Dialer?

Hello,
I really need help, i have a dial up connection and i am sure i got a dialer.
I have AVG Antispyware and after a scan, it came out clean.
But i am sure there is something wrong, my connection is very slow and the pages do not open properly.
I am connecting right now with my dial up connection and i am sure it is running with the dialer.
Here is my Hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10.02.02, on 16/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\laura\IMPOST~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1196985546859
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B878003-08B3-48F3-8EA0-84A408B4CDD6}: NameServer = 151.99.125.1,151.99.0.100
O17 - HKLM\System\CCS\Services\Tcpip\..\{78AF5142-FCB9-4F85-977D-429FD1C71CD2}: NameServer = 62.211.69.150 212.48.4.15
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe

--
End of file - 7284 bytes

This happened right after my free trial of NOD32 expired.
I also have sunbelt kerio firewall (free edition after trial), but it didnt seem to help protect me.
I have no idea how much money this is sucking up in the meantime.
Thank you so much for your help.
Laura

I have followed the instrucitons on the "how To" guide and this is what i have done so far:

Scan with AVG Antispyware results:

---------------------------------------------------------
AVG Anti-Spyware - Rapporto scansione
---------------------------------------------------------

+ Creato alle: 11.58.15 16/01/2008

+ Risultato scansione:

Nessun oggetto rilevato.

::Fine rapporto

It says it did not find any infected object.

Then i ran ATF cleaner and re-booted.

Then i scanned with Super Antispyware which also came out clean.

What worries me most is this:

O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\laura\IMPOST~1\Temp\UIUCU.EXE -CLEAN_UP -S

It is something i have never seen before when scanning or using hijack.
The fact that i might think it is a dialer is because when i browse the page is very very slow when loading and then on top page it gives me this message: Error

Here is a new log from hijack this i just did again:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.09.06, on 16/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [UIUCU] C:\DOCUME~1\laura\IMPOST~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1196985546859
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B878003-08B3-48F3-8EA0-84A408B4CDD6}: NameServer = 151.99.125.1,151.99.0.100
O17 - HKLM\System\CCS\Services\Tcpip\..\{78AF5142-FCB9-4F85-977D-429FD1C71CD2}: NameServer = 62.211.69.150 212.48.4.15
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe

--
End of file - 7343 bytes

I also have problems connecting, when it does, the bytes sent are very low, while the bytes received are very high.
I have to disconnect and then re-connect again many times before i am able to navigate.

Also, whenever i browse from one page to another, a pop-up window opens asking me:you have choosen to open "Ads" or "Google" what would you like to do?
Save or run?
as it is a program i am opening every time.

I also made a scan with Panda online scanner, but it did not give me a log, telling me that the computer was clean.

Please help, thank you so much for your time and patience.

EDIT: Here is a log of ComboFix i just got done:

ComboFix 08-01-17.1 - laura 2008-01-17 8.23.05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.294 [GMT 1:00]
Eseguito da: C:\Documents and Settings\laura\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

I:\Autorun.inf

.
((((((((((((((((((((((((( Files Creati Da 2007-12-17 al 2008-01-17 )))))))))))))))))))))))))))))))))))
.

2008-01-17 08:21 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-16 19:16 . 2008-01-16 22:42 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-16 19:16 . 2008-01-16 22:46 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-16 19:16 . 2008-01-16 22:32 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-16 19:16 . 2008-01-16 22:32 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-16 16:23 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-16 16:23 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-16 16:23 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-16 16:23 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-16 16:23 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-16 16:23 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-16 16:23 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-16 16:23 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-16 16:15 . 2007-01-18 13:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-01-16 15:43 . 2008-01-16 15:43 <DIR> d----c--- C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-01-16 15:42 . 2008-01-16 15:42 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-01-16 13:14 . 2008-01-16 13:14 <DIR> d----c--- C:\Documents and Settings\Administrator.COSIMO-85A3DBD2.000\Dati applicazioni\Grisoft
2008-01-16 13:13 . 2007-12-03 20:44 <DIR> d--h-c--- C:\Documents and Settings\Administrator.COSIMO-85A3DBD2.000\Risorse di stampa
2008-01-16 13:13 . 2007-12-03 20:44 <DIR> d--h-c--- C:\Documents and Settings\Administrator.COSIMO-85A3DBD2.000\Risorse di rete
2008-01-16 13:13 . 2007-12-03 20:44 <DIR> d----c--- C:\Documents and Settings\Administrator.COSIMO-85A3DBD2.000\Preferiti
2008-01-16 13:13 . 2007-12-03 19:53 <DIR> d--h-c--- C:\Documents and Settings\Administrator.COSIMO-85A3DBD2.000\Modelli
2008-01-16 13:13 . 2007-12-03 20:44 <DIR> dr---c--- C:\Documents and Settings\Administrator.COSIMO-85A3DBD2.000\Menu Avvio
2008-01-16 13:13 . 2007-12-03 20:44 <DIR> d--h-c--- C:\Documents and Settings\Administrator.COSIMO-85A3DBD2.000\Impostazioni locali
2008-01-16 13:13 . 2007-12-03 20:44 <DIR> d----c--- C:\Documents and Settings\Administrator.COSIMO-85A3DBD2.000\Documenti
2008-01-16 13:13 . 2008-01-16 15:38 <DIR> dr-h-c--- C:\Documents and Settings\Administrator.COSIMO-85A3DBD2.000\Dati applicazioni
2008-01-16 12:31 . 2008-01-16 12:31 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-01-16 12:31 . 2008-01-16 12:31 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\MailFrontier
2008-01-16 12:30 . 2008-01-16 12:30 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\ESET
2008-01-16 11:33 . 2008-01-16 11:33 <DIR> d----c--- C:\Documents and Settings\Administrator.COSIMO-85A3DBD2\Dati applicazioni\Grisoft
2008-01-16 11:32 . 2008-01-16 12:30 <DIR> d----c--- C:\Documents and Settings\Administrator.COSIMO-85A3DBD2\Modelli
2008-01-16 11:32 . 2008-01-16 12:30 <DIR> d----c--- C:\Documents and Settings\Administrator.COSIMO-85A3DBD2\Impostazioni locali
2008-01-16 11:32 . 2008-01-16 12:30 <DIR> d----c--- C:\Documents and Settings\Administrator.COSIMO-85A3DBD2\Dati applicazioni
2008-01-16 11:17 . 2008-01-16 22:40 <DIR> d-------- C:\Programmi\SUPERAntiSpyware
2008-01-16 11:17 . 2008-01-16 11:17 <DIR> d----c--- C:\Documents and Settings\laura\Dati applicazioni\SUPERAntiSpyware.com
2008-01-16 10:01 . 2008-01-16 10:01 <DIR> d-------- C:\Programmi\Trend Micro
2008-01-15 18:55 . 2008-01-15 18:55 <DIR> d-------- C:\Programmi\Alwil Software
2008-01-15 14:24 . 2008-01-15 15:35 <DIR> d-------- C:\Programmi\EsetOnlineScanner
2008-01-15 09:26 . 2008-01-16 12:31 <DIR> d----c--- C:\Documents and Settings\Administrator\Modelli
2008-01-15 09:26 . 2008-01-16 12:31 <DIR> d----c--- C:\Documents and Settings\Administrator\Impostazioni locali
2008-01-15 09:26 . 2008-01-16 12:31 <DIR> d----c--- C:\Documents and Settings\Administrator\Dati applicazioni
2007-12-24 09:03 . 2007-12-24 09:03 <DIR> d----c--- C:\Documents and Settings\laura\Dati applicazioni\Nero
2007-12-24 09:01 . 2007-12-24 09:01 <DIR> d----c--- C:\Documents and Settings\All Users\Dati applicazioni\Ahead
2007-12-19 16:15 . 2007-12-19 16:15 <DIR> d----c--- C:\Documents and Settings\laura\Bluetooth Software
2007-12-19 16:12 . 2007-12-19 16:12 <DIR> d-------- C:\Programmi\WIDCOMM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 21:44 72,334 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-01-15 09:15 --------- d-----w C:\Programmi\CCleaner
2008-01-06 13:08 --------- d-----w C:\Programmi\eMule
2007-12-14 06:57 --------- d-----w C:\Programmi\File comuni\Adobe
2007-12-14 06:55 --------- dc----w C:\Documents and Settings\laura\Dati applicazioni\AdobeUM
2007-12-13 22:16 --------- d-----w C:\Programmi\Java
2007-12-13 21:29 --------- d-----w C:\Programmi\File comuni\Java
2007-12-13 11:01 --------- d-----w C:\Programmi\Sunbelt Software
2007-12-13 09:20 136,278 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_12_12_21_40_44_small.dmp.zip
2007-12-10 00:12 --------- d-----w C:\Programmi\Windows Live
2007-12-10 00:12 --------- d-----w C:\Programmi\Microsoft SQL Server Compact Edition
2007-12-09 20:38 --------- dcsh--w C:\Programmi\File comuni\WindowsLiveInstaller
2007-12-09 09:57 --------- d-----w C:\Programmi\Microsoft Works
2007-12-08 00:50 --------- d-----w C:\Programmi\Microsoft CAPICOM 2.1.0.2
2007-12-07 18:23 --------- dc----w C:\Documents and Settings\All Users\Dati applicazioni\nView_Profiles
2007-12-05 10:29 --------- dc----w C:\Documents and Settings\laura\Dati applicazioni\Grisoft
2007-12-05 10:29 --------- dc----w C:\Documents and Settings\All Users\Dati applicazioni\Grisoft
2007-12-04 17:17 --------- d-----w C:\Programmi\CONEXANT
2007-12-04 16:04 --------- dc----w C:\Documents and Settings\laura\Dati applicazioni\Symantec
2007-12-04 15:41 --------- dc----w C:\Documents and Settings\laura\Dati applicazioni\WinBatch
2007-12-04 15:22 --------- d-----w C:\Programmi\UIU
2007-12-04 14:12 296,640 ----a-w C:\WINDOWS\WBDCC34I.DLL
2007-12-03 21:03 --------- dc----w C:\Documents and Settings\laura\Dati applicazioni\Ahead
2007-12-03 19:45 --------- d-----w C:\Programmi\File comuni\SpeechEngines
2007-12-03 19:45 --------- d-----w C:\Programmi\File comuni\ODBC
2007-12-03 19:26 --------- d-----w C:\Programmi\Microsoft.NET
2007-12-03 19:16 --------- d-----w C:\Programmi\File comuni\Ahead
2007-12-03 19:15 --------- d-----w C:\Programmi\Nero
2007-12-03 18:58 --------- d-----w C:\Programmi\microsoft frontpage
2007-12-03 18:56 --------- d-----w C:\Programmi\Servizi in linea
2007-12-03 18:55 --------- d-----w C:\Programmi\File comuni\MSSoap
2007-11-07 09:27 727,552 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:42 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 09:00 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-23 16:49 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:39 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2006-03-01 19:43 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-08-28 01:59 8466432]
"nwiz"="nwiz.exe" [2007-08-28 01:59 1626112 C:\WINDOWS\system32\nwiz.exe]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 16:17 90112]
"!AVG Anti-Spyware"="C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 14:39 110592 C:\WINDOWS\system32\bthprops.cpl]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:39 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmi\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmi\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmi\SUPERAntiSpyware\SASWINLO.dll

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
S3 SetupSys;Conexant Setup API;C:\WINDOWS\system32\drivers\SetupSys.sys [2001-01-09 09:58]

*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 08:26:58
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-01-17 8.28.21
ComboFix-quarantined-files.txt 2008-01-17 07:28:15
.
2008-01-16 14:46:43 --- E O F ---

Edited by jaguarteal, 17 January 2008 - 01:42 AM.

#1
jaguarteal

Posted 16 January 2008 - 03:33 AM

Advertisements

#2
jaguarteal

Posted 16 January 2008 - 09:55 AM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us