Queste sono da fixare:



1)Scarica Malwarebytes antimalware e dopo averlo aggiornato fai una scansione completa.


2)scarica combofix e salvalo sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

IMPORTANTE
Prima di lanciarlo disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo averlo scaricato chiudi la connessione.

Lancia combofix.exe
se ti vengono inviati messaggi dall'antivirus o da Combofix ignorali.

Quando ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante la scansione è MOLTO importante non usare il PC (NE MAUSE NE TASTIERA) e attendere la fine del controllo.
alla fine verrà creato un file blocco note sul Desktop (ComboFix.txt.), posta le scritte che trovi al suo interno

Alla fine fai una pulizia con CCleaner(registro compreso) e poi riposta il log.


EDIT:
chiedo scusa a a shapiro, stavo scrivendo mentre lo facevi anche tu.

elimina tutto quello trovato da malwarebytes e vediamo se c'e' qualche altro intruso nascosto

disattiva l'antivirus

scarica combofix sul desktop

disconnetiti da internet

non installare la recovery console quando te lo chiede

esegui ComboFix.exe
- digita 1
- segui le instruzioni
- finita la scansione portati in C:\ e copia/incolla, nella tua prossima risposta, il contenuto del file di testo Combofix.txt

Report di combofix

edit: riavviando il computer non c'è l'avviso, credo e spero che il problema si sia risolto.
Grazie per l'aiuto.


ComboFix 10-04-06.05 - Administrator 07/04/2010 23.19.16.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.2047.1147 [GMT 2:00]
Eseguito da: d:\documents and settings\Administrator\Documenti\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\khq
d:\docume~1\ADMINI~1\IMPOST~1\Temp\install_flash_player.exe
D:\khq
d:\recycler\S-1-5-21-448539723-113007714-839522115-500
D:\Thumbs.db
d:\windows\system32\msconfig.exe
d:\windows\ufdata2000.log
E:\khq

.
((((((((((((((((((((((((( Files Creati Da 2010-03-07 al 2010-04-07 )))))))))))))))))))))))))))))))))))
.

2010-04-07 20:55 . 2010-04-07 21:09 -------- d-----w- D:\32788R22FWJFW
2010-04-07 18:27 . 2010-04-07 18:27 -------- d-----w- d:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2010-04-07 18:27 . 2010-03-29 22:46 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-04-07 18:27 . 2010-04-07 18:27 -------- d-----w- d:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-04-07 18:27 . 2010-03-29 22:45 20824 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-04-07 18:27 . 2010-04-07 20:34 -------- d-----w- d:\programmi\Malwarebytes' Anti-Malware
2010-04-07 16:29 . 2010-04-07 16:29 -------- d-----w- d:\programmi\Trend Micro
2010-04-02 20:23 . 2010-04-02 20:23 1685784 ----a-w- d:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.dll
2010-04-02 20:23 . 2010-04-02 20:23 1035032 ----a-w- d:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.exe
2010-03-16 14:33 . 2010-03-16 14:33 360584 ----a-w- d:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgtdix.sys
2010-03-16 14:32 . 2010-03-16 14:32 333192 ----a-w- d:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgldx86.sys
2010-03-16 14:32 . 2010-03-16 14:32 28424 ----a-w- d:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgmfx86.sys
2010-03-16 14:32 . 2010-03-16 14:32 12464 ----a-w- d:\windows\system32\avgrsstx.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-07 21:48 . 2010-02-16 21:36 30107680 --sha-w- d:\windows\system32\drivers\fidbox.dat
2010-04-07 20:42 . 2009-11-13 23:38 -------- d-----w- d:\programmi\eMule
2010-04-07 19:56 . 2009-12-26 22:41 -------- d-----w- d:\programmi\Ask.com
2010-04-07 17:04 . 2010-04-07 17:05 1502208 ----a-w- d:\windows\Internet Logs\xDB7.tmp
2010-04-07 17:04 . 2010-04-07 17:05 2650112 ----a-w- d:\windows\Internet Logs\xDB6.tmp
2010-04-07 06:05 . 2010-02-16 21:36 347300 --sha-w- d:\windows\system32\drivers\fidbox.idx
2010-04-06 23:41 . 2009-12-26 22:30 -------- d-----w- d:\documents and settings\Administrator\Dati applicazioni\uTorrent
2010-04-02 22:52 . 2010-04-03 13:07 2993152 ----a-w- d:\windows\Internet Logs\xDB5.tmp
2010-03-28 10:36 . 2002-09-25 22:10 47592 ----a-w- d:\windows\system32\perfc010.dat
2010-03-28 10:36 . 2002-09-25 22:10 345010 ----a-w- d:\windows\system32\perfh010.dat
2010-03-16 14:32 . 2009-11-12 15:36 242696 ----a-w- d:\windows\system32\drivers\avgtdix.sys
2010-03-16 14:32 . 2009-11-12 15:36 29512 ----a-w- d:\windows\system32\drivers\avgmfx86.sys
2010-03-16 14:31 . 2009-11-12 15:36 216200 ----a-w- d:\windows\system32\drivers\avgldx86.sys
2010-03-14 16:46 . 2010-03-14 16:47 1444864 ----a-w- d:\windows\Internet Logs\xDB4.tmp
2010-03-14 16:46 . 2010-03-14 16:47 2883584 ----a-w- d:\windows\Internet Logs\xDB3.tmp
2010-03-07 14:53 . 2010-03-07 14:54 3033088 ----a-w- d:\windows\Internet Logs\xDB1.tmp
2010-03-07 14:53 . 2010-03-07 14:54 1420800 ----a-w- d:\windows\Internet Logs\xDB2.tmp
2010-03-07 12:01 . 2009-12-26 22:40 -------- d-----w- d:\programmi\uTorrent
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "d:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:01 1230080 ----a-w- d:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "d:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "d:\programmi\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208]
"Google Update"="d:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-11-06 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"AdobeCS4ServiceManager"="d:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"NeroFilterCheck"="d:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"IW ControlCenter"="d:\programmi\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe" [2003-03-12 836096]
"VOBID"="d:\programmi\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe" [2003-03-31 147968]
"PinnacleDriverCheck"="d:\windows\system32\PSDrvCheck.exe" [2003-05-05 393728]
"TkBellExe"="d:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-11-14 198160]
"ZoneAlarm Client"="d:\programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"nwiz"="nwiz.exe" [2007-04-19 1626112]
"ThreatFire"="d:\programmi\ThreatFire\TFTray.exe" [2010-01-14 378128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-16 14:32 12464 ----a-w- d:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"d:\\Programmi\\Messenger\\msmsgs.exe"=
"d:\\Programmi\\uTorrent\\uTorrent.exe"=
"d:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"d:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 TfFsMon;TfFsMon;d:\windows\system32\drivers\TfFsMon.sys [03/03/2010 22.21.54 51984]
R0 TfSysMon;TfSysMon;d:\windows\system32\drivers\TfSysMon.sys [03/03/2010 22.21.54 59664]
R0 VOBID;VOBID;d:\windows\system32\drivers\vobid.sys [07/05/2003 18.36.24 26679]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys [12/11/2009 17.36.43 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;d:\windows\system32\drivers\avgtdix.sys [12/11/2009 17.36.48 242696]
R1 vobcom;vobcom;d:\windows\system32\drivers\vobcom.sys [04/10/2001 13.53.16 9728]
R1 vobiw;vobiw;d:\windows\system32\drivers\vobIW.sys [27/05/2003 14.12.28 187392]
R2 avg9wd;AVG Free WatchDog;d:\programmi\AVG\AVG9\avgwdsvc.exe [16/03/2010 16.32.12 308064]
R2 ThreatFire;ThreatFire;d:\programmi\ThreatFire\TFService.exe service --> d:\programmi\ThreatFire\TFService.exe service [?]
R3 cdrdrv;Cdrdrv;d:\windows\system32\drivers\Cdrdrv.sys [13/12/2002 20.33.52 64000]
R3 TfNetMon;TfNetMon;d:\windows\system32\drivers\TfNetMon.sys [03/03/2010 22.21.54 33552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenuto della cartella 'Scheduled Tasks'

2010-04-07 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-602609370-725345543-500Core.job
- d:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-11-06 11:34]

2010-04-07 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-602609370-725345543-500UA.job
- d:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-11-06 11:34]

2010-04-07 d:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- d:\programmi\Ask.com\UpdateTask.exe [2009-09-02 13:56]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.html.it/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - d:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\ca9jq0p3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://s99.ikariam.it/index.php?view=militaryAdvisorMilitaryMovements&oldView=tradeAdvisor|http://www.rai.tv/dl/RaiTV/diretta.html?cid=PublishingBlock-1dc5af18-ecc2-497f-be49-8e2989cbcc2a&channel=RaiSat%20Cinema|http://www.google.it/
FF - prefs.js: keyword.URL - hxxp://it.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_it&p=
FF - component: d:\programmi\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: d:\programmi\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: d:\programmi\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: d:\programmi\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: d:\programmi\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: d:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: d:\programmi\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll

---- FIREFOX POLICIES ----
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
d:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
d:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
d:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
d:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
d:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-msnmsgr - d:\programmi\Windows Live\Messenger\msnmsgr.exe
HKLM-Run-Cmaudio - cmicnfg.cpl



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-07 23:47
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(772)
d:\programmi\ThreatFire\TFWAH.dll
d:\programmi\ThreatFire\TFNI.dll
d:\programmi\ThreatFire\TFMon.dll
d:\programmi\ThreatFire\TFRK.dll

- - - - - - - > 'lsass.exe'(852)
d:\programmi\ThreatFire\TFWAH.dll
.
Ora fine scansione: 2010-04-07 23:58:31
ComboFix-quarantined-files.txt 2010-04-07 21:58

Pre-Run: 119.802.806.272 byte disponibili
Post-Run: 124.362.653.696 byte disponibili

- - End Of File - - 77909E5C44CF40077ADF4B8A2FB7D547

Nuovo log di HijckThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.18.08, on 09/04/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Programmi\AVG\AVG9\avgchsvx.exe
D:\Programmi\AVG\AVG9\avgrsx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Programmi\AVG\AVG9\avgcsrvx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Programmi\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
D:\Programmi\File comuni\Real\Update_OB\realsched.exe
D:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
D:\Programmi\ThreatFire\TFTray.exe
D:\PROGRA~1\AVG\AVG9\avgtray.exe
D:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
D:\Programmi\AVG\AVG9\avgwdsvc.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Programmi\ThreatFire\TFService.exe
D:\Programmi\WinZip\WZQKPICK.EXE
D:\Programmi\AVG\AVG9\avgnsx.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\System32\alg.exe
D:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
D:\Programmi\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.html.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Programmi\AVG\AVG9\avgssie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "D:\Programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [IW ControlCenter] D:\Programmi\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [VOBID] D:\Programmi\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ThreatFire] D:\Programmi\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [AVG9_TRAY] D:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = D:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A690AE66-25E7-4B61-900F-90FADA1D927C}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Programmi\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - D:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - D:\Programmi\AVG\AVG9\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - D:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ThreatFire - PC Tools - D:\Programmi\ThreatFire\TFService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5539 bytes