ma ora cosa devo fare? si sn davvero tolti i trojan?

Scusami se ho scritto ora ma non ci sono stata...Farò tutto quel che hai scritto (spero bene) e posto il log!! grazie ancora!

Ciao.
Disistalla completamente Ad-Aware. (falla come prima operazione)
Al suo posto tieni Malwarebytes, che è molto più valido.
Quando lo hai disistallato, fai una pulizia con CCleaner:
http://www.aiutamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta a: Cancella i file in Windows Temp solo se più vecchi di 48 ore
Poi esegui la pulizia (registro compreso)

Fai questa operazione:

Apri un file di testo sul Desktop :
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt


KillAll::
File::
c:\windows\system32\drivers\Lbd.sys
c:\documents and settings\Mario\Dati applicazioni\Simply Super Software\Trojan Remover\wuw2.exe
c:\windows\system32\lsdelete.exe
c:\documents and settings\Mario\Dati applicazioni\Simply Super Software
c:\documents and settings\All Users\Dati applicazioni\Simply Super Software

Driver::
Lbd
FXDrv32

Folder::
C:\WINDOWS\temp
C:\WINDOWS\Tasks
c:\programmi\Trojan Remover

e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix che ti comparirà sul Desktop.

Esegui ALLA LETTERA, e non puoi sbagliare.

Buonasera! ho fatto tutto quel che mi hai detto...però è sorto un problemino perchè dopo che il pc si è riavviato e combofix ha elaborato il log stavo per sarvarlo ma c'è statp un calo di pressione e il pc si è spento e nn ho potuto salvarlo!! cosi non sapendo che fare ho rifatto tutto....ma non so se va bene lo stesso...te lo posto ugualmente sperando che vada bene! Grazie ancora per tutto quel che stai facendo per il mio pc!
Fammi sapere...ciao



ComboFix 09-08-10.06 - Mario 14/08/2009 12.21.36.4.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.510.178 [GMT 2:00]
Eseguito da: c:\documents and settings\Mario\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Mario\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

FILE ::
"c:\documents and settings\All Users\Dati applicazioni\Simply Super Software"
"c:\documents and settings\Mario\Dati applicazioni\Simply Super Software"
"c:\documents and settings\Mario\Dati applicazioni\Simply Super Software\Trojan Remover\wuw2.exe"
"c:\windows\system32\drivers\Lbd.sys"
"c:\windows\system32\lsdelete.exe"
.
ADS - WINDOWS: deleted 0 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\temp


.
((((((((((((((((((((((((( Files Creati Da 2009-07-14 al 2009-08-14 )))))))))))))))))))))))))))))))))))
.

2009-08-12 19:26 . 2009-07-10 13:26 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 12:14 . 2009-08-12 12:15 -------- d-----w- c:\documents and settings\Mario\Dati applicazioni\Media Player Classic
2009-08-09 20:09 . 2009-08-09 20:10 -------- d-----w- c:\programmi\File comuni\DivX Shared
2009-08-09 20:00 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2009-08-09 20:00 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-08-09 20:00 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-08-09 20:00 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-08-09 20:00 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-08-09 20:00 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-08-09 20:00 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-08-09 20:00 . 2009-08-09 20:01 -------- d-----w- c:\programmi\K-Lite Codec Pack
2009-08-09 14:14 . 2009-08-09 14:14 152576 ----a-w- c:\documents and settings\Mario\Dati applicazioni\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-09 13:21 . 2009-08-09 13:21 -------- d-----w- c:\documents and settings\Mario\Dati applicazioni\Malwarebytes
2009-08-09 13:21 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-09 13:21 . 2009-08-09 13:21 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-08-09 13:21 . 2009-08-09 13:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-08-09 13:21 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-08 22:08 . 2009-08-08 22:08 -------- d-----w- c:\programmi\Trend Micro
2009-08-08 12:43 . 2009-08-08 12:43 -------- d-----w- c:\documents and settings\Mario\Dati applicazioni\proDAD
2009-08-08 12:42 . 2009-08-08 12:42 -------- d-----w- c:\programmi\proDAD
2009-08-08 12:42 . 2004-03-29 14:23 90112 ----a-w- c:\windows\unvise32.exe
2009-08-08 12:42 . 2009-08-08 12:42 -------- d-----w- c:\programmi\LooksBuilderSE
2009-08-08 12:41 . 2003-07-01 14:49 69632 ----a-w- c:\windows\system32\MtxPreview.dll
2009-08-08 12:41 . 2003-07-01 14:49 49152 ----a-w- c:\windows\system32\MtxParhBFXPreview.dll
2009-08-08 12:41 . 2003-06-26 08:04 237568 ----a-r- c:\windows\system32\qtmlClient.dll
2009-08-08 12:41 . 2003-01-20 07:08 49152 ----a-w- c:\windows\system32\CvoAPI.dll
2009-08-08 12:40 . 2009-08-10 12:26 -------- d-----w- c:\programmi\Boris FX, Inc
2009-08-08 12:37 . 2009-08-08 12:37 29926 ----a-r- c:\documents and settings\Mario\Dati applicazioni\Microsoft\Installer\{5EB90C06-964F-4195-B83E-BD7E55C88415}\ARPPRODUCTICON.exe
2009-08-08 12:36 . 2005-09-23 21:18 171520 ----a-w- c:\windows\system32\drivers\MarvinBus.sys
2009-08-08 12:36 . 2009-08-08 12:36 -------- d-----w- c:\programmi\File comuni\Pinnacle
2009-08-08 12:36 . 2009-08-08 12:36 -------- d-----w- c:\documents and settings\Mario\Impostazioni locali\Dati applicazioni\Downloaded Installations
2009-08-08 12:36 . 2009-08-08 12:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Pinnacle Studio Ultimate
2009-08-08 12:24 . 2009-08-08 12:24 -------- d-----w- c:\programmi\File comuni\Yahoo!
2009-08-08 12:24 . 2009-08-08 12:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Studio 12
2009-08-08 12:24 . 2009-08-08 12:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Pinnacle Studio Plus
2009-08-05 08:59 . 2009-08-05 08:59 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-03 20:59 . 2009-08-05 20:50 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-08-03 20:53 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-08-03 20:53 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-08-03 20:53 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-08-03 20:53 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-08-03 20:53 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-08-03 20:53 . 2009-08-03 20:53 -------- d-----w- c:\documents and settings\Mario\Dati applicazioni\Simply Super Software
2009-08-03 20:53 . 2009-08-03 20:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Simply Super Software
2009-08-02 21:14 . 2009-08-13 20:42 -------- d-----w- c:\programmi\Lavasoft
2009-08-02 18:11 . 2009-08-02 18:11 -------- d-----w- c:\documents and settings\Mario\Dati applicazioni\Publish Providers
2009-08-02 16:08 . 2009-08-02 18:09 -------- d-----w- c:\documents and settings\Mario\Dati applicazioni\Sony
2009-08-02 16:08 . 2009-08-02 16:08 -------- d-----w- c:\documents and settings\Mario\Impostazioni locali\Dati applicazioni\Sony
2009-08-02 16:03 . 2009-08-02 16:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Sony
2009-08-02 16:02 . 2009-08-02 16:02 -------- d-----w- c:\programmi\Sony
2009-08-02 15:56 . 2009-08-02 15:56 -------- d-----w- c:\programmi\MSBuild
2009-08-02 15:56 . 2009-08-05 11:13 210752 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2009-08-02 15:51 . 2009-08-02 15:51 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-02 15:49 . 2009-08-02 15:49 -------- d-----w- c:\programmi\Reference Assemblies
2009-08-02 15:48 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-08-02 14:27 . 2009-08-02 14:58 52770576 ----a-w- c:\documents and settings\Mario\Dati applicazioni\Sony Setup\64993CD0-67D1-4244-A2BC-FD73F4DA5B62\dotnetfx3.exe
2009-08-02 14:27 . 2009-08-02 14:27 -------- d-----w- c:\documents and settings\Mario\Dati applicazioni\Sony Setup
2009-08-02 12:15 . 2009-08-02 12:16 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-07-27 08:03 . 2009-08-10 16:25 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-07-27 07:54 . 2009-07-27 07:54 -------- d-----w- c:\programmi\Alien Skin
2009-07-27 07:51 . 2009-07-27 07:51 -------- d-----w- c:\documents and settings\Mario\Library
2009-07-27 07:51 . 2009-07-27 07:51 -------- d-----w- c:\documents and settings\Mario\Dati applicazioni\com.adobe.ExMan
2009-07-26 21:06 . 2009-08-09 20:28 -------- d-----w- c:\programmi\Windows Media Connect 2
2009-07-26 21:01 . 2009-07-26 21:04 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-07-26 21:01 . 2009-07-26 21:01 -------- d-----w- c:\windows\system32\LogFiles
2009-07-26 17:08 . 2009-07-26 17:09 -------- d-----w- c:\documents and settings\Mario\Dati applicazioni\Topaz Moment
2009-07-26 16:44 . 2009-07-29 08:25 -------- d-----w- c:\documents and settings\Mario\Dati applicazioni\Alien Skin
2009-07-26 16:20 . 2009-07-26 16:20 -------- d-----w- c:\programmi\Adobe Media Player
2009-07-26 16:15 . 2009-07-26 16:15 -------- d-----w- c:\programmi\File comuni\Adobe AIR
2009-07-26 16:06 . 2009-07-26 16:06 -------- d-----w- c:\programmi\File comuni\Macrovision Shared
2009-07-25 12:51 . 2008-05-19 11:13 57344 ----a-w- c:\windows\system32\ASTSRV.EXE
2009-07-17 19:01 . 2009-07-17 19:01 58880 -c----w- c:\windows\system32\dllcache\atl.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-13 20:42 . 2008-03-15 21:45 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-08-11 12:35 . 2008-03-17 18:34 -------- d-----w- c:\programmi\Nokia
2009-08-11 12:30 . 2008-03-11 19:42 -------- d-----w- c:\programmi\DivX
2009-08-10 11:11 . 2008-03-15 21:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-08-10 07:54 . 2008-03-10 08:14 109704 ----a-w- c:\documents and settings\Mario\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-08-09 14:15 . 2009-05-10 07:49 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-09 14:15 . 2008-03-15 19:16 -------- d-----w- c:\programmi\Java
2009-08-09 11:03 . 2004-08-19 12:00 80886 ----a-w- c:\windows\system32\perfc010.dat
2009-08-09 11:03 . 2004-08-19 12:00 482596 ----a-w- c:\windows\system32\perfh010.dat
2009-08-08 20:58 . 2008-10-18 09:46 -------- d-----w- c:\documents and settings\Mario\Dati applicazioni\Azureus
2009-08-08 12:40 . 2002-04-09 07:04 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-08-08 12:39 . 2008-03-11 19:40 -------- d-----w- c:\programmi\Pinnacle
2009-08-08 12:24 . 2008-03-10 15:45 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Pinnacle
2009-08-05 08:59 . 2004-08-19 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 12:52 . 2008-10-18 09:44 -------- d-----w- c:\programmi\Vuze
2009-08-02 12:20 . 2008-08-22 21:03 -------- d-----w- c:\programmi\Google
2009-07-31 07:53 . 2009-02-15 21:34 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-07-30 22:56 . 2009-02-07 09:19 -------- d-----w- c:\documents and settings\Mario\Dati applicazioni\LimeWire
2009-07-27 09:44 . 2008-03-22 15:14 -------- d-----w- c:\programmi\Jasc Software Inc
2009-07-26 16:42 . 2009-01-26 16:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\FLEXnet
2009-07-26 16:22 . 2008-03-10 15:57 -------- d-----w- c:\programmi\File comuni\Adobe
2009-07-17 19:01 . 2004-08-19 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 21:42 . 2008-04-05 08:26 -------- d-----w- c:\programmi\Messenger Plus! Live
2009-07-13 21:43 . 2004-08-19 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-12 10:53 . 2009-07-12 10:53 -------- d-----w- c:\programmi\Xilisoft
2009-07-12 10:53 . 2009-07-12 10:40 -------- d-----w- c:\documents and settings\Mario\Dati applicazioni\GetRightToGo
2009-07-04 11:14 . 2009-07-04 11:14 -------- d-----w- c:\programmi\Ubisoft
2009-07-03 16:55 . 2004-08-19 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:36 . 2004-08-19 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-19 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 10:43 . 2004-08-19 12:00 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-19 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:19 . 2002-04-09 06:32 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-19 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-04 10:20 . 2009-01-24 21:09 21036 ----atw- c:\windows\system32\SIntfNT.dll
2009-06-04 10:20 . 2009-01-24 21:09 15132 ----atw- c:\windows\system32\SIntf32.dll
2009-06-04 10:20 . 2009-01-24 21:09 12067 ----atw- c:\windows\system32\SIntf16.dll
2009-06-03 19:09 . 2004-08-19 12:00 1296384 ----a-w- c:\windows\system32\quartz.dll
2009-05-31 12:29 . 2008-03-10 09:14 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-29 17:59 . 2008-10-21 19:25 10 ----a-w- c:\windows\popcinfo.dat
.

((((((((((((((((((((((((((((( SnapShot_2009-08-14_07.59.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-14 10:30 . 2009-08-14 10:30 16384 c:\windows\TEMP\Perflib_Perfdata_230.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"PMCRemote"="c:\programmi\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe" [2007-09-18 257096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-08-09 149280]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-09-12 16264192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Synchronizer.lnk - c:\programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Ralink Wireless Utility.lnk - c:\programmi\RALINK\Common\RaUI.exe [2008-3-10 675840]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Vuze\\Azureus.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=
"c:\\Programmi\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Programmi\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Programmi\\Pinnacle\\Studio 12\\Programs\\umi.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [09/04/2002 9.01.54 11264]
R2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [25/07/2009 14.51.25 57344]
R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\system32\drivers\3xHybrid.sys [18/12/2006 18.53.02 1121536]
S2 gupdate1ca136b7c496576;Servizio di Google Update (gupdate1ca136b7c496576);c:\programmi\Google\Update\GoogleUpdate.exe [02/08/2009 14.19.27 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-08-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]

2009-08-14 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-02 12:15]

2009-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-08-02 12:19]

2009-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-08-02 12:19]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Aggiungi all'elenco di stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Anteprima Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Stampa ad alta velocità Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
FF - ProfilePath - c:\documents and settings\Mario\Dati applicazioni\Mozilla\Firefox\Profiles\larisuly.default\
FF - prefs.js: browser.search.selectedEngine - GoogleCOM
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/ig
FF - prefs.js: keyword.URL - hxxp://www.wcsearch.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\programmi\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.7\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----

FF - user.js: browser.search.selectedEngine - GoogleCOM
FF - user.js: keyword.URL - hxxp://www.wcsearch.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-14 12:31
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,31,12,71,66,64,
27,8a,a7,c8,28,51,af,b0,29,a3,98,dd,c8,ec,61,86,e5,0e,5b,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,8e,f4,f2,4e,40,
65,e7,d6,71,3b,04,66,8b,46,0d,96,7b,15,85,9c,59,ba,c7,7b,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,ff,29,28,3b,ff,
4b,94,4e,25,da,ec,7e,55,20,c9,26,e9,e1,0d,b4,99,4b,a7,f9,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,49,fd,ab,2f,e1,
e2,ce,a6,3e,1e,9e,e0,57,5a,93,61,19,d6,7e,de,e8,af,07,f7,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,0e,4b,93,e7,3e,
5f,2d,ad,cd,44,cd,b9,a6,33,6c,cd,7c,0a,6e,d4,6e,f3,79,c9,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,13,94,d6,80,89,
28,f8,a0,b0,18,ed,a7,3f,8d,37,a4,d3,f7,57,23,c3,d2,d7,a5,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,d1,4b,8f,15,2d,
33,b1,84,31,77,e1,ba,b1,f8,68,02,73,7a,c6,de,99,76,1b,97,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,33,87,79,c7,c7,
3c,e7,0a,83,6c,56,8b,a0,85,96,ab,46,47,ef,73,d4,91,11,63,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,40,aa,97,23,a8,
24,67,6e,51,fa,6e,91,28,9e,14,cc,f7,64,3a,1d,96,be,f6,39,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,8c,ff,29,38,f4,
65,cf,82,b1,cd,45,5a,a8,c4,f8,b9,8d,a6,8f,c3,1b,b5,35,28,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,9e,ae,f6,8d,94,
eb,2c,23,e3,0e,66,d5,eb,bc,2f,6b,c3,45,25,43,47,47,83,a3,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,ee,1e,6b,8f,ea,
84,54,c0,fa,ea,66,7f,d4,3b,6b,70,84,e6,92,9d,8e,af,c4,25,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\Ati2evxx.dll
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(392)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\programmi\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Pinnacle\Shared Files\Programs\Remote\remoterm.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Ora fine scansione: 2009-08-14 12.41.03 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-08-14 10:40
ComboFix2.txt 2009-08-14 10:14
ComboFix3.txt 2009-08-14 08:08
ComboFix4.txt 2009-08-12 07:30

Pre-Run: 103.535.271.936 byte disponibili
Post-Run: 103.497.576.448 byte disponibili

331 --- E O F --- 2009-08-13 10:47

che tipo di problemi? comunque ecco il log di HJT:)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0.30.27, on 15/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\ASTSRV.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\RALINK\Common\RaUI.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Programmi\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programmi\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PMCRemote] C:\Programmi\Pinnacle\Shared Files\\Programs\Remote\Remoterm.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programmi\RALINK\Common\RaUI.exe
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\WINDOWS\system32\ASTSRV.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio di Google Update (gupdate1ca136b7c496576) (gupdate1ca136b7c496576) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe

--
End of file - 7997 bytes

scusami pensavo ti riferissi a qualcosa di preciso! comunque la connessione ora è ok..avira non segnala piu nessun trojan...solo che succede una cosa un po strana ma non credo si tratta di virus boh! praticamente quando apro un video a volte si riavvia il pc ed esce la schermata blu che mi indica che il driver ati ha dei problemi e windows si e riavviato per proteggersi. Oggi invece vedevo un video e il monitor si accendeva e spegneva da solo 10 volte...poi aprivo nero (il lettore dvix) diceva che era disattivata l'accelerazione hardware e dovevo attivarla e c'entrava anche DirectX se nn sbaglio...cmq se non c entra con i virus lascia stare...hai gia fatto troppo per me :)

buongiorno! buon ferragosto :) cmq wolf devo disinstallare ATI DISPLAY DRIVER? E poi caso scarico dal sito? c'e ne sono di tanti tipi!

uffa! R16 mentre tutto sembrava andar per il meglio il "guard" di avira mi ha segnalato un trojan nel system volume information!! l'ho messo in quarantena ma credo che sono punto e a capo!

Ciao.
Non dovrebbe essere niente di grave.
Fai cosi:
Disattiva il ripristino configurazione di sistema:
http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121
Riavvia il pc.
Fai una scansione con Avira.
Se non rileva niente, Riattiva il ripristino configurazione di sistema

Neanche quello è un problema.
La cartella qoobox, è la cartella della quarantena di Combofix.
La trovi in C:\ e la elimini.
Poi con la funzione "Cerca" di Windows, digita Combofix ed elimina tutto quello che trova.