Ho prestato una chiavetta ad un mio amico e quando l'ho ripresa, appena inserita è uscito il messaggio di avast che era infetta ....ha spostato il virus nel cestino e poi lo ho eliminato.. ho riprovato a scansionare la chiavetta e avast trova ugualmente il file infetto.... autorn o roba simile....non c'è un modo per ''disinfettare'' la chiavetta o la devo buttare?

Provi a vedere se questo puo essere utile:

http://www.tecnonews.org/come-riparare-il-file-autoruninf-delle-tue-pendrive-o-hard-disk/

ho usato ninja e penso di aver risolto..... l'antivirus non rileva più nulla.
comunque ecco il log da controllare....
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7.40.05, on 15/03/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\timtimer\timtimer.EXE
C:\Program Files\Desktop Media\mediadetect.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Users\Lilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fafa.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\CrystalDiskInfo\DiskInfo.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ycomp/defaults/sp/*http://it.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Felix] C:\Program Files\ScreenMates\felix.exe
O4 - HKCU\..\Run: [Puppy] c:\program files\ScreenMates\puppy.exe
O4 - HKCU\..\Run: [Felix II] C:\Program Files\ScreenMates\Felix II\Felix2.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Startup: Acer Empowering Technology.lnk = ?
O4 - Startup: fafa.exe
O4 - Global Startup: Contascatti Timtimer.lnk = C:\Program Files\timtimer\timtimer.EXE
O4 - Global Startup: Desktop Media.lnk = C:\Program Files\Desktop Media\mediadetect.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9250 bytes

malwarebytes già c'è l'ho...... appena posso faccio la scansione completa e la posto, ma penso di sapere già di cosa tratta quella voce: dovrebbe essere il gattino screnmates .... sai quegli animaletti che camminano sullo schermo.....

[quote = fdaccc] non penso proprio. [/ Quote] Pensi che cioè Quella voce non si riferisca al''Gattino''?

comunque eccolo
[IMG] http://i42.tinypic.com/osr0ah.jpg[/ IMG]


E questa è la scansione fatta malwarebytes com ... Qualche cosa ha trovato ....

Malwarebytes 'Anti-Malware 1,44
Versione del database: 3.869
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

15/03/2010 18.07.48
mbam-log-2010-03-15 (18-07-48). txt

Tipo di scansione: Scansione completa (C: \ | D: \ | E: \ | L: \ |)
Elementi scansionati: 253.181
Tempo trascorso: 56 minute (s), 2 secondi (s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo RILEVATO)

Moduli della memoria infetti:
(Nessun elemento malevolo RILEVATO)

Chiavi di registro infette:
HKEY_CURRENT_USER \ SOFTWARE \ adtools, inc. (Adware.AdTools) -> No action taken.

Valori di registro infetti:
(Nessun elemento malevolo RILEVATO)

Elementi dato del registro infetti:
(Nessun elemento malevolo RILEVATO)

Cartelle infette:
(Nessun elemento malevolo RILEVATO)

File infetti:
(Nessun elemento malevolo RILEVATO)

ComboFix 10-03-14.06 - Lilly 15/03/2010 18.37.12.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.3061.1417 [GMT 1:00]
Eseguito da: c:\users\Lilly\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Creati Da 2010-02-15 al 2010-03-15 )))))))))))))))))))))))))))))))))))
.

2010-03-15 17:43 . 2010-03-15 17:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-15 06:39 . 2010-03-15 06:39 -------- d-----w- c:\program files\Trend Micro
2010-03-14 09:57 . 2010-03-14 09:57 -------- d--h--w- c:\programdata\CanonIJEGV
2010-03-13 13:07 . 2010-03-13 13:27 -------- d-----w- c:\users\Lilly\AppData\Roaming\Canon
2010-03-13 12:53 . 2010-03-13 13:52 -------- d-----w- c:\users\Lilly\AppData\Local\Canon Easy-PhotoPrint EX
2010-03-13 12:53 . 2010-03-13 12:53 -------- d--h--w- c:\programdata\CanonIJEPPEX
2010-03-13 10:15 . 2010-03-13 10:17 -------- d-----w- c:\users\Lilly\AppData\Roaming\PhotoFiltre
2010-03-13 10:15 . 2010-03-13 10:15 -------- d-----w- c:\program files\PhotoFiltre
2010-03-12 07:13 . 2010-03-12 08:37 -------- d-----w- C:\Fraps
2010-03-10 06:32 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-10 06:32 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-10 06:32 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-09 17:09 . 2010-03-09 17:09 -------- d-----w- c:\program files\Microsoft
2010-03-08 08:37 . 2010-03-08 08:37 -------- d-----w- c:\program files\CrystalDiskInfo
2010-03-07 17:09 . 2010-03-07 17:09 -------- d-----w- c:\users\Lilly\AppData\Local\Stardock
2010-03-07 10:16 . 2010-03-07 10:16 194 ----a-w- c:\users\Lilly\AppData\Roaming\DelAll.bat
2010-03-07 10:11 . 2010-03-07 10:11 -------- d-----w- c:\program files\MyFelix
2010-03-05 17:33 . 2010-03-05 17:33 -------- d-----w- c:\users\Lilly\AppData\Local\PackageAware
2010-03-05 17:07 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-04 09:26 . 2010-03-04 09:26 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-03-03 07:29 . 2010-03-03 07:29 568832 ----a-w- c:\users\Lilly\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\B7AC.tmp_\sun-pdfimport.oxt\msvcp90.dll
2010-03-03 07:29 . 2010-03-03 07:29 686080 ----a-w- c:\users\Lilly\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\B7AC.tmp_\sun-pdfimport.oxt\pdfimport.uno.dll
2010-03-03 07:29 . 2010-03-03 07:29 655872 ----a-w- c:\users\Lilly\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\B7AC.tmp_\sun-pdfimport.oxt\msvcr90.dll
2010-03-03 07:29 . 2010-03-03 07:29 583168 ----a-w- c:\users\Lilly\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\B7AC.tmp_\sun-pdfimport.oxt\xpdfimport.exe
2010-03-03 07:29 . 2010-03-03 07:29 224768 ----a-w- c:\users\Lilly\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\B7AC.tmp_\sun-pdfimport.oxt\msvcm90.dll
2010-03-02 11:14 . 2010-03-02 11:14 -------- d-----w- c:\program files\JRE
2010-03-01 16:21 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-03-01 16:21 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-03-01 13:41 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-03-01 13:41 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-03-01 13:41 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-03-01 13:41 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-03-01 13:41 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-03-01 13:41 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-03-01 13:41 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-03-01 13:41 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-03-01 13:41 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-03-01 13:38 . 2009-12-08 20:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-03-01 13:38 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-03-01 13:35 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-03-01 13:35 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-03-01 13:35 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-03-01 13:33 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-03-01 13:24 . 2010-03-02 06:30 -------- d-----w- c:\users\Lilly\AppData\Local\IM
2010-03-01 13:23 . 2010-03-01 13:23 -------- d-----w- c:\programdata\IncrediMail
2010-03-01 13:23 . 2010-03-01 13:25 -------- d-----w- c:\programdata\IM
2010-03-01 13:07 . 2010-03-01 13:06 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbD106.tmp.exe
2010-03-01 12:58 . 2010-03-01 12:58 -------- d-----w- c:\program files\National Instruments

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-15 17:34 . 2009-07-04 08:10 -------- d-----w- c:\users\Lilly\AppData\Roaming\Orbit
2010-03-15 12:30 . 2006-11-06 01:52 662846 ----a-w- c:\windows\system32\perfh010.dat
2010-03-15 12:30 . 2006-11-06 01:52 120326 ----a-w- c:\windows\system32\perfc010.dat
2010-03-15 10:56 . 2009-06-18 06:08 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-14 18:40 . 2009-04-26 15:34 -------- d-----w- c:\programdata\Google Updater
2010-03-14 10:05 . 2010-02-01 13:39 -------- d-----w- c:\programdata\CanonIJPLM
2010-03-14 08:48 . 2009-06-20 20:32 1 ----a-w- c:\users\Lilly\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-10 06:39 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-09 11:24 . 2010-02-01 09:06 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-09 11:12 . 2010-02-01 09:07 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-09 11:12 . 2010-02-01 09:07 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-09 11:09 . 2010-02-01 09:07 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 11:08 . 2010-02-01 09:07 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-03-09 11:08 . 2010-02-01 09:07 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-07 09:07 . 2009-04-26 15:32 -------- d-----w- c:\program files\Google
2010-03-06 17:30 . 2009-10-14 12:29 -------- d-----w- c:\program files\CCleaner
2010-03-02 16:59 . 2009-04-26 09:52 108888 ----a-w- c:\users\Lilly\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-02 11:14 . 2009-04-26 15:55 -------- d-----w- c:\program files\OpenOffice.org 3
2010-03-02 11:14 . 2009-04-26 15:54 -------- d-----w- c:\program files\Common Files\Java
2010-03-02 11:13 . 2009-04-26 19:16 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-02 11:13 . 2009-04-26 15:54 -------- d-----w- c:\program files\Java
2010-03-01 12:58 . 2009-10-09 11:30 -------- d-----w- c:\program files\timtimer
2010-03-01 11:15 . 2009-04-26 19:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-24 08:16 . 2009-10-09 08:37 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-11 18:53 . 2010-02-01 09:06 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-01 14:43 . 2009-10-10 16:09 -------- d-----w- c:\program files\CDBurnerXP
2010-02-01 13:56 . 2009-04-26 19:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-01 13:46 . 2009-06-18 04:42 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-01 13:40 . 2010-02-01 13:40 -------- d--h--w- c:\programdata\CanonIJSolutionMenu
2010-02-01 13:39 . 2010-02-01 13:39 -------- d--h--w- c:\programdata\CanonIJMyPrinter
2010-02-01 13:39 . 2010-02-01 13:31 -------- d-----w- c:\program files\Canon
2010-02-01 13:37 . 2010-02-01 13:37 -------- d-----w- c:\program files\Common Files\CANON
2010-02-01 13:34 . 2010-02-01 13:34 -------- d--h--w- c:\programdata\CanonBJ
2010-02-01 13:31 . 2010-02-01 13:31 -------- d--h--w- c:\program files\CanonBJ
2010-02-01 11:27 . 2009-06-18 05:36 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-01 09:38 . 2010-02-01 09:39 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb88F0.tmp.exe
2010-02-01 09:06 . 2010-02-01 09:06 -------- d-----w- c:\programdata\Alwil Software
2010-02-01 09:06 . 2009-04-26 15:12 -------- d-----w- c:\program files\Alwil Software
2010-02-01 08:17 . 2009-04-26 19:52 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-01 07:51 . 2009-10-24 15:52 -------- d-----w- c:\program files\Tracker Software
2010-01-07 15:07 . 2009-04-26 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-04-26 19:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 15:38 . 2010-03-01 13:35 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-03-01 13:35 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-03-01 13:35 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-03-01 13:35 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-02 06:38 . 2010-02-01 11:11 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-02-01 11:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-02-01 11:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-02-01 11:11 133632 ----a-w- c:\windows\system32\ieUnatt.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-26 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2010-03-01 126976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

c:\users\Lilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe [2007-3-27 319488]
fafa.exe [2002-2-6 380928]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Contascatti Timtimer.lnk - c:\program files\timtimer\timtimer.EXE [2010-2-18 952832]
Desktop Media.lnk - c:\program files\Desktop Media\mediadetect.exe [2009-8-8 163840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-04-26 15:34 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):dd,f8,ef,72,10,fa,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-591118512-1012999529-1679452353-1003]
"EnableNotificationsRef"=dword:00000001

R2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 135664]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2008-08-06 216032]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-04-22 9728]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-04-22 3072]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2006-09-19 80744]
S0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\DRIVERS\pssnap.sys [2008-05-20 15328]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-03-09 51792]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenuto della cartella 'Scheduled Tasks'

2010-03-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-26 16:35]

2010-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 13:37]

2010-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 13:37]

2010-03-15 c:\windows\Tasks\User_Feed_Synchronization-{A2658485-D3D8-4A65-9E99-ABC6802B59CE}.job
- c:\windows\system32\msfeedssync.exe [2010-02-01 04:56]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/intl/it/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://it.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-Felix - c:\program files\ScreenMates\felix.exe
HKCU-Run-Puppy - c:\program files\ScreenMates\puppy.exe
HKCU-Run-Felix II - c:\program files\ScreenMates\Felix II\Felix2.exe
HKLM-Run-eRecoveryService - (no file)
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-AceMoney Lite_is1 - d:\downloads\AceMoney\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-15 18:43
Windows 6.0.6002 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'Explorer.exe'(4868)
c:\windows\system32\igdumd32.dll
c:\program files\VistaCodecPack\filters\ffdshow.ax
c:\program files\VistaCodecPack\filters\libavcodec.dll
c:\acer\Empowering Technology\ePower\SysHook.dll
.
Ora fine scansione: 2010-03-15 18:46:58
ComboFix-quarantined-files.txt 2010-03-15 17:46

Pre-Run: 19.457.257.472 byte disponibili
Post-Run: 19.634.606.080 byte disponibili

Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 6F98F1899BC71E674C112F27E623999A

Spero d aver fatto bene questa volta....


ComboFix 10-03-15.01 - Lilly 15/03/2010 21.29.00.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.3061.1877 [GMT 1:00]
Eseguito da: c:\users\Lilly\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Creati Da 2010-02-15 al 2010-03-15 )))))))))))))))))))))))))))))))))))
.

2010-03-15 20:35 . 2010-03-15 20:35 -------- d-----w- c:\users\Lilly\AppData\Local\temp
2010-03-15 20:35 . 2010-03-15 20:35 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-15 20:35 . 2010-03-15 20:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-15 06:39 . 2010-03-15 06:39 -------- d-----w- c:\program files\Trend Micro
2010-03-14 09:57 . 2010-03-14 09:57 -------- d--h--w- c:\programdata\CanonIJEGV
2010-03-13 13:07 . 2010-03-13 13:27 -------- d-----w- c:\users\Lilly\AppData\Roaming\Canon
2010-03-13 12:53 . 2010-03-13 13:52 -------- d-----w- c:\users\Lilly\AppData\Local\Canon Easy-PhotoPrint EX
2010-03-13 12:53 . 2010-03-13 12:53 -------- d--h--w- c:\programdata\CanonIJEPPEX
2010-03-13 10:15 . 2010-03-13 10:17 -------- d-----w- c:\users\Lilly\AppData\Roaming\PhotoFiltre
2010-03-13 10:15 . 2010-03-13 10:15 -------- d-----w- c:\program files\PhotoFiltre
2010-03-12 07:13 . 2010-03-12 08:37 -------- d-----w- C:\Fraps
2010-03-10 06:32 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-10 06:32 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-10 06:32 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-09 17:09 . 2010-03-09 17:09 -------- d-----w- c:\program files\Microsoft
2010-03-08 08:37 . 2010-03-08 08:37 -------- d-----w- c:\program files\CrystalDiskInfo
2010-03-07 17:09 . 2010-03-07 17:09 -------- d-----w- c:\users\Lilly\AppData\Local\Stardock
2010-03-07 10:16 . 2010-03-07 10:16 194 ----a-w- c:\users\Lilly\AppData\Roaming\DelAll.bat
2010-03-07 10:11 . 2010-03-07 10:11 -------- d-----w- c:\program files\MyFelix
2010-03-05 17:33 . 2010-03-05 17:33 -------- d-----w- c:\users\Lilly\AppData\Local\PackageAware
2010-03-05 17:07 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-04 09:26 . 2010-03-04 09:26 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-03-03 07:29 . 2010-03-03 07:29 568832 ----a-w- c:\users\Lilly\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\B7AC.tmp_\sun-pdfimport.oxt\msvcp90.dll
2010-03-03 07:29 . 2010-03-03 07:29 686080 ----a-w- c:\users\Lilly\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\B7AC.tmp_\sun-pdfimport.oxt\pdfimport.uno.dll
2010-03-03 07:29 . 2010-03-03 07:29 655872 ----a-w- c:\users\Lilly\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\B7AC.tmp_\sun-pdfimport.oxt\msvcr90.dll
2010-03-03 07:29 . 2010-03-03 07:29 583168 ----a-w- c:\users\Lilly\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\B7AC.tmp_\sun-pdfimport.oxt\xpdfimport.exe
2010-03-03 07:29 . 2010-03-03 07:29 224768 ----a-w- c:\users\Lilly\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\B7AC.tmp_\sun-pdfimport.oxt\msvcm90.dll
2010-03-02 11:14 . 2010-03-02 11:14 -------- d-----w- c:\program files\JRE
2010-03-01 16:21 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-03-01 16:21 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-03-01 13:41 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-03-01 13:41 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-03-01 13:41 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-03-01 13:41 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-03-01 13:41 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-03-01 13:41 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-03-01 13:41 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-03-01 13:41 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-03-01 13:41 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-03-01 13:38 . 2009-12-08 20:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-03-01 13:38 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-03-01 13:35 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-03-01 13:35 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-03-01 13:35 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-03-01 13:33 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-03-01 13:24 . 2010-03-02 06:30 -------- d-----w- c:\users\Lilly\AppData\Local\IM
2010-03-01 13:23 . 2010-03-01 13:23 -------- d-----w- c:\programdata\IncrediMail
2010-03-01 13:23 . 2010-03-01 13:25 -------- d-----w- c:\programdata\IM
2010-03-01 13:07 . 2010-03-01 13:06 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbD106.tmp.exe
2010-03-01 12:58 . 2010-03-01 12:58 -------- d-----w- c:\program files\National Instruments

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-15 20:26 . 2009-07-04 08:10 -------- d-----w- c:\users\Lilly\AppData\Roaming\Orbit
2010-03-15 20:20 . 2006-11-06 01:52 662846 ----a-w- c:\windows\system32\perfh010.dat
2010-03-15 20:20 . 2006-11-06 01:52 120326 ----a-w- c:\windows\system32\perfc010.dat
2010-03-15 20:16 . 2009-04-26 09:52 108888 ----a-w- c:\users\Lilly\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-15 20:13 . 2009-06-18 06:08 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-15 20:10 . 2009-04-26 15:34 -------- d-----w- c:\programdata\Google Updater
2010-03-14 10:05 . 2010-02-01 13:39 -------- d-----w- c:\programdata\CanonIJPLM
2010-03-14 08:48 . 2009-06-20 20:32 1 ----a-w- c:\users\Lilly\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-10 06:39 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-09 11:24 . 2010-02-01 09:06 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-09 11:12 . 2010-02-01 09:07 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-09 11:12 . 2010-02-01 09:07 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-09 11:09 . 2010-02-01 09:07 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 11:08 . 2010-02-01 09:07 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-03-09 11:08 . 2010-02-01 09:07 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-07 09:07 . 2009-04-26 15:32 -------- d-----w- c:\program files\Google
2010-03-06 17:30 . 2009-10-14 12:29 -------- d-----w- c:\program files\CCleaner
2010-03-02 11:14 . 2009-04-26 15:55 -------- d-----w- c:\program files\OpenOffice.org 3
2010-03-02 11:14 . 2009-04-26 15:54 -------- d-----w- c:\program files\Common Files\Java
2010-03-02 11:13 . 2009-04-26 19:16 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-02 11:13 . 2009-04-26 15:54 -------- d-----w- c:\program files\Java
2010-03-01 12:58 . 2009-10-09 11:30 -------- d-----w- c:\program files\timtimer
2010-03-01 11:15 . 2009-04-26 19:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-24 08:16 . 2009-10-09 08:37 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-11 18:53 . 2010-02-01 09:06 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-01 14:43 . 2009-10-10 16:09 -------- d-----w- c:\program files\CDBurnerXP
2010-02-01 13:56 . 2009-04-26 19:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-01 13:46 . 2009-06-18 04:42 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-01 13:40 . 2010-02-01 13:40 -------- d--h--w- c:\programdata\CanonIJSolutionMenu
2010-02-01 13:39 . 2010-02-01 13:39 -------- d--h--w- c:\programdata\CanonIJMyPrinter
2010-02-01 13:39 . 2010-02-01 13:31 -------- d-----w- c:\program files\Canon
2010-02-01 13:37 . 2010-02-01 13:37 -------- d-----w- c:\program files\Common Files\CANON
2010-02-01 13:34 . 2010-02-01 13:34 -------- d--h--w- c:\programdata\CanonBJ
2010-02-01 13:31 . 2010-02-01 13:31 -------- d--h--w- c:\program files\CanonBJ
2010-02-01 11:27 . 2009-06-18 05:36 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-01 09:38 . 2010-02-01 09:39 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb88F0.tmp.exe
2010-02-01 09:06 . 2010-02-01 09:06 -------- d-----w- c:\programdata\Alwil Software
2010-02-01 09:06 . 2009-04-26 15:12 -------- d-----w- c:\program files\Alwil Software
2010-02-01 08:17 . 2009-04-26 19:52 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-01 07:51 . 2009-10-24 15:52 -------- d-----w- c:\program files\Tracker Software
2010-01-07 15:07 . 2009-04-26 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-04-26 19:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 15:38 . 2010-03-01 13:35 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-03-01 13:35 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-03-01 13:35 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-03-01 13:35 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-02 06:38 . 2010-02-01 11:11 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-02-01 11:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-02-01 11:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-02-01 11:11 133632 ----a-w- c:\windows\system32\ieUnatt.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-26 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2010-03-01 126976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

c:\users\Lilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe [2007-3-27 319488]
fafa.exe [2002-2-6 380928]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Contascatti Timtimer.lnk - c:\program files\timtimer\timtimer.EXE [2010-2-18 952832]
Desktop Media.lnk - c:\program files\Desktop Media\mediadetect.exe [2009-8-8 163840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-04-26 15:34 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):dd,f8,ef,72,10,fa,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-591118512-1012999529-1679452353-1003]
"EnableNotificationsRef"=dword:00000001

R2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 135664]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2008-08-06 216032]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-04-22 9728]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-04-22 3072]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2006-09-19 80744]
S0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\DRIVERS\pssnap.sys [2008-05-20 15328]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-03-09 51792]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenuto della cartella 'Scheduled Tasks'

2010-03-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-26 16:35]

2010-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 13:37]

2010-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 13:37]

2010-03-15 c:\windows\Tasks\User_Feed_Synchronization-{A2658485-D3D8-4A65-9E99-ABC6802B59CE}.job
- c:\windows\system32\msfeedssync.exe [2010-02-01 04:56]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/intl/it/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://it.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-15 21:35
Windows 6.0.6002 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'Explorer.exe'(5876)
c:\acer\Empowering Technology\ePower\SysHook.dll
c:\windows\system32\igdumd32.dll
c:\program files\VistaCodecPack\filters\ffdshow.ax
c:\progra~1\SPYBOT~1\SDHelper.dll
.
Ora fine scansione: 2010-03-15 21:38:20
ComboFix-quarantined-files.txt 2010-03-15 20:38

Pre-Run: 19.537.321.984 byte disponibili
Post-Run: 19.467.583.488 byte disponibili

Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 09A09E04D71A2E559B8BCC95A4EC016E

la cartella C:\Fraps contiene dei video? la conosci?

vai qui e analizza questo file

c:\windows\system32\ieUnatt.exe

se non hai un programma col nome Fraps elimina la cartella anche se vuota

rianalizza il file e posta il rapporto

c:\windows\system32\ieUnatt.exe