Sistema Operativo XP da una settimana circa quando navigo con IE mi si aprono altre finestre con siti che nn conosco, ho fatto pulizia con antivirus, spybot e cleaner ma ho voluto analizzare il sistema anche con Hijack, ecco il risultato: (grazie naturalmente)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.49.21, on 31/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe
C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Programmi\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Programmi\Canon\MyPrinter\BJMyPrt.exe
C:\Programmi\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\Fastweb\PrintAndFax\FaxMonitor.exe
C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
C:\Programmi\File comuni\Logitech\KhalShared\KHALMNPR.EXE
C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/home.php?ref=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\ASUSTeK\ASUSDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programmi\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programmi\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Programmi\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: PrintAndFax.lnk = C:\Programmi\Fastweb\PrintAndFax\FaxMonitor.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1245759512781
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Servizio di Google Update (gupdate1c9f6473fde2eaa) (gupdate1c9f6473fde2eaa) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7900 bytes

Fai queste 2 scansioni:
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
Posta il log.

------------------------------------------------------------------------------------------------------
COMBOFIX
Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.

Disinstalla combofix in questo modo: (dopo che avrò visto il log)
Start
Esegui
nella finestra di dialogo, copia ed incolla questo comando: Combofix /u e premi Invio poi cancella le cartelle in "C" di combofix (qoobox)

Grazie, provo e vi faccio sapere.

Ecco il LOG di Combofix:

ComboFix 09-07-31.04 - Laura 01/08/2009 13.18.43.1.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2039.1499 [GMT 2:00]
Eseguito da: c:\documents and settings\Laura\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-747441550-89667117-2375523179-1001
c:\windows\system32\2
c:\windows\system32\2\BiMMonNT.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-07-01 al 2009-08-01 )))))))))))))))))))))))))))))))))))
.

2009-07-31 14:49 . 2009-07-31 14:49 -------- d-----w- c:\programmi\Trend Micro
2009-07-31 14:11 . 2009-07-31 14:11 -------- d-----w- c:\programmi\CCleaner
2009-07-31 14:03 . 2009-07-31 14:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-07-31 14:03 . 2009-07-31 14:07 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-07-29 06:53 . 2009-07-03 16:55 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-29 06:53 . 2009-07-03 16:55 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-25 15:23 . 2009-07-25 15:23 -------- d-----w- c:\documents and settings\Laura\Impostazioni locali\Dati applicazioni\ESET
2009-07-18 06:02 . 2009-07-18 06:02 -------- d-----w- c:\documents and settings\Laura\Impostazioni locali\Dati applicazioni\Temp
2009-07-12 12:49 . 2009-07-12 12:49 -------- d-----w- c:\documents and settings\Laura\Impostazioni locali\Dati applicazioni\Internet Saving Optimizer
2009-07-12 12:49 . 2009-07-15 13:50 -------- d-----w- c:\documents and settings\Laura\Impostazioni locali\Dati applicazioni\Media Access Startup
2009-07-12 12:48 . 2009-07-12 12:48 -------- d-----w- c:\documents and settings\Laura\Impostazioni locali\Dati applicazioni\DoubleD
2009-07-05 17:00 . 2008-04-13 17:13 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-01 09:58 . 2009-06-19 14:08 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-08-01 09:58 . 2009-06-19 14:08 3775176 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-31 15:33 . 2009-06-24 15:04 -------- d-----w- c:\programmi\Zylom Games
2009-07-28 14:21 . 2009-06-23 11:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2009-07-13 11:36 . 2009-06-19 14:08 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 11:36 . 2009-06-19 14:08 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-05 17:00 . 2009-07-05 17:00 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-07-05 17:00 . 2009-07-05 17:00 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-07-03 16:55 . 2008-04-14 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-30 05:01 . 2009-06-25 12:57 -------- d-----w- c:\programmi\Java
2009-06-30 05:01 . 2009-06-30 05:01 152576 ----a-w- c:\documents and settings\Laura\Dati applicazioni\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-27 16:25 . 2009-06-27 16:25 -------- d-----w- c:\programmi\Microsoft CAPICOM 2.1.0.2
2009-06-27 16:25 . 2009-06-27 16:25 -------- d-----w- c:\programmi\MSXML 4.0
2009-06-26 14:59 . 2008-04-14 12:00 48790 ----a-w- c:\windows\system32\perfc010.dat
2009-06-26 14:59 . 2008-04-14 12:00 348238 ----a-w- c:\windows\system32\perfh010.dat
2009-06-26 12:57 . 2009-06-26 13:00 737280 ----a-w- c:\windows\iun6002.exe
2009-06-26 12:57 . 2009-06-26 12:57 -------- d-----w- c:\programmi\Fastweb
2009-06-26 12:43 . 2009-06-26 12:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\InstallShield
2009-06-26 12:43 . 2009-06-26 12:43 -------- d-----w- c:\documents and settings\Laura\Dati applicazioni\ScanSoft
2009-06-26 12:43 . 2009-06-26 12:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ScanSoft
2009-06-26 12:43 . 2009-06-26 12:43 -------- d-----w- c:\programmi\File comuni\ScanSoft Shared
2009-06-26 12:43 . 2009-06-19 12:45 -------- d-----w- c:\programmi\File comuni\InstallShield
2009-06-26 12:42 . 2009-06-26 12:42 -------- d-----w- c:\programmi\ScanSoft
2009-06-26 12:39 . 2009-06-26 12:33 -------- d-----w- c:\programmi\Canon
2009-06-26 12:37 . 2009-06-26 12:37 -------- d-----w- c:\programmi\File comuni\CANON
2009-06-26 12:34 . 2009-06-26 12:34 -------- d--h--w- c:\documents and settings\All Users\Dati applicazioni\CanonBJ
2009-06-26 12:34 . 2009-06-26 12:34 -------- d--h--w- c:\programmi\CanonBJ
2009-06-26 11:42 . 2009-06-26 11:42 50616 ----a-w- c:\documents and settings\Laura\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-06-26 10:35 . 2009-06-26 10:17 -------- d-----w- c:\documents and settings\Laura\Dati applicazioni\Ashtons Family Resort
2009-06-26 10:17 . 2009-06-26 10:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Ashtons Family Resort
2009-06-26 10:17 . 2009-06-24 15:04 -------- d-----w- c:\documents and settings\Laura\Dati applicazioni\Zylom
2009-06-26 10:17 . 2009-06-24 15:04 -------- d-----w- c:\programmi\Google
2009-06-25 12:57 . 2009-06-25 12:57 152576 ----a-w- c:\documents and settings\Laura\Dati applicazioni\Sun\Java\jre1.6.0_12\lzma.dll
2009-06-24 15:04 . 2009-06-24 15:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HipSoft
2009-06-24 15:04 . 2009-06-24 15:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Zylom
2009-06-23 18:26 . 2009-06-23 18:26 33061 ----a-w- c:\windows\king-uninstall.exe
2009-06-23 16:25 . 2009-06-23 16:25 -------- d-----w- c:\documents and settings\Laura\Dati applicazioni\TeamViewer
2009-06-23 12:57 . 2009-06-23 12:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2009-06-23 12:39 . 2009-06-23 11:54 -------- d-----w- c:\programmi\Microsoft Works
2009-06-23 11:23 . 2009-06-23 11:13 -------- d-----w- c:\programmi\Logitech
2009-06-23 11:22 . 2009-06-23 11:22 -------- d-----w- c:\documents and settings\Laura\Dati applicazioni\Logitech
2009-06-23 11:17 . 2009-06-23 11:17 10134 ----a-r- c:\documents and settings\Laura\Dati applicazioni\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2009-06-23 11:17 . 2009-06-23 11:17 -------- d-----w- c:\programmi\File comuni\LogiShared
2009-06-23 11:17 . 2009-06-19 12:45 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-06-23 11:14 . 2009-06-23 11:14 10134 ----a-r- c:\documents and settings\Laura\Dati applicazioni\Microsoft\Installer\{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}\ARPPRODUCTICON.exe
2009-06-23 11:13 . 2009-06-23 11:13 -------- d-----w- c:\programmi\File comuni\Logitech
2009-06-23 11:13 . 2009-06-23 11:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Logitech
2009-06-23 11:13 . 2009-06-23 11:13 10134 ----a-r- c:\documents and settings\Laura\Dati applicazioni\Microsoft\Installer\{56918C0C-0D87-4CA6-92BF-4975A43AC719}\ARPPRODUCTICON.exe
2009-06-23 11:13 . 2009-06-23 11:13 -------- d-----w- c:\documents and settings\Laura\Dati applicazioni\InstallShield
2009-06-23 11:10 . 2009-06-23 11:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\LogiShrd
2009-06-22 07:18 . 2009-06-19 12:39 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-19 14:53 . 2009-06-19 14:53 -------- d-----w- c:\programmi\Eidos
2009-06-19 14:24 . 2009-06-19 14:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\CyberLink
2009-06-19 14:24 . 2009-06-19 14:24 -------- d-----w- c:\programmi\CyberLink
2009-06-19 14:23 . 2009-06-19 14:23 -------- d-----w- c:\programmi\ASUSTeK
2009-06-19 14:22 . 2009-06-19 14:21 -------- d-----w- c:\programmi\Ahead
2009-06-19 14:21 . 2009-06-19 14:21 -------- d-----w- c:\programmi\File comuni\Ahead
2009-06-19 14:21 . 2009-06-19 14:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Ahead
2009-06-19 14:17 . 2009-06-19 14:17 -------- d-----w- c:\programmi\MSECache
2009-06-19 14:16 . 2009-06-19 14:16 -------- d-----w- c:\programmi\Microsoft.NET
2009-06-19 14:08 . 2009-06-19 14:08 -------- d-----w- c:\documents and settings\Laura\Dati applicazioni\Malwarebytes
2009-06-19 14:08 . 2009-06-19 14:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-06-19 14:07 . 2009-06-19 14:07 -------- d-----w- c:\documents and settings\Laura\Dati applicazioni\gtopala
2009-06-19 14:04 . 2009-06-19 14:04 -------- d-----w- c:\programmi\File comuni\Adobe
2009-06-19 13:55 . 2009-06-19 13:55 -------- d-----w- c:\programmi\ESET
2009-06-19 13:55 . 2009-06-19 13:55 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ESET
2009-06-19 13:28 . 2009-06-19 13:28 -------- d-----w- c:\programmi\Windows Media Connect 2
2009-06-19 12:50 . 2009-06-19 12:50 -------- d-----w- c:\programmi\AGEIA Technologies
2009-06-19 12:50 . 2009-06-19 12:50 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2009-06-19 12:46 . 2009-06-19 12:45 -------- d-----w- c:\programmi\Realtek
2009-06-19 12:43 . 2009-06-19 12:43 -------- d-----w- c:\programmi\Intel
2009-06-19 12:39 . 2009-06-19 12:39 -------- d-----w- c:\programmi\microsoft frontpage
2009-06-19 12:38 . 2009-06-19 12:38 -------- d-----w- c:\programmi\Servizi in linea
2009-06-19 12:37 . 2009-06-19 12:37 21840 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-16 14:36 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-04 11:37 . 2009-06-04 11:37 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-06-04 11:37 . 2009-06-04 11:37 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-06-03 19:09 . 2008-04-14 12:00 1296384 ----a-w- c:\windows\system32\quartz.dll
2009-05-08 23:14 . 2009-05-08 23:14 1418120 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2009-05-08 23:14 . 2009-05-08 23:14 14736 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2009-05-07 15:32 . 2008-04-14 12:00 347648 ----a-w- c:\windows\system32\localspl.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-24 39408]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"WinSys2"="c:\windows\system32\winsys2.exe" [2008-10-21 208896]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2008-10-08 1451264]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\programmi\ASUSTeK\ASUSDVD\PDVDServ.exe" [2003-10-31 32768]
"CanonSolutionMenu"="c:\programmi\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\programmi\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\programmi\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-02-17 17508864]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Laura\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Logitech SetPoint.lnk - c:\programmi\Logitech\SetPoint\SetPoint.exe [2009-6-23 692224]
PrintAndFax.lnk - c:\programmi\Fastweb\PrintAndFax\FaxMonitor.exe [2005-11-3 970856]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [08/10/2008 8.50.14 34312]
R2 ekrn;Eset Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [08/10/2008 8.47.58 468224]
S2 gupdate1c9f6473fde2eaa;Servizio di Google Update (gupdate1c9f6473fde2eaa);c:\programmi\Google\Update\GoogleUpdate.exe [26/06/2009 12.17.02 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [19/06/2009 14.45.09 1684736]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-06-26 10:17]

2009-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-06-26 10:17]

2009-07-31 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

2009-08-01 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.facebook.com/home.php?ref=home
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-01 13:20
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"01400E0900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Ora fine scansione: 2009-08-01 13.21.09
ComboFix-quarantined-files.txt 2009-08-01 11:21

Pre-Run: 190.725.660.672 byte disponibili
Post-Run: 190.976.147.456 byte disponibili

195 --- E O F --- 2009-07-29 17:19

Ciao. Prima di tutto grazie della prontezza con cui mi aiuti. :) Per rispondere alla tua domanda: no da quando ho usato combofix non ho più avuto problemi...devo cmq disinstallarlo? Invece alla tua seconda domanda: sì. Cioè me l'ha installato il tecnico a cui mi rivolgo quando neanche con il vostro aiuto riesco a risolvere, se ho capito bene serve a far sì che lui veda il mio pc come se fossi io senza doverglielo portare, giusto? Grazie ancora per la tua gentilezza.

Carissimo r16, hai reagione credevo di aver aggiornato Malwarebytes ma evidentemente no visto che ha trovato altri 17 elementi, ho fatto anche tutta la pulizia che mi hai detto riguardo Combofix e il contenuto della cartella Prefetch (a proposito che roba è?), in più Hijackthis ha trovato una caterva di ADS....non posso domandarti anche questi che sono eh? Il PC sta buono, buono e non apre più niente per conto suo. Ti ringrazio ancora e ti auguro una buona estate.