))
.

2009-10-25 18:28 . 2009-10-25 18:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NVIDIA
2009-10-25 18:02 . 2009-10-25 18:02 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Zylom
2009-10-25 15:37 . 2009-10-25 15:37 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Identities
2009-10-25 08:42 . 2009-10-25 08:42 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Malwarebytes
2009-10-25 08:42 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-25 08:42 . 2009-10-25 08:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-10-25 08:41 . 2009-10-25 08:42 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-10-25 08:41 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-24 21:42 . 2009-10-24 21:52 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Babylon
2009-10-24 21:41 . 2009-10-24 21:41 -------- d-----w- c:\programmi\Babylon
2009-10-24 21:41 . 2009-10-24 21:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Babylon
2009-10-24 21:40 . 2009-10-24 21:53 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Babylon
2009-10-24 17:27 . 2009-10-24 17:27 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Canon
2009-10-24 17:24 . 2009-10-24 17:24 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Scansoft
2009-10-24 17:21 . 1997-10-14 03:19 11776 ----a-w- c:\windows\system32\pmsbfn32.dll
2009-10-24 17:21 . 2009-10-24 17:21 -------- d-----w- c:\programmi\File comuni\NewSoft
2009-10-24 17:20 . 2009-10-24 17:20 -------- d-----w- c:\programmi\File comuni\PDFView
2009-10-24 17:20 . 2009-10-24 17:20 -------- d-----w- c:\windows\system32\Color
2009-10-24 17:20 . 2009-10-24 17:20 -------- d-----w- c:\programmi\NewSoft
2009-10-24 17:19 . 2009-10-24 17:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\InstallShield
2009-10-24 17:19 . 2009-10-24 17:19 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\ScanSoft
2009-10-24 17:19 . 2009-10-24 17:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ScanSoft
2009-10-24 17:19 . 2009-10-24 17:19 -------- d-----w- c:\programmi\File comuni\ScanSoft Shared
2009-10-24 17:19 . 2009-10-24 17:19 -------- d-----w- c:\programmi\ScanSoft
2009-10-24 17:17 . 2009-10-24 17:17 -------- d-----w- c:\programmi\ArcSoft
2009-10-24 17:17 . 1995-08-01 02:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
2009-10-24 17:16 . 2009-10-24 17:16 -------- d-----w- c:\programmi\File comuni\CANON
2009-10-24 17:15 . 2009-10-24 17:15 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2009-10-24 17:15 . 2009-10-24 17:15 -------- d--h--w- c:\programmi\CanonBJ
2009-10-24 17:14 . 2009-10-24 17:16 -------- d-----w- c:\programmi\Canon
2009-10-24 16:52 . 2008-04-13 09:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-10-24 16:52 . 2008-04-13 09:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-10-24 16:43 . 2009-10-24 16:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\UDL
2009-10-24 16:41 . 2008-04-13 09:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-10-24 16:41 . 2008-04-13 09:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-10-24 16:40 . 2009-10-24 17:00 -------- d-----w- c:\programmi\EPSON
2009-10-24 15:57 . 2009-10-24 15:57 -------- d-----w- c:\programmi\7-Zip
2009-10-24 15:48 . 2009-10-24 15:48 -------- d-----w- c:\programmi\Unlocker
2009-10-24 10:48 . 2009-10-24 10:48 -------- d-----w- c:\windows\Sun
2009-10-24 10:34 . 2009-10-24 10:34 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\aignes
2009-10-24 10:33 . 2009-10-24 10:33 -------- d-----w- c:\programmi\AM-DeadLink
2009-10-24 10:06 . 2009-10-24 10:06 -------- d-----r- c:\programmi\emule0.49c-Xtreme7.2
2009-10-24 10:01 . 2009-10-24 10:01 -------- d-----w- c:\programmi\RocketDock
2009-10-24 09:53 . 2009-10-24 09:53 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\WinAlarm
2009-10-24 09:50 . 2009-10-24 09:50 -------- d-----w- c:\programmi\WinAlarm
2009-10-24 09:43 . 2009-10-24 09:43 -------- d-----w- c:\programmi\Java
2009-10-24 08:30 . 2009-10-24 08:30 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\URSoft
2009-10-24 08:30 . 2009-10-24 08:32 -------- d-----w- c:\programmi\Your Uninstaller 2008
2009-10-24 07:32 . 2009-10-24 07:36 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-10-21 09:15 . 2009-10-21 09:15 2080536 ----a-w- c:\windows\system32\AutoPartNt.exe
2009-10-21 08:38 . 2009-10-21 08:38 971584 ----a-w- c:\windows\system32\drivers\tdrpm147.sys
2009-10-21 08:38 . 2009-10-21 08:38 540000 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-10-21 08:38 . 2009-10-21 08:38 44704 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-10-21 08:37 . 2009-10-21 08:37 134272 ----a-w- c:\windows\system32\drivers\snman380.sys
2009-10-21 08:37 . 2009-10-21 08:37 -------- d-----w- c:\programmi\Acronis
2009-10-21 08:37 . 2009-10-21 08:37 -------- d-----w- c:\programmi\File comuni\Acronis
2009-10-21 08:28 . 2009-10-21 08:28 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\PowerDVDCox
2009-10-21 08:28 . 2009-10-21 08:28 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\PowerDVDCinema
2009-10-21 08:28 . 2009-10-21 08:28 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\CyberLink
2009-10-21 08:17 . 2009-10-24 07:22 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ApplicationHistory
2009-10-21 08:17 . 2009-10-21 08:17 135 ----a-w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\fusioncache.dat
2009-10-21 07:55 . 2009-10-21 07:56 -------- d-----w- c:\windows\system32\URTTemp
2009-10-21 07:52 . 2008-06-14 17:32 272768 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-10-21 07:52 . 2008-06-14 17:32 272768 ------w- c:\windows\system32\drivers\bthport.sys
2009-10-21 07:50 . 2009-08-04 20:56 2192896 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-10-21 07:50 . 2009-08-04 17:26 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-10-21 07:50 . 2009-08-04 17:26 2027520 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-10-21 07:50 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-21 07:35 . 2009-10-21 08:25 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Adobe
2009-10-21 07:34 . 2009-10-21 07:35 -------- d-----w- c:\programmi\File comuni\Adobe
2009-10-21 06:02 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-10-21 06:02 . 2008-10-16 12:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-10-20 17:46 . 2009-10-20 17:46 -------- d-----w- c:\programmi\Microsoft
2009-10-20 17:36 . 2009-10-21 08:28 64168 ----a-w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-10-20 17:31 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-10-20 17:31 . 2009-10-20 17:31 -------- d-----w- c:\programmi\Windows Media Connect 2
2009-10-20 17:29 . 2009-10-20 17:30 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-10-20 17:29 . 2009-10-20 17:29 -------- d-----w- c:\windows\system32\LogFiles
2009-10-20 17:06 . 2007-07-27 08:41 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2009-10-20 17:06 . 2009-10-21 08:02 -------- d--h--w- c:\windows\$hf_mig$
2009-10-20 17:03 . 2009-08-29 07:26 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-20 17:03 . 2009-08-29 07:26 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-10-20 17:03 . 2009-08-29 07:26 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2009-10-20 17:03 . 2009-08-28 10:28 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2009-10-20 17:03 . 2009-06-29 08:33 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2009-10-20 17:03 . 2009-08-29 07:26 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-20 17:03 . 2009-08-29 07:26 6067200 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-10-20 17:03 . 2009-08-29 07:26 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2009-10-20 16:56 . 2009-10-21 08:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\CyberLink
2009-10-20 16:56 . 2009-10-20 16:56 -------- d-----w- c:\programmi\File comuni\CyberLink
2009-10-20 16:55 . 2009-10-20 16:56 -------- d-----w- c:\programmi\CyberLink
2009-10-20 16:55 . 2009-10-20 16:54 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-10-20 16:55 . 2009-10-20 16:54 505128 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-20 16:33 . 2009-10-20 16:33 -------- d-----w- c:\windows\system32\IOSUBSYS
2009-10-20 16:33 . 2009-10-20 16:49 -------- d-----w- c:\programmi\Google
2009-10-20 16:30 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2009-10-20 16:30 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-10-20 16:30 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-10-20 16:30 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-10-20 16:30 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-10-20 16:30 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-10-20 16:30 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\divx.dll
2009-10-20 16:30 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-20 16:30 . 2009-10-20 16:54 353576 ----a-w- c:\windows\system32\msvcr71.dll
2009-10-20 16:30 . 2009-10-20 16:32 -------- d-----w- c:\programmi\K-Lite Codec Pack
2009-10-20 16:24 . 2009-10-24 09:43 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-20 16:15 . 2007-04-09 11:23 28040 ----a-w- c:\windows\system32\mdimon.dll
2009-10-20 16:12 . 2009-10-20 16:12 -------- d-----w- c:\programmi\Microsoft.NET
2009-10-20 16:11 . 2009-10-20 16:21 -------- d-----w- c:\programmi\Microsoft Works
2009-10-20 16:11 . 2009-10-20 16:12 -------- d-----w- c:\windows\SHELLNEW
2009-10-20 16:09 . 2009-10-20 16:09 -------- d-----r- C:\MSOCache
2009-10-20 16:00 . 2009-10-20 16:00 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Ahead
2009-10-20 15:57 . 2009-10-20 15:57 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Nero
2009-10-20 15:53 . 2009-10-20 15:55 -------- d-----w- c:\programmi\File comuni\Nero
2009-10-20 15:53 . 2009-10-20 15:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nero
2009-10-20 15:53 . 2009-10-20 15:53 -------- d-----w- c:\programmi\Nero
2009-10-20 15:40 . 2009-10-20 15:40 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-10-20 15:38 . 2009-10-20 15:51 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-10-20 15:38 . 2009-10-20 15:51 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-10-20 15:37 . 2009-10-25 22:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2009-10-20 15:37 . 2009-10-20 15:37 -------- d-----w- c:\programmi\Kaspersky Lab
2009-10-20 15:35 . 2009-10-20 15:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2009-10-20 15:35 . 2009-10-20 15:35 -------- d-----w- c:\programmi\CCleaner
2009-10-20 15:34 . 2009-10-20 15:35 -------- d-----w- c:\programmi\Windows Commander
2009-10-20 15:34 . 2002-08-28 03:10 545 ----a-w- c:\windows\UC.PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-25 17:44 . 2009-10-20 16:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-10-25 15:34 . 2009-10-20 16:38 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-10-25 08:13 . 2008-04-14 12:00 64156 ----a-w- c:\windows\system32\perfc010.dat
2009-10-25 08:13 . 2008-04-14 12:00 428288 ----a-w- c:\windows\system32\perfh010.dat
2009-10-24 17:20 . 2009-10-20 09:52 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-10-24 17:19 . 2009-10-20 09:51 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-10-20 16:45 . 2009-10-20 16:38 -------- d-----w- c:\programmi\SpywareBlaster
2009-10-20 09:51 . 2009-10-20 09:51 -------- d-----w- c:\programmi\sisagp
2009-10-20 09:14 . 2009-10-20 09:14 -------- d-----w- c:\programmi\microsoft frontpage
2009-10-20 09:13 . 2009-10-20 09:13 -------- d-----w- c:\programmi\Servizi in linea
2009-10-20 09:11 . 2009-10-20 09:11 21840 ----a-w- c:\windows\system32\emptyregdb.dat
2009-09-11 14:17 . 2008-04-14 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:26 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:26 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:26 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2008-04-14 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-06 17:24 . 2009-10-20 09:12 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 17:24 . 2009-10-20 09:12 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 17:24 . 2008-10-16 12:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 17:24 . 2009-10-20 09:12 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 17:24 . 2008-04-14 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 17:23 . 2009-10-20 09:12 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 17:23 . 2009-10-20 09:12 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-06 17:23 . 2009-10-20 09:12 209624 ----a-w- c:\windows\system32\wuweb.dll
2009-08-05 08:59 . 2008-04-14 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:26 . 2008-04-14 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:26 . 2008-04-13 18:55 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-29 04:34 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:34 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"TrueImageMonitor.exe"="c:\programmi\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-11-21 4371440]
"AcronisTimounterMonitor"="c:\programmi\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-11-21 961208]
"Acronis Scheduler2 Service"="c:\programmi\File comuni\Acronis\Schedule2\schedhlp.exe" [2008-11-21 165144]
"WinAlarm"="c:\programmi\WinAlarm\WinAlarm.exe" [2007-12-26 353280]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"Malwarebytes Anti-Malware (reboot)"="c:\programmi\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"avp"="c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-07-03 303376]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\emule0.49c-Xtreme7.2\\emule.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [15/12/2008 19.41.32 33808]
R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\drivers\snman380.sys [21/10/2009 9.37.55 134272]
R0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147);c:\windows\system32\drivers\tdrpm147.sys [21/10/2009 9.38.13 971584]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/10/20 18:56];c:\programmi\CyberLink\PowerDVD9\000.fcl [28/02/2009 18.40.18 87536]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13/05/2009 16.46.52 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [16/05/2009 19.59.44 19472]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://virgilio.it/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Translate this web page with Babylon - c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-25 23:12
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\programmi\CyberLink\PowerDVD9\000.fcl"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(828)
c:\windows\system32\WININET.dll
c:\programmi\RocketDock\RocketDock.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\Acronis\Schedule2\schedul2.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\combofix\CF2459.exe
c:\windows\system32\wscntfy.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Ora fine scansione: 2009-10-25 23.27.21 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-10-25 22:18

Pre-Run: 57.496.150.016 byte disponibili
Post-Run: 57.488.384.000 byte disponibili

- - End Of File - - BCEA438D765C480F420124FD97659002

si i file li ho eliminati prima di avviare combofix
r16 di problemi non ne avevo, a parte il pc che ruminava un pò troppo
non so come lo hanno formattato questa volta
ripreso il pc ho rimesso i vari prog (tutti presi da aiutamici) e l'ultimo è stato proprio Malwarebytes che per curiosità ho voluto provare
tutto qui
combofix ha fatto il suo lavoro?
come devo procedere adesso?
ciao e grazie

fatto tutto

fatto scansione con malwarebytes: 0 rilevati

del log HijackThis che mi dici?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9.03.46, on 26/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
C:\Programmi\WinAlarm\WinAlarm.exe
C:\Programmi\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Documents and Settings\Utente\Documenti\x Pulizia x\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virgilio.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programmi\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programmi\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [WinAlarm] C:\Programmi\WinAlarm\WinAlarm.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [avp] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Programmi\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: &Tastiera Virtuale - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: C&ontrollo URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256112690609
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

--
End of file - 6859 bytes


posso disinstallare Combofix?
ciao

ciao r16 ti ringrazio x l'aiuto che mi hai dato

la cartella di combofix e qoobox in C/ non l'ho trovata usando il "cerca" non trova niente, va bene lo stesso?

che hai visto in kaspersky che non va?

ok ti ringrazio infinitamente
appena posso contatto l'amico Enigmistica63

ciaooo