ecco il nuovo log di hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.54.47, on 25/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.5470\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Aggiungi ad Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://fabyoletta.spaces.live.com/PhotoUpload/VistaMsnPUpldit-it.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 7396 bytes

fiducioso della soluzione del problema vi ringrazio di cuore x la disponibilita' grazie ancora


dulcisnfundo questo èil log di combofix


ComboFix 08-11-24.03 - simo 2008-11-26 9.40.06.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1040.18.1046 [GMT 1:00]
Eseguito da: c:\users\simo\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Creati Da 2008-10-26 al 2008-11-26 )))))))))))))))))))))))))))))))))))
.

2008-11-25 22:03 . 2008-11-25 22:03 <DIR> d-------- C:\VundoFix Backups
2008-11-25 18:39 . 2008-11-25 18:39 <DIR> d-------- c:\program files\CCleaner
2008-11-25 18:09 . 2008-11-25 18:09 <DIR> d-------- c:\users\simo\AppData\Roaming\Malwarebytes
2008-11-25 18:09 . 2008-11-25 18:09 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-11-25 18:09 . 2008-11-25 18:09 <DIR> d-------- c:\programdata\Malwarebytes
2008-11-25 18:09 . 2008-11-25 18:09 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-25 18:09 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-25 18:09 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-25 16:32 . 2008-11-25 16:32 <DIR> d-------- c:\program files\Trend Micro
2008-11-25 13:29 . 2008-11-25 13:29 <DIR> d-------- c:\windows\Downloaded Installations
2008-11-24 13:55 . 2008-11-24 13:55 <DIR> d-------- c:\program files\Common Files\Scanner
2008-11-24 13:55 . 2008-11-24 13:57 <DIR> d-------- c:\program files\CA Yahoo! Anti-Spy
2008-11-24 13:50 . 2008-11-24 13:50 <DIR> d-------- c:\users\simo\AppData\Roaming\Yahoo!
2008-11-24 13:22 . 2008-11-25 18:03 <DIR> d-------- c:\users\All Users\Yahoo! Companion
2008-11-24 13:22 . 2008-11-25 18:03 <DIR> d-------- c:\programdata\Yahoo! Companion
2008-11-24 10:48 . 2008-11-24 10:48 <DIR> d-------- c:\program files\Yahoo!
2008-11-22 17:27 . 2004-05-04 12:53 1,645,320 --a------ c:\windows\gdiplus.dll
2008-11-22 17:27 . 2006-05-20 17:16 1,184,984 --a------ c:\windows\System32\wvc1dmod.dll
2008-11-22 17:27 . 2006-05-11 20:21 626,688 --a------ c:\windows\System32\vp7vfw.dll
2008-11-22 16:28 . 2006-09-29 12:24 217,127 --a------ c:\windows\System32\drv43260.dll
2008-11-22 16:28 . 2006-09-29 12:25 208,935 --a------ c:\windows\System32\drv33260.dll
2008-11-22 16:28 . 2006-09-29 12:26 176,165 --a------ c:\windows\System32\drv23260.dll
2008-11-22 16:28 . 2002-12-10 02:20 102,439 --a------ c:\windows\System32\sipr3260.dll
2008-11-22 16:28 . 2007-03-18 20:37 65,602 --a------ c:\windows\System32\cook3260.dll
2008-11-17 19:46 . 2008-11-17 20:01 96,976 --a------ c:\windows\System32\drivers\klin.dat
2008-11-17 19:46 . 2008-11-17 20:01 87,855 --a------ c:\windows\System32\drivers\klick.dat
2008-11-17 19:44 . 2008-11-25 21:47 <DIR> d-------- c:\users\All Users\Kaspersky Lab
2008-11-17 19:44 . 2008-11-25 21:47 <DIR> d-------- c:\programdata\Kaspersky Lab
2008-11-17 19:44 . 2008-11-26 09:41 73,057,568 --ahs---- c:\windows\System32\drivers\fidbox.dat
2008-11-17 19:44 . 2008-11-25 21:45 959,132 --ahs---- c:\windows\System32\drivers\fidbox.idx
2008-11-17 18:31 . 2008-11-18 07:31 <DIR> d-------- c:\users\simo\AppData\Roaming\CheckPoint
2008-11-17 18:30 . 2008-11-18 07:32 <DIR> d-------- c:\program files\CheckPoint
2008-11-17 18:30 . 2008-11-17 18:30 144 --a------ c:\windows\System32\lkfl.dat
2008-11-17 18:30 . 2008-11-18 07:31 96 --a------ c:\windows\System32\pdfl.dat
2008-11-17 18:30 . 2008-11-17 18:30 80 --a------ c:\windows\System32\ibfl.dat
2008-11-17 01:53 . 2008-11-17 16:59 2,188 --a------ C:\rollback.ini
2008-11-16 22:14 . 2008-11-17 19:38 <DIR> d-------- c:\users\All Users\MailFrontier
2008-11-16 22:14 . 2008-11-17 19:38 <DIR> d-------- c:\programdata\MailFrontier
2008-11-14 20:09 . 2008-11-14 20:12 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-11-12 14:45 . 2008-09-10 04:25 1,341,440 --a------ c:\windows\System32\msxml6.dll
2008-11-12 14:45 . 2008-09-05 05:48 1,194,496 --a------ c:\windows\System32\msxml3.dll
2008-11-12 14:45 . 2008-08-26 02:11 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-12 14:45 . 2008-09-10 04:21 2,048 --a------ c:\windows\System32\msxml6r.dll
2008-11-12 14:45 . 2008-09-05 05:45 2,048 --a------ c:\windows\System32\msxml3r.dll
2008-11-10 21:19 . 2008-11-17 18:02 11,129 --a------ c:\windows\System32\vsconfig.xml
2008-11-10 21:18 . 2008-11-10 21:18 <DIR> d-------- c:\users\All Users\CheckPoint
2008-11-10 21:18 . 2008-11-10 21:18 <DIR> d-------- c:\programdata\CheckPoint
2008-11-10 21:18 . 2008-03-03 15:06 279,440 --a------ c:\windows\System32\drivers\~GLH0014.TMP
2008-11-10 21:16 . 2008-11-17 19:41 <DIR> d-------- c:\windows\Internet Logs
2008-11-08 22:41 . 2008-11-08 22:41 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-08 17:13 . 2008-11-10 20:46 <DIR> d--h----- c:\windows\msdownld.tmp
2008-11-07 21:55 . 2008-11-07 21:55 <DIR> d-------- c:\users\All Users\Fighters
2008-11-07 21:55 . 2008-11-07 21:55 <DIR> d-------- c:\programdata\Fighters
2008-11-07 21:55 . 2008-11-25 18:03 <DIR> d-------- c:\program files\Fighters
2008-11-07 21:33 . 2008-11-08 22:32 <DIR> d-------- c:\users\All Users\Lavasoft
2008-11-07 21:33 . 2008-11-08 22:32 <DIR> d-------- c:\programdata\Lavasoft
2008-11-07 21:33 . 2008-11-07 21:33 <DIR> d-------- c:\program files\Lavasoft
2008-10-31 09:27 . 2008-08-06 04:27 1,244,672 --a------ c:\windows\System32\mcmde.dll
2008-10-31 09:27 . 2008-08-06 04:27 428,032 --a------ c:\windows\System32\EncDec.dll
2008-10-31 09:27 . 2008-08-06 04:27 292,352 --a------ c:\windows\System32\psisdecd.dll
2008-10-31 09:27 . 2008-08-06 04:26 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-10-31 09:27 . 2008-08-06 04:26 177,152 --a------ c:\windows\System32\mpg2splt.ax
2008-10-31 09:27 . 2008-08-06 04:26 80,896 --a------ c:\windows\System32\MSNP.ax
2008-10-31 09:27 . 2008-08-06 04:26 68,608 --a------ c:\windows\System32\Mpeg2Data.ax
2008-10-31 09:27 . 2008-08-06 04:26 57,856 --a------ c:\windows\System32\MSDvbNP.ax
2008-10-30 21:01 . 2008-11-25 17:57 <DIR> d-a------ c:\users\All Users\TEMP
2008-10-30 21:01 . 2008-11-25 17:57 <DIR> d-a------ c:\programdata\TEMP
2008-10-29 18:35 . 2008-10-29 18:41 <DIR> d-------- c:\program files\InstallShield Installation Information
2008-10-29 18:34 . 2008-10-29 18:34 <DIR> d-------- c:\users\All Users\PC Drivers HeadQuarters
2008-10-29 18:34 . 2008-10-29 18:34 <DIR> d-------- c:\programdata\PC Drivers HeadQuarters
2008-10-29 18:34 . 2008-10-29 18:34 <DIR> d-------- c:\program files\PC Drivers HeadQuarters
2008-10-29 13:29 . 2008-10-31 09:20 42 --a------ c:\windows\System32\RegistryEasy.lie
2008-10-29 12:37 . 2008-11-24 11:33 <DIR> d-------- c:\program files\Registry Easy
2008-10-29 11:51 . 2008-08-12 04:29 441,856 --a------ c:\windows\System32\win32spl.dll
2008-10-29 11:51 . 2008-08-12 04:29 37,376 --a------ c:\windows\System32\printcom.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-25 20:49 --------- d-----w c:\users\simo\AppData\Roaming\Vso
2008-11-25 19:25 --------- d-----w c:\users\simo\AppData\Roaming\uTorrent
2008-11-23 20:39 --------- d-----w c:\program files\Briscola
2008-11-22 16:27 --------- d-----w c:\program files\VSO
2008-11-17 19:02 112,144 ----a-w c:\windows\system32\drivers\kl1.sys
2008-11-17 18:44 --------- d-----w c:\program files\Kaspersky Lab
2008-11-13 19:21 --------- d-----w c:\program files\Common Files\Adobe
2008-11-13 17:42 --------- d-----w c:\programdata\Microsoft Help
2008-11-10 19:46 --------- d-----w c:\program files\Google
2008-11-06 22:33 --------- d-----w c:\users\simo\AppData\Roaming\vlc
2008-11-06 22:33 --------- d-----w c:\users\simo\AppData\Roaming\dvdcss
2008-10-29 17:39 --------- d-----w c:\users\simo\AppData\Roaming\zweitgeist
2008-10-24 16:21 --------- d-----w c:\programdata\Messenger Plus!
2008-10-19 21:10 --------- d-----w c:\program files\Microsoft Works
2008-10-19 21:09 --------- d-----w c:\program files\MSBuild
2008-10-19 21:07 --------- d-----w c:\program files\Microsoft.NET
2008-10-19 21:05 --------- d-----w c:\program files\Microsoft Visual Studio 8
2008-10-18 13:11 --------- d-----w c:\programdata\WLInstaller
2008-10-17 17:52 --------- d-----w c:\program files\Common Files\Ahead
2008-10-17 16:30 --------- d-----w c:\program files\Ahead
2008-10-17 16:23 --------- d-----w c:\program files\Unlocker
2008-10-16 01:10 --------- d-----w c:\program files\Windows Mail
2008-10-16 01:02 --------- d-----w c:\program files\MSXML 4.0
2008-10-15 17:13 --------- d-----w c:\program files\Common Files\Nero
2008-10-13 18:19 --------- d-----w c:\users\simo\AppData\Roaming\mIRC
2008-10-12 19:38 --------- d-----w c:\users\simo\AppData\Roaming\CopyToDvd
2008-10-12 18:32 --------- d-----w c:\programdata\Vso
2008-10-11 21:11 --------- d-----w c:\program files\F-Group
2008-10-11 20:36 --------- d-----w c:\program files\Adobe(0)
2008-10-11 20:34 --------- d-----w c:\program files\Common Files\Adobe(1)
2008-10-11 20:20 --------- d-----w c:\program files\Uniblue
2008-10-09 16:49 --------- d-----w c:\programdata\Office Genuine Advantage
2008-10-08 16:38 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-10-08 16:38 47,360 ----a-w c:\users\simo\AppData\Roaming\pcouffin.sys
2008-10-05 19:17 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-10-04 11:50 --------- d-----w c:\programdata\Symantec
2008-10-04 11:49 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-10-03 21:38 --------- d-----w c:\program files\uTorrent
2008-10-03 20:45 --------- d-----w c:\programdata\Kaspersky Lab Setup Files
2008-10-03 20:32 --------- d-----w c:\users\simo\AppData\Roaming\Convivea
2008-10-03 20:32 --------- d-----w c:\program files\Bit Che
2008-10-03 16:32 2,560 ----a-w c:\windows\_MSRSTRT.EXE
2008-10-02 21:47 268,800 ----a-w c:\windows\System32\es.dll
2008-10-02 21:47 --------- d-----w c:\program files\Windows Live
2008-10-02 05:34 174 --sha-w c:\program files\desktop.ini
2008-10-02 04:28 --------- d-----w c:\program files\Windows Calendar
2008-10-02 04:27 --------- d-----w c:\program files\Windows Sidebar
2008-10-02 03:49 826,368 ----a-w c:\windows\System32\wininet.dll
2008-10-02 03:49 56,320 ----a-w c:\windows\System32\iesetup.dll
2008-10-02 03:49 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-10-02 03:48 26,624 ----a-w c:\windows\System32\ieUnatt.exe
2008-10-01 23:04 61,440 ----a-w c:\windows\System32\winipsec.dll
2008-10-01 23:04 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL
2008-10-01 23:04 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll
2008-10-01 23:04 272,896 ----a-w c:\windows\System32\polstore.dll
2008-10-01 23:02 704,000 ----a-w c:\windows\System32\PhotoScreensaver.scr
2008-10-01 23:01 194,560 ----a-w c:\windows\System32\WebClnt.dll
2008-10-01 23:01 110,080 ----a-w c:\windows\system32\drivers\mrxdav.sys
2008-10-01 22:59 41,984 ----a-w c:\windows\system32\drivers\monitor.sys
2008-10-01 22:59 1,060,920 ----a-w c:\windows\system32\drivers\ntfs.sys
2008-10-01 22:58 374,456 ----a-w c:\windows\System32\mcupdate_GenuineIntel.dll
2008-10-01 22:58 2,048 ----a-w c:\windows\System32\tzres.dll
2008-10-01 22:57 8,147,968 ----a-w c:\windows\System32\wmploc.DLL
2008-10-01 22:57 7,680 ----a-w c:\windows\System32\spwmp.dll
2008-10-01 22:57 4,096 ----a-w c:\windows\System32\dxmasf.dll
2008-10-01 22:57 356,864 ----a-w c:\windows\System32\MediaMetadataHandler.dll
2008-10-01 22:57 303,616 ----a-w c:\windows\System32\wmpeffects.dll
2008-10-01 22:56 86,016 ----a-w c:\windows\System32\icfupgd.dll
2008-10-01 22:56 63,488 ----a-w c:\windows\system32\drivers\mpsdrv.sys
2008-10-01 22:56 61,952 ----a-w c:\windows\System32\cmifw.dll
2008-10-01 22:56 396,800 ----a-w c:\windows\System32\MPSSVC.dll
2008-10-01 22:56 392,192 ----a-w c:\windows\System32\FirewallAPI.dll
2008-10-01 22:56 23,040 ----a-w c:\windows\system32\drivers\tunnel.sys
2008-10-01 22:56 178,688 ----a-w c:\windows\System32\iphlpsvc.dll
2008-10-01 22:56 16,896 ----a-w c:\windows\System32\wfapigp.dll
2008-10-01 22:56 15,360 ----a-w c:\windows\system32\drivers\TUNMP.SYS
2008-10-01 22:55 45,112 ----a-w c:\windows\system32\drivers\pciidex.sys
2008-10-01 22:55 211,000 ----a-w c:\windows\system32\drivers\volsnap.sys
2008-10-01 22:55 21,560 ----a-w c:\windows\system32\drivers\atapi.sys
2008-10-01 22:55 17,464 ----a-w c:\windows\system32\drivers\intelide.sys
2008-10-01 22:55 154,624 ----a-w c:\windows\system32\drivers\nwifi.sys
2008-10-01 22:55 109,624 ----a-w c:\windows\system32\drivers\ataport.sys
2008-10-01 22:52 9,892,864 ----a-w c:\windows\System32\NlsLexicons000a.dll
2008-10-01 22:49 944,184 ----a-w c:\windows\System32\winload.exe
2008-10-01 22:48 7,168 ----a-w c:\windows\System32\f3ahvoas.dll
2008-10-01 22:48 54,784 ----a-w c:\windows\system32\drivers\i8042prt.sys
2008-10-01 22:48 35,384 ----a-w c:\windows\system32\drivers\kbdclass.sys
2008-10-01 22:48 35,328 ----a-w c:\windows\System32\dispci.dll
2008-10-01 22:48 34,360 ----a-w c:\windows\system32\drivers\mouclass.sys
2008-10-01 22:48 19,968 ----a-w c:\windows\system32\drivers\sermouse.sys
2008-10-01 22:48 12,800 ----a-w c:\windows\System32\batt.dll
2008-10-01 22:46 88,576 ----a-w c:\windows\System32\avifil32.dll
2008-10-01 22:45 84,992 ----a-w c:\windows\system32\drivers\srvnet.sys
2008-10-01 22:45 84,480 ----a-w c:\windows\System32\INETRES.dll
2008-10-01 22:45 83,968 ----a-w c:\windows\System32\dnsrslvr.dll
2008-10-01 22:45 788,992 ----a-w c:\windows\System32\rpcrt4.dll
2008-10-01 22:45 737,792 ----a-w c:\windows\System32\inetcomm.dll
2008-10-01 22:45 58,368 ----a-w c:\windows\system32\drivers\mrxsmb20.sys
2008-10-01 22:45 24,576 ----a-w c:\windows\System32\dnscacheugc.exe
2008-10-01 22:45 130,048 ----a-w c:\windows\system32\drivers\srv2.sys
.

((((((((((((((((((((((((((((( snapshot@2008-11-25_20.38.10,65 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-25 16:59:41 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-11-25 20:46:24 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-11-25 16:59:41 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-11-25 20:46:24 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-11-25 17:02:03 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-25 20:48:47 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-11-25 20:48:47 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-11-25 17:02:08 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-25 20:48:42 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-11-25 20:48:42 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-11-25 17:39:56 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-25 20:47:34 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-11-25 17:39:56 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-25 20:47:34 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-25 17:39:56 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-25 20:47:34 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-11-25 17:06:50 103,924 ----a-w c:\windows\System32\perfc009.dat
+ 2008-11-25 20:52:40 103,924 ----a-w c:\windows\System32\perfc009.dat
- 2008-11-25 17:06:50 114,828 ----a-w c:\windows\System32\perfc010.dat
+ 2008-11-25 20:52:40 114,828 ----a-w c:\windows\System32\perfc010.dat
- 2008-11-25 17:06:50 610,142 ----a-w c:\windows\System32\perfh009.dat
+ 2008-11-25 20:52:40 610,142 ----a-w c:\windows\System32\perfh009.dat
- 2008-11-25 17:06:50 682,422 ----a-w c:\windows\System32\perfh010.dat
+ 2008-11-25 20:52:40 682,422 ----a-w c:\windows\System32\perfh010.dat
- 2008-11-25 17:02:37 9,374 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1665260387-3936479702-682897221-1000_UserData.bin
+ 2008-11-25 20:49:08 9,390 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1665260387-3936479702-682897221-1000_UserData.bin
- 2008-11-25 17:02:36 60,004 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-25 20:49:07 60,106 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-11-25 17:02:30 47,216 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-11-25 20:49:06 47,390 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
2008-07-28 11:47 160496 --a------ c:\program files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-10-01 1232896]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-05 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-04 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-04 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-04 133912]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-13 c:\windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll,c:\progra~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7CC1387D-C771-4D2E-864E-43E3F935DF7B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{D83F7515-DF1F-4679-AA14-6AF0415BBBF2}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\italian\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\italian\setup.exe:Kaspersky Internet Security 2009 Setup
"UDP Query User{E775DBA7-9804-47A6-ACCD-AD78653DAE51}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\italian\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\italian\setup.exe:Kaspersky Internet Security 2009 Setup
"{9EC11606-71E4-4BE5-9101-007047D5DACB}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{E758DD9B-914C-4995-B9FC-E62FD65F2995}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{8685AFA3-CB3C-456B-91A2-EE4A06147C7A}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{0A4080A4-B08D-4C58-BA2A-299C3917CFD2}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{E62E33EA-140C-492F-9EF4-C97578298F8F}c:\\users\\simo\\desktop\\mirc italiano\\mirc.exe"= UDP:c:\users\simo\desktop\mirc italiano\mirc.exe:mirc.exe
"UDP Query User{279B66BA-9A2C-4866-B9B4-B6B98CEB7B67}c:\\users\\simo\\desktop\\mirc italiano\\mirc.exe"= TCP:c:\users\simo\desktop\mirc italiano\mirc.exe:mirc.exe
"TCP Query User{155A596E-1CB9-417B-8E3C-964B6753AAD0}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{8E0D8F46-60E5-4BFE-AD7B-C19756D56490}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"{F4B56794-98F8-410C-9A70-554AF41D49EE}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{8FCAF301-6C0C-4A5F-9BBE-0D19F3156E5C}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{9E0365DA-A88B-42AB-A85A-42C4776E093F}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{34107E4E-E7B0-4E3B-A403-67A5A5B4B751}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C74CFF97-1645-4BD4-9173-DFE8580D553A}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{685DD563-456D-4269-A321-3C22B2CB7AF9}"= UDP:c:\users\simo\Desktop\keygen.exe:keygen
"{4DC0E456-5C0E-412B-9A07-FE88CD11B27B}"= TCP:c:\users\simo\Desktop\keygen.exe:keygen
"TCP Query User{C8C2967E-3BC9-443C-B3DF-F82BCF5727B8}c:\\program files\\briscola\\briscolachiamata.exe"= UDP:c:\program files\briscola\briscolachiamata.exe:Gioco della Briscola Chiamata per PC
"UDP Query User{E055C270-8D55-41BD-B2CA-19D01BC9A746}c:\\program files\\briscola\\briscolachiamata.exe"= TCP:c:\program files\briscola\briscolachiamata.exe:Gioco della Briscola Chiamata per PC
"{2E9C139D-6CA6-4DE3-ACB7-1F93DF959512}"= UDP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{51E29F09-F3E9-4278-914E-9F812F6B3B38}"= TCP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2007-10-16 20496]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;c:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 204800]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eaa021d4-909b-11dd-b1c0-00030d6a9485}]
\shell\AutoRun\command - .\run\autorun.exe
\shell\open\Command - .\run\autorun.exe
.
Contenuto della cartella 'Scheduled Tasks'

2008-10-29 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe [2008-09-23 16:30]

2008-10-01 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-26 09:41:17
Windows 6.0.6000 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-11-26 9.42.00
ComboFix-quarantined-files.txt 2008-11-26 08:41:55
ComboFix2.txt 2008-11-25 19:38:32

Pre-Run: 102.687.965.184 byte disponibili
Post-Run: 102,697,123,840 byte disponibili

318 --- E O F --- 2008-11-21 12:44:02

mi sa che ho cannato di nuovo il modo x rispondere mamma mia che ignorante!!!!!!!!!!!!!!!!!!!!!!!!

NON PUOI APRIRE 4 TOPIC per lo stesso problema!
hamsik , per l'amor di Dio, NON aprire tutti quei topic, LE RISPOSTE E I LOG, POSTALI QUI, IN QUESTO TOPIC.
Scarica VundoFix.exe sul desktop http://www.atribune.org/ccount/click.php?id=4
Doppio click sull'icona per avviare VundoFix.exe
Clicca Scan for Vundo.
Durante le operazioni di scansione, non utilizzare il pc.
al termine della scansione, clicca Remove Vundo.

Ti chiede se vuoi eliminare i files infetti, clicca YES
il tuo video diventerà bianco durante la rimozione di Vundo.

Al termine ti chiederà di riavviare il pc, clicca OK.
Copia qui il contenuto del log C:\vundofix.txt e un nuovo log di hijackthis
Nota: VundoFix potrebbe non riuscire ad eliminare qualche file. In questo caso, VundoFix si avvierà automaticamente al riavvio del pc, ripeti le operazioni indicate sopra partendo da "Clicca Scan for Vundo" quando VundoFix apparirà al riavvio.

Rifai la scansione con Malwarebytes.
Assicurati che tutti i files evidenziati siano selezionati e clicca Rimuovi Selezionati
Postami poi il log (QUI)
Rifai la scansione con Combofix, Postami poi il log (QUI)