salve, questo log di combofix non mi convince molto.
R16, che ne dici, ci vuole uno script?

ComboFix 10-04-09.06 - Metallo 10/04/2010 13.56.50.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1535.1129 [GMT 2:00]
Eseguito da: c:\documents and settings\Metallo\Documenti\Download\ComboFix.exe
AV: Kaspersky PURE *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky PURE *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\install.exe

.
((((((((((((((((((((((((( Files Creati Da 2010-03-10 al 2010-04-10 )))))))))))))))))))))))))))))))))))
.

2010-04-09 18:59 . 2010-04-09 18:59 -------- d-----w- c:\programmi\Sophos
2010-04-09 17:42 . 2009-06-30 07:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-04-09 17:41 . 2010-04-09 17:41 -------- d-----w- c:\programmi\Panda Security
2010-04-09 11:55 . 2010-04-09 11:55 -------- d-----w- c:\documents and settings\Metallo\Impostazioni locali\Dati applicazioni\Unity
2010-04-09 10:40 . 2010-04-09 10:40 -------- d-----w- c:\documents and settings\Metallo\Impostazioni locali\Dati applicazioni\Nero
2010-04-09 10:38 . 2010-04-09 10:39 -------- d-----w- c:\documents and settings\Metallo\Dati applicazioni\Nero
2010-04-08 19:44 . 2010-04-08 19:46 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-08 11:20 . 2010-04-08 11:20 -------- d-----w- c:\documents and settings\Metallo\Dati applicazioni\Malwarebytes
2010-04-08 11:19 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-08 11:19 . 2010-04-08 11:20 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-04-08 11:19 . 2010-04-08 11:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-04-08 11:19 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-08 11:03 . 2010-04-08 11:03 -------- d-----w- c:\programmi\MSXML 4.0
2010-04-08 00:37 . 2010-04-08 00:37 -------- d-----w- c:\programmi\Cakewalk
2010-04-08 00:37 . 2010-04-08 00:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Cakewalk
2010-04-07 23:43 . 2010-04-07 23:43 -------- d-----w- c:\programmi\ASIO4ALL v2
2010-04-07 23:42 . 2010-04-08 00:37 -------- d-----w- c:\programmi\VstPlugins
2010-04-07 23:42 . 2006-06-20 08:56 225280 ----a-w- c:\windows\system32\rewire.dll
2010-04-07 23:42 . 2010-04-07 23:42 -------- d-----w- c:\programmi\Outsim
2010-04-07 23:40 . 2010-04-07 23:43 -------- d-----w- c:\programmi\Image-Line
2010-04-07 23:06 . 2010-04-08 11:15 -------- d-----w- c:\documents and settings\Metallo\Tracing
2010-04-07 23:02 . 2010-04-07 23:02 -------- d-----w- c:\programmi\Microsoft
2010-04-07 23:02 . 2010-04-07 23:02 -------- d-----w- c:\programmi\Windows Live SkyDrive
2010-04-07 23:02 . 2010-04-07 23:03 -------- d-----w- c:\programmi\Windows Live
2010-04-07 22:44 . 2010-04-07 22:44 -------- d-----w- c:\programmi\File comuni\Windows Live
2010-04-07 22:08 . 2010-04-07 22:19 -------- d-----w- c:\programmi\Nero
2010-04-07 22:08 . 2010-04-07 22:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nero
2010-04-07 22:08 . 2010-04-07 22:16 -------- d-----w- c:\programmi\File comuni\Nero
2010-04-07 15:09 . 2010-04-07 15:09 52224 ----a-w- c:\documents and settings\Metallo\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-07 15:09 . 2010-04-07 15:09 117760 ----a-w- c:\documents and settings\Metallo\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-07 15:09 . 2010-04-07 15:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2010-04-07 15:09 . 2010-04-07 15:09 -------- d-----w- c:\programmi\SUPERAntiSpyware
2010-04-07 15:09 . 2010-04-07 15:09 -------- d-----w- c:\documents and settings\Metallo\Dati applicazioni\SUPERAntiSpyware.com
2010-04-07 15:09 . 2010-04-07 15:09 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-04-06 20:54 . 2010-02-25 10:00 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-04-06 20:54 . 2010-02-25 09:53 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-04-06 20:54 . 2010-04-06 20:54 -------- d-----w- c:\documents and settings\Metallo\Dati applicazioni\TuneUp Software
2010-04-06 20:53 . 2010-04-06 20:54 -------- d-----w- c:\programmi\TuneUp Utilities 2010
2010-04-06 20:53 . 2010-04-06 20:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2010-04-06 20:51 . 2010-04-06 20:51 -------- d-sh--w- c:\documents and settings\All Users\Dati applicazioni\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-04-06 10:47 . 2010-04-06 10:47 -------- d-----w- c:\programmi\SEGA
2010-04-05 22:26 . 2010-04-05 22:26 -------- d-----w- c:\windows\Sun
2010-04-05 11:54 . 2008-04-13 09:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-04-04 19:50 . 2010-04-04 19:50 50354 ----a-w- c:\documents and settings\Metallo\Dati applicazioni\Facebook\uninstall.exe
2010-04-04 19:50 . 2010-04-04 19:50 -------- d-----w- c:\documents and settings\Metallo\Dati applicazioni\Facebook
2010-04-04 17:27 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-04 17:03 . 2010-04-05 22:45 138880 ----a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2010-04-04 16:20 . 2010-04-04 16:20 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-04-04 15:41 . 2010-04-04 17:45 -------- d-----w- c:\programmi\Thief - Deadly Shadows
2010-04-03 23:32 . 2010-04-03 23:32 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-04-03 23:01 . 2010-04-03 23:01 -------- d-----w- c:\programmi\DAEMON Tools Lite
2010-04-03 23:00 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-04-03 22:50 . 2010-04-03 22:50 -------- d-----w- c:\programmi\Electronic Arts
2010-04-03 15:54 . 2008-04-13 17:13 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-04-03 14:17 . 2010-04-03 14:17 -------- d-----w- c:\documents and settings\Metallo\Impostazioni locali\Dati applicazioni\Activision
2010-04-03 13:32 . 2010-04-03 13:32 -------- d-----w- c:\programmi\Activision
2010-04-03 13:30 . 2010-04-03 13:30 -------- d-sh--w- c:\windows\ftpcache
2010-04-03 13:18 . 2010-04-03 13:18 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-04-03 13:18 . 2010-04-03 13:18 -------- d-----w- c:\programmi\OpenAL
2010-04-03 13:18 . 2010-04-03 13:18 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-04-03 13:00 . 2010-04-04 19:46 -------- d-----w- c:\programmi\I'm Not Alone
2010-04-03 12:13 . 2010-04-03 12:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WinZip
2010-04-03 12:11 . 2010-04-03 12:11 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-04-03 12:09 . 2010-04-03 13:30 -------- d-----w- c:\documents and settings\Metallo\Dati applicazioni\DAEMON Tools Lite
2010-04-03 12:09 . 2010-04-03 12:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2010-04-03 11:11 . 2010-04-03 11:11 -------- d-sh--w- c:\documents and settings\Metallo\PrivacIE
2010-04-03 11:09 . 2010-04-03 11:09 -------- d-----w- c:\programmi\CCleaner
2010-04-03 11:05 . 2010-04-03 11:05 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-04-03 04:38 . 2010-04-03 04:38 -------- d-----w- c:\windows\system32\Lang
2010-04-03 04:37 . 2010-04-03 04:37 -------- d-sh--w- c:\documents and settings\Metallo\IETldCache
2010-04-03 04:27 . 2010-04-03 04:27 -------- d-----w- c:\windows\system32\RTCOM
2010-04-03 04:01 . 2010-04-08 03:32 -------- d-----w- c:\programmi\JDownloader
2010-04-03 04:01 . 2010-04-03 04:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-03 04:00 . 2010-04-03 04:00 -------- d-----w- c:\programmi\Java
2010-04-03 04:00 . 2010-04-03 04:00 152576 ----a-w- c:\documents and settings\Metallo\Dati applicazioni\Sun\Java\jre1.6.0_15\lzma.dll
2010-04-03 03:24 . 2010-02-25 06:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-04-03 03:24 . 2010-02-25 06:16 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-04-03 03:24 . 2010-02-25 06:16 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-04-03 03:24 . 2010-02-25 09:46 11070976 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-04-03 03:24 . 2010-02-25 06:16 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-04-03 03:24 . 2010-02-25 06:16 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-03 03:24 . 2010-04-04 01:02 -------- d-----w- c:\windows\ie8updates
2010-04-03 03:24 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-04-03 03:22 . 2010-04-03 03:24 -------- dc-h--w- c:\windows\ie8
2010-04-03 03:21 . 2010-04-03 03:21 0 ----a-w- c:\windows\nsreg.dat
2010-04-03 03:21 . 2010-04-03 03:21 -------- d-----w- c:\documents and settings\Metallo\Impostazioni locali\Dati applicazioni\Mozilla
2010-04-03 03:17 . 2010-04-03 03:17 -------- d-----w- c:\windows\Logs
2010-04-03 03:08 . 2010-04-03 03:08 -------- d-----w- c:\programmi\ATI
2010-04-03 03:07 . 2010-04-03 03:07 -------- d-----w- C:\ATI
2010-04-03 02:52 . 2010-04-03 02:52 -------- d-----w- c:\documents and settings\Metallo\Impostazioni locali\Dati applicazioni\KRX
2010-04-03 02:52 . 2010-04-08 10:58 13304 ----a-w- c:\documents and settings\Metallo\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-04-03 02:44 . 2010-04-03 02:45 -------- d-----w- C:\32cd1ce6810e9b04986218
2010-04-03 02:44 . 2010-04-03 02:50 -------- d-----w- c:\windows\SxsCaPendDel
2010-04-03 02:29 . 2010-04-03 02:29 -------- d-----w- c:\programmi\MSBuild
2010-04-03 02:29 . 2010-04-03 02:48 -------- d-----w- c:\windows\system32\XPSViewer
2010-04-03 02:29 . 2010-04-03 02:29 -------- d-----w- c:\programmi\Reference Assemblies
2010-04-03 02:29 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-04-03 02:29 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-04-03 02:16 . 2010-04-03 02:16 -------- d-----w- c:\windows\system32\KB905474
2010-04-03 02:16 . 2009-03-10 20:26 1437568 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2010-04-03 02:16 . 2009-03-10 20:18 454016 ----a-w- c:\windows\system32\KB905474\wgasetup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-10 12:08 . 2010-04-03 00:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2010-04-08 14:39 . 2008-04-13 09:40 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-04-08 11:45 . 2010-04-03 01:14 -------- d-----w- c:\documents and settings\Metallo\Dati applicazioni\uTorrent
2010-04-06 21:05 . 2004-08-19 11:00 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys
2010-04-06 10:47 . 2010-04-03 00:51 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-04-03 22:18 . 2010-04-02 23:30 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-03 04:38 . 2004-08-19 11:00 79292 ----a-w- c:\windows\system32\perfc010.dat
2010-04-03 04:38 . 2004-08-19 11:00 478808 ----a-w- c:\windows\system32\perfh010.dat
2010-04-03 04:26 . 2010-04-03 04:26 -------- d-----w- c:\programmi\Realtek
2010-04-03 04:25 . 2010-04-03 00:51 -------- d-----w- c:\programmi\File comuni\InstallShield
2010-04-03 01:36 . 2010-04-03 01:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Office Genuine Advantage
2010-04-03 01:18 . 2010-04-03 01:18 -------- d-----w- c:\documents and settings\Metallo\Dati applicazioni\AskToolbar
2010-04-03 01:15 . 2010-04-03 01:15 -------- d-----w- c:\programmi\Ask.com
2010-04-03 01:15 . 2010-04-03 01:15 -------- d-----w- c:\programmi\uTorrent
2010-04-03 00:39 . 2010-04-03 00:39 10134 ----a-r- c:\documents and settings\Metallo\Dati applicazioni\Microsoft\Installer\{F16DCA31-4DB4-F8F6-5ED1-6FAFB7228FFF}\ARPPRODUCTICON.exe
2010-04-03 00:37 . 2010-04-03 00:36 -------- d-----w- c:\programmi\Driver Cleaner Pro
2010-04-03 00:14 . 2010-04-03 00:14 0 ----a-w- c:\windows\ativpsrm.bin
2010-04-03 00:11 . 2010-04-03 00:11 932368 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-04-03 00:11 . 2010-04-03 00:11 678416 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-04-03 00:11 . 2010-04-03 00:11 604688 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-04-03 00:11 . 2010-04-03 00:11 522768 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2010-04-03 00:11 . 2010-04-03 00:11 1096208 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2010-04-03 00:06 . 2010-04-03 00:06 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-04-03 00:06 . 2010-04-03 00:06 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-04-03 00:05 . 2010-04-03 00:05 -------- d-----w- c:\programmi\File comuni\InfoWatch
2010-04-03 00:05 . 2010-04-03 00:05 -------- d-----w- c:\programmi\Kaspersky Lab
2010-04-03 00:04 . 2010-04-03 00:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2010-04-02 23:31 . 2010-04-02 23:31 -------- d-----w- c:\programmi\microsoft frontpage
2010-04-02 23:30 . 2010-04-02 23:30 -------- d-----w- c:\programmi\Servizi in linea
2010-04-02 23:28 . 2010-04-02 23:28 21840 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-26 16:21 . 2010-04-03 04:26 5883936 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-03-26 16:01 . 2010-04-03 04:26 84512 ----a-w- c:\windows\SOUNDMAN.EXE
2010-03-26 16:01 . 2010-04-03 04:26 358944 ----a-w- c:\windows\vncutil.exe
2010-03-26 16:01 . 2010-04-03 04:26 1833504 ----a-w- c:\windows\SkyTel.exe
2010-03-26 16:01 . 2010-04-03 04:26 1489440 ----a-w- c:\windows\RtlUpd.exe
2010-03-26 16:01 . 2010-04-03 04:26 9721888 ----a-w- c:\windows\RTLCPL.EXE
2010-03-26 16:01 . 2010-04-03 04:26 51232 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-03-26 16:01 . 2010-04-03 04:26 129568 ----a-w- c:\windows\RtkAudioService.exe
2010-03-26 16:01 . 2010-04-03 04:26 19522592 ----a-w- c:\windows\RTHDCPL.EXE
2010-03-26 16:01 . 2010-04-03 04:26 2177568 ----a-w- c:\windows\MicCal.exe
2010-03-26 16:01 . 2010-04-03 04:26 64032 ----a-w- c:\windows\ALCMTR.EXE
2010-03-26 16:01 . 2010-04-03 04:26 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2010-03-22 12:22 . 2010-04-03 04:26 1247776 ----a-w- c:\windows\RtlExUpd.dll
2010-03-06 05:30 . 2010-03-06 05:30 847040 ----a-w- c:\documents and settings\Metallo\Dati applicazioni\Facebook\axfbootloader.dll
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\Metallo\Dati applicazioni\Facebook\npfbplugin_1_0_3.dll
2010-03-03 04:21 . 2010-04-03 00:14 4630016 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-03-03 04:07 . 2010-04-03 00:52 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-03-03 04:02 . 2010-04-03 00:14 45056 ----a-w- c:\windows\system32\aticalrt.dll
2010-03-03 04:02 . 2010-04-03 00:14 45056 ----a-w- c:\windows\system32\aticalcl.dll
2010-03-03 04:01 . 2010-04-03 00:14 3641344 ----a-w- c:\windows\system32\aticaldd.dll
2010-03-03 03:44 . 2010-04-03 00:14 14262272 ----a-w- c:\windows\system32\atioglxx.dll
2010-03-03 03:40 . 2010-04-03 00:14 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-03-03 03:40 . 2010-04-03 00:14 3616096 ----a-w- c:\windows\system32\ati3duag.dll
2010-03-03 03:39 . 2010-04-03 00:14 301056 ----a-w- c:\windows\system32\ati2dvag.dll
2010-03-03 03:24 . 2007-12-21 02:59 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-03-03 03:24 . 2010-04-03 00:14 2232320 ----a-w- c:\windows\system32\ativvaxx.dll
2010-03-03 03:24 . 2007-12-21 02:59 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-03-03 03:24 . 2010-04-03 00:14 887724 ----a-w- c:\windows\system32\ativva6x.dat
2010-03-03 03:24 . 2010-04-03 00:14 3 ----a-w- c:\windows\system32\ativva5x.dat
2010-03-03 03:24 . 2007-12-21 02:59 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-03-03 03:24 . 2007-12-21 02:59 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-03-03 03:23 . 2010-04-03 00:14 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-03-03 03:22 . 2007-12-21 02:57 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2010-03-03 03:21 . 2007-12-21 02:56 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-03-03 03:20 . 2010-04-03 00:14 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-03-03 03:16 . 2010-04-03 00:14 565248 ----a-w- c:\windows\system32\atikvmag.dll
2010-03-03 03:15 . 2010-04-03 00:14 184320 ----a-w- c:\windows\system32\atiadlxx.dll
2010-03-03 03:14 . 2007-12-21 02:18 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-03-03 03:14 . 2010-04-03 00:14 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-03-03 03:09 . 2010-04-03 00:14 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2010-03-03 03:07 . 2007-12-21 02:17 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-03-03 03:07 . 2010-04-03 00:14 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-03-03 03:07 . 2010-04-03 00:14 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2010-02-25 19:55 . 2010-04-03 00:52 201875 ----a-w- c:\windows\system32\atiicdxx.dat
2010-02-25 06:16 . 2008-04-13 17:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-12 10:50 . 2010-02-12 10:50 64048 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files\Kaspersky PURE 9.0.0.192\Italian\setup.exe
2010-02-04 08:01 . 2010-04-03 03:19 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 08:01 . 2010-04-03 03:19 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 08:01 . 2010-04-03 03:19 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 08:01 . 2010-04-03 03:19 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2010-03-01 1197448]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-03-01 09:43 1197448 ----a-w- c:\programmi\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2010-03-01 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programmi\Ask.com\GenericAskToolbar.dll" [2010-03-01 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2009-12-25 14:42 129552 ----a-w- c:\programmi\Kaspersky Lab\Kaspersky PURE\shellex.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 2010864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky PURE\avp.exe" [2009-12-25 340456]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-26 19522592]
"muBlinder"="c:\documents and settings\Metallo\Desktop\muBlinder.exe" [2010-03-28 1462784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Activision\\Spider-Man - Web of Shadows\\image\\pc\\Spider-Man Web of Shadows.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [03/04/2010 2.05.47 88632]
R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 20.18.34 36880]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [09/04/2010 19.42.19 28552]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [03/04/2010 14.11.13 691696]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [03/04/2010 2.05.49 39352]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 11.25.50 12872]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2010 11.15.58 66632]
R2 CSObjectsSrv;Servizio di controllo CryptoStorage;c:\programmi\File comuni\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [21/12/2009 17.34.38 743992]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programmi\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [25/02/2010 11.57.22 1047880]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 13.42.46 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 18.39.44 19472]
R3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [17/02/2010 11.15.58 12872]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programmi\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25/02/2010 10.18.08 10064]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [03/04/2010 6.26.36 1691480]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\102.tmp --> c:\windows\system32\102.tmp [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'

2010-04-10 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programmi\Ask.com\UpdateTask.exe [2010-03-01 09:43]

2010-04-10 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-04-03 20:18]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: Aggiungi ad Anti-Banner - c:\programmi\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm
FF - ProfilePath - c:\documents and settings\Metallo\Dati applicazioni\Mozilla\Firefox\Profiles\bcwzse2n.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - component: c:\programmi\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\documents and settings\Metallo\Dati applicazioni\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Metallo\Impostazioni locali\Dati applicazioni\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

Notify-WgaLogon - (no file)
SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-10 14:08
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x88C4CAC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74dbf28
\Driver\ACPI -> ACPI.sys @ 0xf7333cb8
\Driver\atapi -> atapi.sys @ 0xf72b4b40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
NDIS: Scheda Fast Ethernet VIA compatibile -> SendCompleteHandler -> NDIS.sys @ 0xf71bdbb0
PacketIndicateHandler -> NDIS.sys @ 0xf71aca0d
SendHandler -> NDIS.sys @ 0xf71c0b40
user & kernel MBR OK
malicious code @ sector 0x950e4c1 size 0x1e4 !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\102.tmp"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1316)
c:\windows\system32\WININET.dll
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll

- - - - - - - > 'lsass.exe'(1424)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3772)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
c:\programmi\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wpabaln.exe
.
**************************************************************************
.
Ora fine scansione: 2010-04-10 14:14:29 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-04-10 12:14

Pre-Run: 42.779.074.560 byte disponibili
Post-Run: 43.036.573.696 byte disponibili

- - End Of File - - 1E3A7AC58890F1BD7FCDE37106DDAE67

Apri un file di testo sul Desktop (start\esegui\digita: notepad.exe e poi clicca Ok
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt


e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix.

Fai un controllo del MBR:
Scarica MBR.EXE direttamente nella Directory C:\ (è importante che venga scaricato in C:\ )
http://www2.gmer.net/mbr/mbr.exe
Avvia il Pc in modalità provvisoria

Fai: Start - Esegui - copia-incolla questo comando: C:\mbr.exe -f e clicca su OK
Non digitare quel comando; FAI il copia-incolla.(si deve rispettare uno spazio che c'è dopo exe )
Posta il log, che troverai, dove hai scaricato il Tool, ovvero in C:\