alwarebytes' Anti-Malware 1.44
Versione del database: 3860
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18882

12/03/2010 18.51.35
mbam-log-2010-03-12 (18-51-35).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 360554
Tempo trascorso: 1 hour(s), 5 minute(s), 57 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)

Allora forbes:
Prima di tutto, ti prego di NON aprire vari topic, per lo stesso problema.
Per rispondere, o chiedere aiuto, scrivi sempre in questo topic.
Avevo chiesto un log di HJT.
http://www.aiutamici.com/software?ID=11175
E ti avevo chiesto di eseguirlo come Amministratore.
Puoi postarlo?

clicca sopra l'icona di HJT con il tasto destro del mouse, e fra le varie diciture, scegli quella che dice: Esegui come Amministratore.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23.00.34, on 12/03/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=92&bd=Pavilion&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2530241
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=92&bd=Pavilion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=92&bd=Pavilion&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
R3 - URLSearchHook: Softonic-IT Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - C:\Program Files\Softonic-IT\tbSoft.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O2 - BHO: Softonic-IT Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - C:\Program Files\Softonic-IT\tbSoft.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Softonic-IT Toolbar - {e3393495-8103-46a0-8181-270273eddd60} - C:\Program Files\Softonic-IT\tbSoft.dll
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O8 - Extra context menu item: &AOL Toolbar Cerca - C:\ProgramData\AOL\ieToolbar\resources\it-IT\local\search.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Selezione intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O13 - Gopher Prefix:
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Servizio di Google Update (gupdate1ca07bdcd2c591d) (gupdate1ca07bdcd2c591d) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

--
End of file - 9016 bytes
forse ce l'ho fatta

ciao r16 non so se ci 6 ancora ma mi è successa una cosa strana. ad un certo punto nn funzionava + niente dopo aver fatto la scansionr con combofix mi dava sempre errore come mai?

ComboFix 10-03-12.02 - vincenzina 12/03/2010 23.35.42.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.39.1040.18.3070.1800 [GMT 1:00]
Eseguito da: c:\users\vincenzina\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Creati Da 2010-02-12 al 2010-03-12 )))))))))))))))))))))))))))))))))))
.

2010-03-12 22:39 . 2010-03-12 22:40 -------- d-----w- c:\users\vincenzina\AppData\Local\temp
2010-03-12 22:39 . 2010-03-12 22:39 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-12 22:39 . 2010-03-12 22:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-12 22:00 . 2010-03-12 22:00 -------- d-----w- c:\program files\Trend Micro
2010-03-12 16:18 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-12 16:18 . 2010-03-12 16:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-12 16:18 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-12 12:48 . 2010-03-12 12:48 -------- d-----w- c:\program files\Softonic-IT
2010-03-12 12:48 . 2010-03-12 12:48 -------- d-----w- c:\program files\CCleaner
2010-03-11 21:34 . 2010-03-11 23:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-11 21:34 . 2010-03-11 23:54 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-03-11 21:21 . 2009-01-18 21:35 15688 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-11 20:22 . 2010-03-11 20:22 -------- dc----w- c:\windows\system32\DRVSTORE
2010-03-11 20:22 . 2009-01-18 21:30 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-03-11 20:22 . 2010-03-11 20:22 -------- dc-h--w- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2010-03-11 20:22 . 2009-01-18 21:43 2892112 -c--a-w- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
2010-03-11 20:22 . 2010-03-11 20:22 -------- d-----w- c:\programdata\Lavasoft
2010-03-11 20:22 . 2010-03-11 20:22 -------- d-----w- c:\program files\Lavasoft
2010-03-11 18:20 . 2010-03-11 20:05 -------- d-----w- c:\program files\a-squared Free
2010-03-11 17:58 . 2010-03-11 17:58 -------- d-----w- c:\users\vincenzina\AppData\Roaming\Malwarebytes
2010-03-11 17:58 . 2010-03-11 17:58 -------- d-----w- c:\programdata\Malwarebytes
2010-03-11 17:15 . 2010-03-11 17:15 -------- d-----w- c:\users\vincenzina\AppData\Local\Threat Expert
2010-03-11 16:56 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-11 16:56 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-03-11 16:56 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-11 16:49 . 2010-03-11 17:53 -------- d-----w- c:\program files\Spyware Doctor
2010-02-24 09:33 . 2010-01-23 09:44 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 09:33 . 2010-01-25 08:35 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 09:33 . 2010-01-25 12:48 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 09:33 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 09:33 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 09:33 . 2010-01-25 12:48 472064 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 09:33 . 2010-01-25 12:45 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 09:33 . 2010-01-25 08:35 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 09:33 . 2010-01-25 08:34 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 09:33 . 2010-01-25 08:34 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-12 22:23 . 2010-03-12 22:23 318976 ----a-w- c:\windows\system32\CF29934.exe
2010-03-12 22:14 . 2009-05-15 16:18 78016 ----a-w- c:\users\vincenzina\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-12 16:27 . 2009-11-18 20:33 -------- d-----w- c:\programdata\Babylon
2010-03-11 17:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-11 17:00 . 2009-06-11 07:48 -------- d-----w- c:\programdata\Microsoft Help
2010-03-11 16:51 . 2009-07-18 15:38 -------- d-----w- c:\program files\Google
2010-03-06 20:55 . 2009-06-14 15:25 -------- d--h--w- c:\program files\FX Uninstall Information
2010-03-06 08:06 . 2009-03-23 11:13 588472 ----a-w- c:\windows\system32\ezsvc7x.dll
2010-02-24 08:16 . 2010-02-01 09:59 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-14 10:13 . 2009-06-05 14:49 1762568 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\it\Installers\SetupGamesClient.exe
2010-02-09 13:53 . 2009-03-23 18:44 662608 ----a-w- c:\windows\system32\perfh010.dat
2010-02-09 13:53 . 2009-03-23 18:44 120120 ----a-w- c:\windows\system32\perfc010.dat
2010-02-01 10:11 . 2010-02-01 10:11 -------- d-----w- c:\programdata\Avira
2010-02-01 10:11 . 2010-02-01 10:11 -------- d-----w- c:\program files\Avira
2010-02-01 09:52 . 2009-03-23 11:14 -------- d-----w- c:\programdata\Norton
2010-01-29 13:59 . 2009-06-06 14:28 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-21 09:26 . 2009-10-07 15:38 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-06 16:22 . 2009-07-18 11:54 576 ----a-w- c:\users\vincenzina\AppData\Roaming\wklnhst.dat
2010-01-02 06:38 . 2010-01-22 13:34 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 13:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 13:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 13:34 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-28 12:35 . 2010-02-10 12:23 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35 . 2010-02-10 12:23 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:32 . 2010-02-10 12:23 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:32 . 2010-02-10 12:23 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:32 . 2010-02-10 12:23 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:32 . 2010-02-10 12:23 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:31 . 2010-02-10 12:23 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:31 . 2010-02-10 12:23 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:28 . 2010-02-10 12:23 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:28 . 2010-02-10 12:23 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-03-23 19:22 . 2009-03-23 19:21 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2010-03-12_22.30.11 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-30 18:32 . 2010-03-12 21:38 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-30 18:32 . 2010-03-12 16:25 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-30 18:32 . 2010-03-12 16:25 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-30 18:32 . 2010-03-12 21:38 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-30 18:32 . 2010-03-12 16:25 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-03-30 18:32 . 2010-03-12 21:38 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2009-10-01 2166296]
"{e3393495-8103-46a0-8181-270273eddd60}"= "c:\program files\Softonic-IT\tbSoft.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CLASSES_ROOT\clsid\{e3393495-8103-46a0-8181-270273eddd60}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2009-10-01 16:29 2166296 ----a-w- c:\program files\myBabylon_English\tbmyBa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3393495-8103-46a0-8181-270273eddd60}]
2009-12-31 10:53 2349080 ----a-w- c:\program files\Softonic-IT\tbSoft.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2009-10-01 2166296]
"{e3393495-8103-46a0-8181-270273eddd60}"= "c:\program files\Softonic-IT\tbSoft.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CLASSES_ROOT\clsid\{e3393495-8103-46a0-8181-270273eddd60}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2009-10-01 2166296]
"{E3393495-8103-46A0-8181-270273EDDD60}"= "c:\program files\Softonic-IT\tbSoft.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CLASSES_ROOT\clsid\{e3393495-8103-46a0-8181-270273eddd60}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-18 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2009-10-22 3721104]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-18 506712]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^vincenzina^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Ritaglio schermata e avvio di OneNote 2007.lnk]
path=c:\users\vincenzina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ritaglio schermata e avvio di OneNote 2007.lnk
backup=c:\windows\pss\Ritaglio schermata e avvio di OneNote 2007.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 07:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AliceRV_McciTrayApp]
2007-01-23 15:43 1001472 ----a-w- c:\program files\Alice ti aiuta\McciTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer for HP TouchSmart]
2008-12-15 15:15 189736 ------w- c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDAgent]
2008-11-28 17:04 1148200 ------w- c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-12-04 07:14 75016 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-14 19:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2008-12-01 11:12 966656 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 14:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2008-11-20 09:47 62768 ----a-w- c:\program files\Hewlett-Packard\HP Odometer\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2008-07-21 13:30 12288 ----a-w- c:\program files\Hewlett-Packard\KBD\KbdStub.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
2008-10-03 14:41 203296 ----a-w- c:\windows\System32\nvraidservice.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-21 02:23 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartMenu]
2008-11-18 18:35 914224 ----a-w- c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-08-29 16:11 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TSMAgent]
2008-12-15 15:15 1152296 ------w- c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVAgent]
2009-04-22 21:06 206120 ------w- c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
2008-06-13 17:11 210216 ------w- c:\program files\Cyberlink\LabelPrint\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2008-10-30 10:51 210216 ------w- c:\program files\Cyberlink\Power2Go\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]
2008-06-13 17:11 210216 ------w- c:\program files\Cyberlink\PowerDirector\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2008-11-26 18:17 210216 ------w- c:\program files\Cyberlink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

R2 gupdate1ca07bdcd2c591d;Servizio di Google Update (gupdate1ca07bdcd2c591d);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-18 133104]
R3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [2009-01-06 22896]
R3 RTL8187B;TG123g USB Wireless Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2008-04-09 293376]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-01-18 64160]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/03/23 12:02];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 17:04 87536]
S2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2009-10-01 1858144]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 921936]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2009-04-22 296320]
S2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2009-04-22 116104]


--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - MBAMSwissArmy

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contenuto della cartella 'Scheduled Tasks'

2010-03-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 21:34]

2010-03-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-18 15:38]

2010-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-18 15:38]

2010-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-18 15:38]

2010-02-25 c:\windows\Tasks\HPCeeScheduleForvincenzina.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-03-23 19:01]

2009-05-16 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-11-05 17:33]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2530241
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=92&bd=Pavilion&pf=cndt
uSearchURL,(Default) = hxxp://it.search.yahoo.com/search?fr=mcafee&p=%s
IE: &AOL Toolbar Cerca - c:\programdata\AOL\ieToolbar\resources\it-IT\local\search.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-12 23:40
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
Ora fine scansione: 2010-03-12 23:41:36
ComboFix-quarantined-files.txt 2010-03-12 22:41
ComboFix2.txt 2010-03-12 22:31

Pre-Run: 383.950.405.632 byte disponibili
Post-Run: 383.924.207.616 byte disponibili

- - End Of File - - 49A83900BF0AA9381786B3F68291AFD6

salve r16 ho eseguito tutte le operazioni che mi hai elencato.Ho eliminato i vari files con HJT, ho dato una pulita con ccleaner ed infine ho eseguito la scansione sul sito che mi hai consigliato, risultato della sca no threats found. Una cosa all'avvio di internet explorer l'homepage di softonic non c'e' + adesso mi compare messenger......(giusto per capire quello che faccio)
cmq a breve ti mando un log con hjt

Ciao.

Scusa, ma non era quello il problema che ti assillava?
Elimina quella icona.
Se all'avvio di internet explorer l'homepage di softonic non c'e' + meglio.
Come pagina iniziale consiglio Google.
Altro consiglio:
Disistalla Ad-Aware (chi ti ha consigliato di installarlo?) e tieni installato Malwarebytes, che è più valido.
Fatte queste operazioni dimmi che problemi riscontri.

E' possibile che qualche programma sia usato per le lingue non occidentali.
Esempio,realtek, samsung e altre sono aziende koreane.
http://www.processlibrary.com/it/directory/files/conime/25519
http://www.processlibrary.com/it/directory/files/conime
A quale credere?
Lasciamolo lì.

buona serata ai miei interlocutori. Ho eseguito i consiglidi r16 oramai come un mentore, cmq quello che mi assilla di + è questo...allora supponiamo che uso opzioni internet e cancello tutta la cronologia ok? Quando riavvio internet explorer non ci dovrebbe essere nulla solo ovviamente la homepage di google; perche invece nelle suddetta cronologia mi ci trovo pure sto clkads.com non so cosa sia e in che genere di sito potrebbe portarmi;
premetto che fino ad ora nn mi è mai apparso nulla.Il mio tarlo è questo, è un dialer? è un trojan? o un hijacker? Ed ancora non c'è la remota possibiliyà che mi arriva a casa una bolletta stratosferica perche magari si collega ad un server di chissà dove? ho consultato alice ti aiuta visto che ho alice casa adsl tutto compreso e loro lo hanno escluso perchè dicono che non si può fare a meno che io non avevo ancora quei modem vecchi a 56k
Certo che normale non è visto cha da 2 gg, anche grazie allìaiuto di r16 sto scannerizzando sto computer fino agli angoli più remoti ma non è risultato nulla di strano.......chi mi dice qualcosa? Grazie in anticipo