Olimpo Informatico

Pezz · Inviato: 31 Mar 2008 19:50 Oggetto: PROBLEMONI DA INFEZIONE

Salve Caro Staff,come al solito mi ritrovo qui ad implorare il vostro aiuto.Come dice il titolo,sono afflitto da diversi problemi,tutto dovuto a questo VISTA del cavolo...
Cominciamo con l'antivirus:
Ho installato kaspersky ke sembra funzionare bene,xò mi ha trovato dei file infetti di windows ke ho eliminato,e di conseguenza all'awio mi appare una finestra d'errore ke dice: il programma ha smesso di funzionare;
Il problema+ grosso,ke mi affligge continuamente,è legato alle decine d spyware ke mi assillano.Ogni volta ke awio Windows,all'improwiso e continuamente,mi si aprono pagine web,in classico stile spyware.Nonostante le kiuda continuamente,e nonostante ogni volta faccio una scansione con Ad-aware07,il prob continua ad esserci.In particolare adaware mi trova ogni volta circa 14errori verdi,ma nonostante li elimini,puntualmente escono fuori sempre le stesse pagine web-spyware.
AIUTATEMI Crying or Very sad

vi prego...

bdoriano · Inviato: 31 Mar 2008 20:39 Oggetto:

Facciamo le pulizie generiche:

Disabilita il ripristino di sistema.
Pulisci i files temporanei con ATF-Cleaner e/o CCleaner
Scarica Norman Malware Cleaner e NOD32 Scanner.
Avvia il pc in modalità provvisoria.
Avvia NOD32 e fagli fare la scansione completa.
Avvia Norman Malware Cleaner e fagli fare la scansione completa.
Viene generato un log sul desktop chiamandolo NFix_2008-03-gg_hh-mm-ss.log, alla fine della scansione caricalo su FreeFileHosting come indicato qui e posta il link che ti viene assegnato.
Segui le istruzioni di questo topic per postare il log di combofix.
Segui le istruzioni di questo topic per postare il log di hijackthis.

Pezz · Inviato: 31 Mar 2008 21:45 Oggetto:

scusa l'ignoranza ma in vista,cliccando su proprietà,non c'è la finestra x disattivare il ripristino di configurazione di sistema Crying or Very sad

,sapresti dirmi dove devo trovarlo?e poi volevo kiederti se la scansione potevo farla con kaspersky invece d nod...
GRAZIE

bdoriano · Inviato: 31 Mar 2008 22:44 Oggetto:

Pezz · Inviato: 01 Apr 2008 01:19 Oggetto: RE

allora,ho fatto tutto,ma andiamo con ordine:
1-link Nfix2008:
NFix_2008-03-31_23-28-55.log

2- post di combofix:

ComboFix 08-03-30.4 - User 2008-04-01 1.01.12.3 - NTFSx86
Microsoft® Windows Vista? Home Premium 6.0.6000.0.1252.1.1040.18.1149 [GMT 2:00]
Eseguito da: C:\Users\User\Desktop\ComboFix.exe
.
TimedOut: Windir.dat

((((((((((((((((((((((((( Files Creati Da 2008-02-28 al 2008-03-31 )))))))))))))))))))))))))))))))))))
.

Nessun nuovo file creato in questo arco di tempo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-31 23:01 14,585,120 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-03-31 22:50 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-03-31 22:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-31 20:32 196,256 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-03-31 17:15 --------- d-----w C:\Program Files\MSN Messenger
2008-03-31 17:15 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-31 17:08 120,344 ----a-w C:\Users\User\DAPREMOVE.EXE
2008-03-30 22:56 --------- d-----w C:\Program Files\Norton Security Scan
2008-03-28 20:24 --------- d-----w C:\ProgramData\WLInstaller
2008-03-28 19:09 --------- d-----w C:\Program Files\Windows Live
2008-03-28 00:17 --------- d-----w C:\Program Files\speed-bit
2008-03-27 23:48 --------- d---a-w C:\ProgramData\TEMP
2008-03-27 23:34 --------- d-----w C:\Program Files\AskSBar
2008-03-19 18:23 --------- d-----w C:\Program Files\Java
2008-03-17 19:06 --------- d-----w C:\Users\User\AppData\Roaming\Pioneer
2008-03-17 19:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-17 18:58 --------- d-----w C:\Program Files\Pioneer
2008-03-13 22:19 --------- d-----w C:\ProgramData\Apple Computer
2008-03-13 21:31 --------- d-----w C:\Program Files\Lame MP3 Codec
2008-03-13 21:30 65,024 ----a-w C:\Windows\IFinst26.exe
2008-03-13 21:30 --------- d-----w C:\Program Files\XviD
2008-03-13 21:29 --------- d-----w C:\Program Files\Samsung
2008-03-13 00:52 --------- d-----w C:\Users\User\AppData\Roaming\PeerNetworking
2008-03-13 00:36 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-13 00:34 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-13 00:23 --------- d-----w C:\Program Files\Windows Mail
2008-03-13 00:20 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-09 19:33 --------- d-----w C:\Program Files\Yahoo!
2008-03-09 19:33 --------- d-----w C:\Program Files\CCleaner
2008-03-06 22:30 --------- d-----w C:\Users\User\AppData\Roaming\Skype
2008-03-06 15:04 --------- d-----w C:\Users\User\AppData\Roaming\skypePM
2008-03-05 18:20 --------- d-----w C:\Program Files\Common Files\Nero
2008-03-05 18:14 --------- d-----w C:\Program Files\QuickTime
2008-03-05 18:13 --------- d-----w C:\ProgramData\Nero
2008-03-05 18:13 --------- d-----w C:\Program Files\ImTOO
2008-03-05 11:22 91,700 ----a-w C:\Windows\system32\drivers\klin.dat
2008-03-05 11:22 85,860 ----a-w C:\Windows\system32\drivers\klick.dat
2008-03-05 10:41 --------- d-----w C:\Program Files\Kaspersky Lab
2008-03-05 10:31 --------- d-----w C:\ProgramData\Symantec
2008-03-05 10:21 --------- d-----w C:\Program Files\Symantec
2008-03-02 22:57 --------- d-----w C:\Users\User\AppData\Roaming\Nokia
2008-03-02 22:46 --------- d-----w C:\Users\User\AppData\Roaming\PC Suite
2008-03-02 18:38 --------- d-----w C:\ProgramData\Installations
2008-02-27 14:19 27,240 ----a-w C:\Users\User\AppData\Roaming\nvModes.dat
2008-02-17 21:17 --------- d-----w C:\Users\User\AppData\Roaming\NeroDigital?
2008-02-17 21:08 --------- d-----w C:\ProgramData\LightScribe
2008-02-17 21:01 --------- d-----w C:\Users\User\AppData\Roaming\Nero
2008-02-17 20:57 --------- d-----w C:\Program Files\Nero
2008-02-17 20:29 --------- d-----w C:\Users\User\AppData\Roaming\Roxio
2008-02-17 20:06 --------- d-----w C:\ProgramData\Roxio
2008-02-16 21:07 --------- d-----w C:\ProgramData\CyberLink
2008-02-14 12:42 --------- d-----w C:\ProgramData\Lavasoft
2008-02-14 12:40 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-14 12:36 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-02-14 12:35 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-14 02:16 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 02:16 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 02:10 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 02:10 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 02:10 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 02:10 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 02:10 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 02:10 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 02:10 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 02:10 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 02:10 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 02:10 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 02:10 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-14 02:10 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 02:09 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 02:09 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 02:09 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 02:09 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 02:09 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 02:09 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-14 02:03 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 02:03 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 02:03 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 02:03 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-10 18:25 --------- d-----w C:\Users\User\AppData\Roaming\InstallShield
2008-02-10 18:15 --------- d-----w C:\Program Files\SP38015
2008-02-04 22:04 --------- d-----w C:\Program Files\Google
2008-01-29 12:35 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-28 22:23 --------- d-----w C:\Program Files\Lavasoft
2008-01-14 23:28 32 ----a-w C:\Users\All Users\ezsid.dat
2008-01-14 23:28 32 ----a-w C:\ProgramData\ezsid.dat
2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-01-10 01:16 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-10 00:52 0 ----a-w C:\Users\User\AppData\Roaming\wklnhst.dat
2008-01-06 02:26 174 --sha-w C:\Program Files\desktop.ini
2008-01-06 02:13 8,192 ----a-w C:\Windows\System32\riched32.dll
2008-01-06 02:11 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-01-06 02:11 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-01-06 02:11 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-01-06 02:11 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-01-06 02:11 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-01-06 02:11 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-01-06 02:11 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-01-06 02:11 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-01-06 02:11 2,923,520 ----a-w C:\Windows\explorer.exe
.

((((((((((((((((((((((((((((( snapshot@2008-04-01_ 0.57.16.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-31 22:51:47 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-03-31 23:03:02 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-03-31 22:51:52 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-03-31 23:01:22 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-03-31 22:56:48 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-31 23:03:20 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-31 23:03:20 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-03-31 22:54:06 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-03-31 22:59:23 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-03-31 22:54:06 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-31 22:59:23 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-31 22:54:06 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-03-31 22:59:23 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-03-28 01:34 262144 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-03-28 01:34 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-03-28 01:34 262144]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 03:16 1232896]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 20:10 1688872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-16 23:34 634880]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 05:36 827392]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 19:50 4390912 C:\Windows\RtHDVCpl.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 16:37 174872]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-23 18:11 176128]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 11:54 50696]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-05-01 12:27 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-01 12:27 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-01 12:27 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 20:12 17920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 15:21 2213160]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-01-30 00:02 200768]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4180361220-1552138013-881274573-1000]
"EnableNotificationsRef"=dword:00000003

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8D019FEF-E570-4541-BDC6-758B21A0EC22}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{309C3D5E-73C0-461D-AC5E-BFA280CF99F3}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5DE9372B-D0BF-484D-90BF-05ED7F24C183}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{68055C8E-413F-4C36-83A6-EF22882D29E1}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{65A20000-E69E-43E8-98F4-2A0FF49EF10E}"= UDP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{D8E88FDD-0E81-4D6A-8A9D-25F3FA8029EB}"= TCP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{3AE5497A-9DAD-469A-B584-CD2C20800F81}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{001E1B0F-43E9-4DA4-AD02-65370E91857B}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{A1BABACB-82F9-4F3A-8C6D-90DA1FB972A4}"= UDP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{05C81580-F4AE-401E-8663-819C55F88C71}"= TCP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{CA6DF1A0-9E6E-4755-9CD0-A7AE1FC53D92}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{040EF2C2-C93C-457F-BC24-C178075EA970}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{45056A9B-D1A1-4BF5-AAC6-05AB36DC4210}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{884F04AE-507C-4FA0-81FA-7141AC33E530}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{BEB79C12-0D08-459D-9237-16C0C25B7498}C:\\program files\\dap\\dap.exe"= UDP:C:\program files\dap\dap.exe:Download Accelerator Plus
"UDP Query User{2EAFDD3E-E533-45CE-B053-7965F4FA3F98}C:\\program files\\dap\\dap.exe"= TCP:C:\program files\dap\dap.exe:Download Accelerator Plus
"{7B80443B-2D73-4C43-81B5-72D311CADED1}"= UDP:C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe:VideoAccelerator
"{8FA9FB48-B643-4E7F-8947-41ACB182263A}"= TCP:C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe:VideoAccelerator
"{C3BA190C-BC8B-4D85-98AA-BB12CC1D3418}"= UDP:C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe:VideoAcceleratorService
"{6B42ACC3-99E5-4156-B5B9-702917683297}"= TCP:C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe:VideoAcceleratorService
"{6BA4C9CD-47F7-4A21-BAF8-D6DD30B82ADA}"= C:\Program Files\Windows Live\Messenger\wlcsdk.exe:Windows Live Messenger (Phone)
"{D0649323-C43F-4A98-A4A3-5CA99C25B808}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{36041FFA-D455-4FF8-A635-EB575C41722C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8C481C75-4DBF-4D53-9065-778B50CF8CA8}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-01-25 20:33]
R2 ASBroker;Operatore della sessione di accesso;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
R2 ASChannel;Canale di comunicazione locale;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
S3 BCM43XV;Driver della scheda di rete Broadcom Extensible 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 09:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
GPSvcGroup REG_MULTI_SZ GPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffcf0130-a800-11dc-b69c-001b24d6a90f}]
\shell\AutoRun\command - F:\winPenPack.exe

*Newly Created Service* - CATCHME
.
Contenuto della cartella 'Scheduled Tasks'
"2008-03-30 17:50:26 C:\Windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-01 01:03:35
Windows 6.0.6000 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-04-01 1.04.34
ComboFix-quarantined-files.txt 2008-03-31 23:04:31
ComboFix2.txt 2008-03-31 22:57:40
Impossibile trovare il testo del messaggio per il numero di messaggio 0x2379 nel file di messaggio per Application.
Impossibile trovare il testo del messaggio per il numero di messaggio 0x2379 nel file di messaggio per Application.
.
2008-03-27 17:50:16 --- E O F ---

3- host di hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1.10.13, on 01/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\User\Documents\Cartelle e sottocartelle varie\Programmi vari\Antivirus\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.inter.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=73&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=73&bd=Pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Anti-virus web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://thepezz.spaces.live.com/PhotoUpload/VistaMsnPUpldit-it.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

--
End of file - 10029 bytes

-------------------------------------------------------------------------------------
Fatto ciò,ti volevo dire che penso di aver fatto tutto secondo istruzione,c ha messo un bel pò di tempo!!
Ti ricordo che ho vista,durante la scans di combofix mi appariva quache riga di errore del tipo "testo mancante non ricordo di cosa",ma credo che sia cmq andato tutto a buon fine;
volevo inoltre chiederti se e quando posso riattivare il ripristino del sistema.
GRAZIE x l'attenzione......