Oggi è successa una cosa strana quando ho riacceso il pc.... Window bloccava un programma ad esecuzione automatica.....proprio Malwarebytes....... strano perchè non è un programma ad avvio automatico se no sbaglio.... comunque ecco il log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.02.15, on 12/04/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Windows\System32\oodtray.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Lilly\Downloads\AveThumbnailSizer(1)\32bits\AveThumbnailSizer.exe
C:\Program Files\timtimer\timtimer.EXE
C:\Program Files\Desktop Media\mediadetect.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Users\Lilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fafa.exe
C:\Users\Lilly\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Windows\system32\igfxext.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ycomp/defaults/sp/*http://it.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Lilly\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AveThumbnail] C:\Users\Lilly\Downloads\AveThumbnailSizer(1)\32bits\AveThumbnailSizer.exe -hide
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Startup: Acer Empowering Technology.lnk = ?
O4 - Startup: fafa.exe
O4 - Global Startup: Contascatti Timtimer.lnk = C:\Program Files\timtimer\timtimer.EXE
O4 - Global Startup: Desktop Media.lnk = C:\Program Files\Desktop Media\mediadetect.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9360 bytes

Ecco il log di Combofix.... scusa cosè l sp3?


ComboFix 10-04-12.04 - Lilly 13/04/2010 7.30.04.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.3061.1879 [GMT 2:00]
Eseguito da: c:\users\Lilly\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\vbzlib1.dll

.
((((((((((((((((((((((((( Files Creati Da 2010-03-13 al 2010-04-13 )))))))))))))))))))))))))))))))))))
.

2010-04-13 05:36 . 2010-04-13 05:37 -------- d-----w- c:\users\Lilly\AppData\Local\temp
2010-04-13 05:36 . 2010-04-13 05:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-12 17:01 . 2010-04-12 17:01 -------- d-----w- c:\program files\Trend Micro
2010-04-11 17:05 . 2010-04-12 06:46 -------- d-----w- c:\program files\Common Files\eBay
2010-04-11 17:05 . 2010-04-11 17:05 -------- d-----w- c:\program files\VDOWNLOADER
2010-04-11 14:08 . 2010-04-11 14:08 -------- d-----w- c:\program files\DsNET Corp
2010-04-11 13:57 . 2010-04-11 14:14 -------- d-----w- c:\program files\Orbitdownloader
2010-04-10 14:07 . 2010-04-10 14:07 -------- d-----w- c:\programdata\Azureus
2010-04-10 14:07 . 2010-04-10 14:29 -------- d-----w- c:\users\Lilly\AppData\Roaming\Azureus
2010-04-03 16:37 . 2010-04-03 16:37 -------- d-----w- c:\programdata\Softland
2010-04-03 16:37 . 2010-02-08 15:24 173056 ----a-w- c:\users\Lilly\AppData\Roaming\Softland\FBackup 4\Plugins\OutlookExpressSources.dll
2010-04-03 16:37 . 2010-04-03 16:37 -------- d-----w- c:\users\Lilly\AppData\Roaming\Softland
2010-04-03 16:37 . 2010-04-03 16:37 -------- d-----w- c:\program files\Softland
2010-04-02 17:22 . 2010-04-02 17:22 -------- d-----w- c:\users\Lilly\AppData\Local\Mozilla
2010-04-02 07:34 . 2010-04-02 07:34 -------- d-----w- c:\users\Lilly\AppData\Local\Opera
2010-03-31 05:14 . 2010-04-04 17:33 -------- d-----w- c:\windows\system32\oodag
2010-03-29 13:36 . 2010-04-03 17:02 -------- d-----r- c:\users\Lilly\Giochi
2010-03-29 13:30 . 2010-03-29 13:30 -------- d-----w- c:\program files\OO Software
2010-03-21 15:09 . 2010-03-21 15:09 568832 ----a-w- c:\users\Lilly\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\717A.tmp_\sun-pdfimport.oxt\msvcp90.dll
2010-03-21 15:09 . 2010-03-21 15:09 686080 ----a-w- c:\users\Lilly\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\717A.tmp_\sun-pdfimport.oxt\pdfimport.uno.dll
2010-03-21 15:09 . 2010-03-21 15:09 655872 ----a-w- c:\users\Lilly\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\717A.tmp_\sun-pdfimport.oxt\msvcr90.dll
2010-03-21 15:09 . 2010-03-21 15:09 583168 ----a-w- c:\users\Lilly\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\717A.tmp_\sun-pdfimport.oxt\xpdfimport.exe
2010-03-21 15:09 . 2010-03-21 15:09 224768 ----a-w- c:\users\Lilly\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\717A.tmp_\sun-pdfimport.oxt\msvcm90.dll
2010-03-21 15:00 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-21 15:00 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-21 15:00 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-21 14:48 . 2010-03-21 14:48 43646 ----a-r- c:\users\Lilly\AppData\Roaming\Microsoft\Installer\{DB35267F-B5C6-495C-8407-75ADC34E759D}\_D707CE1C009F1381803C2C.exe
2010-03-21 14:48 . 2010-03-21 14:48 43646 ----a-r- c:\users\Lilly\AppData\Roaming\Microsoft\Installer\{DB35267F-B5C6-495C-8407-75ADC34E759D}\_33E47820CFD4F5D3775329.exe
2010-03-21 14:48 . 2010-03-21 14:48 43646 ----a-r- c:\users\Lilly\AppData\Roaming\Microsoft\Installer\{DB35267F-B5C6-495C-8407-75ADC34E759D}\_25E0DDF4BB5DA2E0BB26B4.exe
2010-03-21 14:48 . 2010-03-21 14:48 43646 ----a-r- c:\users\Lilly\AppData\Roaming\Microsoft\Installer\{DB35267F-B5C6-495C-8407-75ADC34E759D}\_21F3885A18D238E15AAE81.exe
2010-03-21 14:48 . 2010-03-21 14:48 29926 ----a-r- c:\users\Lilly\AppData\Roaming\Microsoft\Installer\{DB35267F-B5C6-495C-8407-75ADC34E759D}\_EABE28F7A0A98A84188A78.exe
2010-03-21 14:48 . 2010-03-21 14:48 109534 ----a-r- c:\users\Lilly\AppData\Roaming\Microsoft\Installer\{DB35267F-B5C6-495C-8407-75ADC34E759D}\_6FEFF9B68218417F98F549.exe
2010-03-21 14:48 . 2010-03-21 14:48 -------- d-----w- c:\program files\Macrium
2010-03-21 14:13 . 2010-03-21 14:14 -------- d-----w- c:\users\Lilly\AppData\Roaming\PCToolsFirewallPlus
2010-03-21 14:10 . 2009-11-23 12:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-03-21 14:10 . 2009-11-09 10:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-03-21 14:10 . 2010-01-07 11:40 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-03-21 14:10 . 2010-01-07 11:40 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-03-21 14:09 . 2010-03-21 14:10 -------- d-----w- c:\program files\Common Files\PC Tools
2010-03-21 14:09 . 2010-01-12 08:34 70664 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-03-21 14:09 . 2010-01-07 10:35 58816 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2010-03-21 14:09 . 2010-01-07 10:35 32680 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2010-03-21 14:09 . 2010-01-13 07:59 115216 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2010-03-21 14:09 . 2010-03-21 14:39 -------- d-----w- c:\program files\PC Tools Firewall Plus
2010-03-21 14:08 . 2010-03-21 14:08 -------- d-----w- c:\program files\CrystalDiskInfo
2010-03-21 14:07 . 2010-03-21 14:07 -------- d-----w- c:\users\Lilly\AppData\Roaming\Canneverbe Limited
2010-03-21 14:01 . 2010-03-21 14:01 -------- d-----w- c:\program files\JRE
2010-03-21 13:48 . 2010-03-21 13:48 -------- d-----w- c:\users\Lilly\AppData\Roaming\PhotoFiltre
2010-03-21 13:48 . 2010-03-21 13:48 -------- d-----w- c:\program files\PhotoFiltre
2010-03-21 13:47 . 2002-02-06 09:44 380928 ----a-w- c:\users\Lilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fafa.exe
2010-03-17 08:51 . 2010-03-17 08:51 15328 ----a-w- c:\windows\system32\drivers\pssnap.sys
2010-03-17 08:51 . 2010-03-17 08:51 44512 ----a-w- c:\windows\system32\drivers\psmounter.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-13 05:26 . 2009-07-04 08:10 -------- d-----w- c:\users\Lilly\AppData\Roaming\Orbit
2010-04-13 05:13 . 2006-11-06 01:52 662846 ----a-w- c:\windows\system32\perfh010.dat
2010-04-13 05:13 . 2006-11-06 01:52 120326 ----a-w- c:\windows\system32\perfc010.dat
2010-04-12 17:51 . 2009-06-18 06:08 12 ----a-w- c:\windows\bthservsdp.dat
2010-04-12 16:52 . 2009-04-26 15:34 -------- d-----w- c:\programdata\Google Updater
2010-04-12 07:40 . 2010-02-01 13:39 -------- d-----w- c:\programdata\CanonIJPLM
2010-04-11 13:45 . 2009-06-18 07:44 -------- d-----w- c:\programdata\eMule
2010-04-11 13:39 . 2009-06-18 06:06 -------- d-----w- c:\program files\eMule
2010-04-07 17:36 . 2009-06-20 20:32 1 ----a-w- c:\users\Lilly\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-03 05:33 . 2009-04-26 19:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-03 05:33 . 2009-06-18 04:42 5918776 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-02 17:35 . 2009-10-10 16:09 -------- d-----w- c:\program files\CDBurnerXP
2010-04-01 16:13 . 2009-04-26 15:32 -------- d-----w- c:\program files\Google
2010-03-31 16:50 . 2009-04-26 19:52 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-03-29 22:46 . 2009-04-26 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2009-04-26 19:54 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-21 15:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-21 14:54 . 2009-10-14 12:29 -------- d-----w- c:\program files\CCleaner
2010-03-21 14:06 . 2009-04-26 09:52 108888 ----a-w- c:\users\Lilly\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-21 14:01 . 2009-04-26 15:55 -------- d-----w- c:\program files\OpenOffice.org 3
2010-03-21 14:00 . 2009-04-26 15:54 -------- d-----w- c:\program files\Common Files\Java
2010-03-21 14:00 . 2009-04-26 19:16 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-21 14:00 . 2009-04-26 15:54 -------- d-----w- c:\program files\Java
2010-03-09 11:24 . 2010-02-01 09:06 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-09 11:12 . 2010-02-01 09:07 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-09 11:12 . 2010-02-01 09:07 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-09 11:09 . 2010-02-01 09:07 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 11:08 . 2010-02-01 09:07 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-03-09 11:08 . 2010-02-01 09:07 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-01 13:25 . 2010-03-01 13:23 -------- d-----w- c:\programdata\IM
2010-03-01 13:23 . 2010-03-01 13:23 -------- d-----w- c:\programdata\IncrediMail
2010-03-01 13:06 . 2010-03-01 13:07 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbD106.tmp.exe
2010-03-01 12:58 . 2010-03-01 12:58 -------- d-----w- c:\program files\National Instruments
2010-03-01 12:58 . 2009-10-09 11:30 -------- d-----w- c:\program files\timtimer
2010-02-24 09:16 . 2009-10-09 08:37 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-31 08:36 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 08:36 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-31 08:36 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-31 08:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-11 18:53 . 2010-02-01 09:06 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-01 09:38 . 2010-02-01 09:39 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb88F0.tmp.exe
2010-01-25 12:00 . 2010-03-01 13:41 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-03-01 13:41 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-03-01 13:41 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-03-01 13:41 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-03-01 13:41 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-03-01 13:41 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-03-01 13:41 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-03-01 13:41 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-03-01 13:41 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-03-01 13:33 2048 ----a-w- c:\windows\system32\tzres.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-26 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Google Update"="c:\users\Lilly\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-03-21 136176]
"AveThumbnail"="c:\users\Lilly\Downloads\AveThumbnailSizer(1)\32bits\AveThumbnailSizer.exe" [2007-07-16 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-09-30 2528512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

c:\users\Lilly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe [2007-3-27 319488]
fafa.exe [2002-2-6 380928]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Contascatti Timtimer.lnk - c:\program files\timtimer\timtimer.EXE [2010-2-19 952832]
Desktop Media.lnk - c:\program files\Desktop Media\mediadetect.exe [2009-8-8 163840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-04-26 15:34 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):dd,f8,ef,72,10,fa,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-591118512-1012999529-1679452353-1003]
"EnableNotificationsRef"=dword:00000001

R2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 135664]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-04-22 9728]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-04-22 3072]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2006-09-19 80744]
S0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\DRIVERS\pssnap.sys [2010-03-17 15328]
S1 aswSP;aswSP; [x]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2010-01-07 233136]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-03-09 51792]
S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-11-23 88040]
S2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2010-03-17 220128]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2010-01-12 70664]
S3 pctNDIS;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis.sys [2010-01-07 58816]
S3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw.sys [2010-01-13 115216]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenuto della cartella 'Scheduled Tasks'

2010-04-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-26 16:35]

2010-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 13:37]

2010-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 13:37]

2010-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-591118512-1012999529-1679452353-1003Core.job
- c:\users\Lilly\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-01 14:54]

2010-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-591118512-1012999529-1679452353-1003UA.job
- c:\users\Lilly\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-01 14:54]

2010-04-13 c:\windows\Tasks\User_Feed_Synchronization-{A2658485-D3D8-4A65-9E99-ABC6802B59CE}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://it.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-eRecoveryService - (no file)
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-13 07:37
Windows 6.0.6002 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2010-04-13 07:40:13
ComboFix-quarantined-files.txt 2010-04-13 05:40

Pre-Run: 18.630.475.776 byte disponibili
Post-Run: 18.605.293.568 byte disponibili

Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 29480771D0E0179E020DB41595E27EED

Ho fatto tutto come hai detto e sembra tutto ok. Non c'erano ADS .... non ho visto nomi del genere perciò dovrebbe essere ok. Se vuoi ti posto il log.
Grazie per l'aiuto . Un'altra cosa... nel log di HT ci sono parecchie caselline corrispondenti a toolbar, tipo yahoo e mozilla firefox e opera che ho disinstallato e non adopero...... le posso cancellare?

Scusa non avevo capito.... rifaccio la procedura e cancello tutte le voci che aveva trovato... hai ragione sono tante..... Di nuovo grazie.Ciao

Sono di nuovo quì per un'altro aiuto..... ho rifatto tuto come hai spiegato, ma alla fine è uscita questa finestra....

In modalità provvisoria ha funzionato e ha cancellato tutto... di nuovo grazie e ciao....