ciao, è un po' che non ci si sente, spero tuttobene;

ti chiedo un parere su una cosa che mi sta accadendo dal 10 dic. e cioè explorer 7 stenta ad aprire le pagine (linea adsl tra 4 e 5 mbs) devo disconnettere e riconnettere e comunque alcuni siti li carica normalmete altri da la pagina come se non ci fosse linea.
ho ripristinato al giorno 8 dic quando tutto andava bene e al riavvio mi ha seganalato che alcuni files di pc tools era stati modificati dall'esterno;
ho distillato pc tools, fatto cclean e va decisamente meglio, ma stamattina si ri è ripresentetato come se ci fosse un blooco verso alcuni siti internet (es. tramite google cerco wikipedia, trovato se clicco sul link non apre la pagina e poi segnala come se mancasse la linea)
fatta scansione con malawareb, superantisp., spyterminat, tolti gli ads in hjt: tutto negativa (a parte un cookie 'mauro@atdmt(2).txt' eliminato)

ti chiedo quali altri controlli posso fare e con quali applicazioni secondo te;
in attesa ti ringranzio anticipatamente
ti allego log di hjt;
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.01.47, on 12/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\PMJ151LA.BIN
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\Mauro\IMPOST~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5FA7AE4C-6C0C-4B7F-8F00-16656305F801}: NameServer = 85.37.17.16 85.38.28.68
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsushita Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe

--
End of file - 4699 bytes

Ciao toro051963 .
Di solito, a creare improvvisi problemi, senza un apparente motivo, sono gli aggiornamenti dei vari software in "tempo reale". (PC Tools Firewall ,Nod32, Spyware Terminator ) Nonchè qualche volta, pure quelli di Microsoft.
Ma potrebbero essere, anche altre le cause.
Magari un Rootkit, oppure l'MBR infetto.
Sono queste infezioni, che gli antivirus hanno delle difficoltà, nel rilevarle, che creano problemi di stabilità.
Per prima cosa, fai delle pulizie:
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Poi:
Start\Esegui\copia e incolla la stringa %temp% clicca su Ok, svuota la cartella temp. (non eliminare la cartella)
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO
Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan.
Aspetta pazientemente la fine della scansione.
se venissero rilevati ADS, spunta tutte (senza paura) le caselline e clicca su Remove selected

Fai uno ScanDisk e una deframmentazione del HD.

Se NON noti sensibili miglioramenti, proveremo con una scansione con Combofix.

fatto quello da te indicao:
miglioramenti sostanziali non ce ne sono, continua ad non aprire alcune pagine, e ad esere un po lento nell'aprire le altre;
attendo istruzioni per combofix
p.s.
si possono annullare i singoli update di windows (senza dover fare un ripristino ad es. all'8 dic?) per vedere se dipende da questi ultimi?

ecco il log.

ComboFix 09-06-22.0E - Mauro 13/12/2009 14.33.36.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2046.1562 [GMT 1:00]
Eseguito da: c:\documents and settings\Mauro\Desktop\ComboFix.exe
AV: Sistema Antivirus NOD32 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
- MODALITÀ CON FUNZIONALITÀ RIDOTTE -
.

((((((((((((((((((((((((( Files Creati Da 2009-11-13 al 2009-12-13 )))))))))))))))))))))))))))))))))))
.

2009-12-02 20:36 . 2009-12-02 20:36 -------- d-----w- c:\documents and settings\ff\Dati applicazioni\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-13 13:08 . 2008-01-31 18:43 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-12-13 09:28 . 2009-03-12 20:22 117760 ----a-w- c:\documents and settings\Mauro\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-13 09:26 . 2008-11-13 20:33 -------- d-----w- c:\documents and settings\Mauro\Dati applicazioni\Spyware Terminator
2009-12-13 09:10 . 2009-12-11 21:11 -------- d-----w- c:\programmi\PC Tools Firewall Plus
2009-12-13 09:09 . 2008-11-13 20:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2009-12-13 09:09 . 2009-02-13 18:14 -------- d-----w- c:\programmi\File comuni\PC Tools
2009-12-13 09:09 . 2009-09-28 17:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2009-12-13 09:09 . 2007-02-26 23:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-12-13 08:49 . 2008-11-13 20:33 -------- d-----w- c:\programmi\Spyware Terminator
2009-12-13 08:35 . 2009-12-11 09:52 -------- d-----w- c:\programmi\Veoh Networks
2009-12-13 08:30 . 2008-11-15 09:19 -------- d-----w- c:\documents and settings\ff\Dati applicazioni\Spyware Terminator
2009-12-12 09:46 . 2009-03-18 19:07 117760 ----a-w- c:\documents and settings\Flavio Massimo.OK\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-12 09:39 . 2009-03-20 19:03 117760 ----a-w- c:\documents and settings\ff\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-11 22:02 . 2001-08-31 11:00 73904 ----a-w- c:\windows\system32\perfc010.dat
2009-12-11 22:02 . 2001-08-31 11:00 448176 ----a-w- c:\windows\system32\perfh010.dat
2009-12-11 21:37 . 2009-04-15 19:20 117760 ----a-w- c:\documents and settings\mamma\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-11 21:37 . 2008-06-25 16:24 -------- d-----w- c:\programmi\SpywareBlaster
2009-12-11 21:14 . 2009-12-11 21:11 95640 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2009-12-11 09:45 . 2008-11-14 13:54 -------- d-----w- c:\documents and settings\Flavio Massimo.OK\Dati applicazioni\Spyware Terminator
2009-12-04 21:00 . 2008-11-04 18:23 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-12-04 21:00 . 2008-12-04 17:07 4844296 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-03 15:14 . 2008-11-04 18:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 15:13 . 2008-11-04 18:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-25 21:14 . 2008-11-05 14:24 -------- d-----w- c:\programmi\SUPERAntiSpyware
2009-11-12 20:24 . 2008-10-31 17:10 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-11-05 17:52 . 2008-11-06 17:30 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-05 17:52 . 2009-11-05 17:52 -------- d-----w- c:\programmi\Java
2009-11-05 17:51 . 2009-11-05 17:51 152576 ----a-w- c:\documents and settings\Mauro\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-29 07:42 . 2002-09-09 12:51 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:42 . 2007-02-26 23:34 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:42 . 2001-08-31 11:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-23 08:25 . 2009-10-23 08:25 -------- d-----w- c:\documents and settings\ff\Dati applicazioni\DivX
2009-10-21 05:38 . 2007-02-26 23:34 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38 . 2007-02-26 23:34 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-20 16:20 . 2007-02-26 23:34 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-14 16:41 . 2008-02-13 20:21 90832 ----a-w- c:\documents and settings\ff\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-10-13 10:33 . 2002-09-09 12:51 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2002-09-09 12:51 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2002-09-09 12:51 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:38 . 2002-09-09 12:51 79872 ----a-w- c:\windows\system32\raschap(2).dll
2009-10-08 13:57 . 2009-10-08 13:57 613888 ------w- c:\windows\system32\uiautomationcore.dll
2009-10-08 13:57 . 2001-08-31 11:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-08 13:57 . 2001-08-31 11:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-09-28 17:58 . 2009-09-28 17:57 1962544 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-09-16 18:15 . 2007-03-01 20:51 90832 ----a-w- c:\documents and settings\Flavio Massimo.OK\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-09-16 18:13 . 2007-02-26 23:07 90832 ----a-w- c:\documents and settings\Mauro\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\programmi\Eset\nod32kui.exe" [2008-11-07 949376]
"SpywareTerminator"="c:\programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2008-11-13 1783808]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2007-02-26 98304]
"00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2009-12-11 2652056]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-13 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-08 18:55 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)
"gusvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"<NO NAME>"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [07/11/2008 21.47.14 15424]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [11/12/2009 22.11.33 159600]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\SASDIFSV.SYS [03/09/2008 14.07.14 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [03/09/2008 14.07.12 74480]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [13/11/2008 21.33.12 141312]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [16/09/2009 18.38.20 54752]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [11/12/2009 22.11.35 73840]
R2 PMJ151NM;Panasonic DVC Web Camera;c:\windows\system32\drivers\PMJ151NM.sys [27/02/2007 0.55.44 14848]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [11/12/2009 22.11.10 95640]
S3 ActionReplayDS;ActionReplayDS;c:\windows\system32\drivers\ActionReplayDS.sys [03/09/2009 12.28.52 29184]
S3 fsssvc;Servizio Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21.48.42 704864]
S3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [30/01/2008 19.18.25 3768]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [03/09/2008 14.07.16 7408]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [02/03/2008 9.48.54 44928]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-13 14:34
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PMJ151LA]
"ImagePath"="%SystemRoot%\PMJ151LA.BIN"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1040)
c:\programmi\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1096)
c:\windows\system32\imon.dll
c:\programmi\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(3856)
c:\windows\system32\WININET.dll
.
Ora fine scansione: 2009-12-13 14.35.25
ComboFix-quarantined-files.txt 2009-12-13 13:35

Pre-Run: 59.541.499.904 byte disponibili
Post-Run: 59.539.808.256 byte disponibili

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
169 --- E O F --- 2009-12-11 21:57

due domande:
prima di trascinare il txt disattivo antiv. pctools ecc ecc?

devo disitallare adode ecc ecc, reistallare quello che mi indichi e poi rilanciare alla fine una scansione di combofix?

va decisimente mglio (sia come velocità apertura pagine che di visualizzazione dei contenuti delle pagine stesse banner, link ecc ecc)
non ho ancora disistallato niente, ecco il log (al riavvio di xp mentre combofix produceva il log si sono riattivitai antivirus, pc tools e spyterm., spero non abbiano pregiudicato il log) .

ComboFix 09-06-22.0E - Mauro 13/12/2009 20.14.04.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2046.1591 [GMT 1:00]
Eseguito da: c:\documents and settings\Mauro\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Mauro\Desktop\CFScript.txt
AV: Sistema Antivirus NOD32 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
- MODALITÀ CON FUNZIONALITÀ RIDOTTE -
.

((((((((((((((((((((((((( Files Creati Da 2009-11-13 al 2009-12-13 )))))))))))))))))))))))))))))))))))
.

2009-12-13 09:10 . 2009-12-13 09:10 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-11 21:11 . 2008-12-11 11:32 132976 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-12-11 21:11 . 2008-12-11 11:32 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-12-11 21:11 . 2008-12-11 07:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-12-11 21:11 . 2008-09-22 11:29 97408 ----a-w- c:\windows\system32\drivers\pctfw.sys
2009-12-11 21:11 . 2009-12-11 21:14 95640 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2009-12-11 21:11 . 2009-12-13 09:10 -------- d-----w- c:\programmi\PC Tools Firewall Plus
2009-12-11 09:52 . 2009-12-13 08:35 -------- d-----w- c:\programmi\Veoh Networks
2009-12-02 20:36 . 2009-12-02 20:36 -------- d-----w- c:\documents and settings\ff\Dati applicazioni\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-13 19:15 . 2008-01-31 18:43 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-12-13 14:18 . 2008-11-13 20:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spyware Terminator
2009-12-13 14:18 . 2008-11-13 20:33 -------- d-----w- c:\programmi\Spyware Terminator
2009-12-13 14:15 . 2008-11-14 13:54 -------- d-----w- c:\documents and settings\Flavio Massimo.OK\Dati applicazioni\Spyware Terminator
2009-12-13 13:37 . 2008-11-13 20:33 -------- d-----w- c:\documents and settings\Mauro\Dati applicazioni\Spyware Terminator
2009-12-13 09:28 . 2009-03-12 20:22 117760 ----a-w- c:\documents and settings\Mauro\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-13 09:09 . 2009-02-13 18:14 -------- d-----w- c:\programmi\File comuni\PC Tools
2009-12-13 09:09 . 2009-09-28 17:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2009-12-13 09:09 . 2007-02-26 23:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-12-13 08:30 . 2008-11-15 09:19 -------- d-----w- c:\documents and settings\ff\Dati applicazioni\Spyware Terminator
2009-12-12 09:46 . 2009-03-18 19:07 117760 ----a-w- c:\documents and settings\Flavio Massimo.OK\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-12 09:39 . 2009-03-20 19:03 117760 ----a-w- c:\documents and settings\ff\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-11 22:02 . 2001-08-31 11:00 73904 ----a-w- c:\windows\system32\perfc010.dat
2009-12-11 22:02 . 2001-08-31 11:00 448176 ----a-w- c:\windows\system32\perfh010.dat
2009-12-11 21:37 . 2009-04-15 19:20 117760 ----a-w- c:\documents and settings\mamma\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-11 21:37 . 2008-06-25 16:24 -------- d-----w- c:\programmi\SpywareBlaster
2009-12-04 21:00 . 2008-11-04 18:23 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-12-04 21:00 . 2008-12-04 17:07 4844296 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-03 15:14 . 2008-11-04 18:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 15:13 . 2008-11-04 18:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-25 21:14 . 2008-11-05 14:24 -------- d-----w- c:\programmi\SUPERAntiSpyware
2009-11-12 20:24 . 2008-10-31 17:10 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-11-05 17:52 . 2008-11-06 17:30 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-05 17:52 . 2009-11-05 17:52 -------- d-----w- c:\programmi\Java
2009-11-05 17:51 . 2009-11-05 17:51 152576 ----a-w- c:\documents and settings\Mauro\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-29 07:42 . 2002-09-09 12:51 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:42 . 2007-02-26 23:34 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:42 . 2001-08-31 11:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-23 08:25 . 2009-10-23 08:25 -------- d-----w- c:\documents and settings\ff\Dati applicazioni\DivX
2009-10-21 05:38 . 2007-02-26 23:34 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38 . 2007-02-26 23:34 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-20 16:20 . 2007-02-26 23:34 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-14 16:41 . 2008-02-13 20:21 90832 ----a-w- c:\documents and settings\ff\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-10-13 10:33 . 2002-09-09 12:51 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2002-09-09 12:51 150016 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2002-09-09 12:51 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:38 . 2002-09-09 12:51 79872 ----a-w- c:\windows\system32\raschap(2).dll
2009-10-08 13:57 . 2009-10-08 13:57 613888 ------w- c:\windows\system32\uiautomationcore.dll
2009-10-08 13:57 . 2001-08-31 11:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-08 13:57 . 2001-08-31 11:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-09-28 17:58 . 2009-09-28 17:57 1962544 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-09-16 18:15 . 2007-03-01 20:51 90832 ----a-w- c:\documents and settings\Flavio Massimo.OK\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-09-16 18:13 . 2007-02-26 23:07 90832 ----a-w- c:\documents and settings\Mauro\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"nod32kui"="c:\programmi\Eset\nod32kui.exe" [2008-11-07 949376]
"SpywareTerminator"="c:\programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2008-11-13 1783808]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2007-02-26 98304]
"00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2009-12-11 2652056]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-13 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-08 18:55 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)
"gusvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"<NO NAME>"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [07/11/2008 21.47.14 15424]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [11/12/2009 22.11.33 159600]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\SASDIFSV.SYS [03/09/2008 14.07.14 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [03/09/2008 14.07.12 74480]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [13/11/2008 21.33.12 141312]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [16/09/2009 18.38.20 54752]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [11/12/2009 22.11.35 73840]
R2 PMJ151NM;Panasonic DVC Web Camera;c:\windows\system32\drivers\PMJ151NM.sys [27/02/2007 0.55.44 14848]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [11/12/2009 22.11.10 95640]
S3 ActionReplayDS;ActionReplayDS;c:\windows\system32\drivers\ActionReplayDS.sys [03/09/2009 12.28.52 29184]
S3 fsssvc;Servizio Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21.48.42 704864]
S3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [30/01/2008 19.18.25 3768]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [03/09/2008 14.07.16 7408]
S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [02/03/2008 9.48.54 44928]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = 127.0.0.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-13 20:16
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PMJ151LA]
"ImagePath"="%SystemRoot%\PMJ151LA.BIN"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1044)
c:\programmi\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3972)
c:\windows\system32\WININET.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\programmi\File comuni\EPSON\EBAPI\SAgent2.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\rundll32.exe
c:\programmi\ESET\nod32krn.exe
c:\programmi\PC Tools Firewall Plus\FWService.exe
c:\windows\PMJ151LA.BIN
c:\programmi\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2009-12-13 20.17.48 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-12-13 19:17
ComboFix2.txt 2009-12-13 13:35

Pre-Run: 59.545.763.840 byte disponibili
Post-Run: 59.530.899.456 byte disponibili

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
173 --- E O F --- 2009-12-11 21:57

ci sentiamo alle 21,00

ULTIMO AGGIORNAMENTO:

A QUESTO RIAVVIO (21,20) NON è VELOCE COME ALL 20,30 E ALCUNI BANNER ALL'INTERNO DELLE PAGINE RICOMPARE LA SCHERA DI EXPLORER COME QUANDO MANCA LA LINEA

in questo momento 21,30 sembra che rivada bene (compresi i banner pubblicitari)
non ci capisco più niente

scusa mi puoi ripetere le operazioni da fare?
per cartelle cosa intendi?

fatto quasi tutto manca java, non l'ho installa perchè

dice che non può procedere per le correnti impostazioni di connessione ad internet