virus WIN32.BHO.df

[luisa64]

Ho preso questo virus: WIN32.BHO.df Qualcuno può aiutarmi ad eliminare
Mi hanno consigliato di scansire il computer ed inviare i risultati.
questo è il risultato della scansione con il primo programma hijackthis nel prossimo post vi invio anche i risultati che mi ha dato il secondo programma combofix
Logfile of HijackThis v1.99.1
Scan saved at 22.10.46, on 04/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA CE.EXE
C:\Programmi\RF Wireless Mouse\cm20.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Windows Live\Family Safety\fssui.exe
C:\WINDOWS\system32\winxtv\videochat03.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Acer\Empowering Technology\eLock\LockServ.exe
C:\Programmi\CASIO\Photo Loader\Plauto.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\DOCUME~1\Umberto\IMPOST~1\Temp\Directory temporanea 2 per hijackthis_199.zip\HijackThis.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\internet explorer\iexplore.exe
C:\WINDOWS\system32\igfxsrvc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.extraricerca.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 75.126.217.188 AUTO.SEARCH.MSN.COM
O1 - Hosts: 75.126.217.188 SEARCH.MSN.COM
O1 - Hosts: 75.126.217.188 SEARCH.MICROSOFT.COM
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programmi\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ntiMUI] C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA CE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [Start RF Wireless Mouse] C:\Programmi\RF Wireless Mouse\cm20.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [fssui] "C:\Programmi\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [Wintext] C:\WINDOWS\system32\winxtv\videochat03.EXE -n
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: wkcalrem.LNK = C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Photo Loader residente.lnk = C:\Programmi\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Wintext - {45525B3D-F0A7-4050-A067-3D0AFF22C45D} - C:\WINDOWS\system32\winxtv\VIDEOC~1.EXE
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: www.698698698.info
O15 - Trusted Zone: http://www.happyfile.net
O15 - Trusted Zone: http://www.otherchance.com
O15 - Trusted Zone: www.sgnappo.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A7F56F1-3022-4EE7-AFF4-2A9DC566306E}: NameServer = 213.230.130.222 213.230.155.94
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: E404Helper - {9b78985a-f68a-457b-84d2-7c08bdb7d8dd} - e404d.dll (file missing)
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: LockServ - Unknown owner - C:\Acer\Empowering Technology\eLock\LockServ.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe

[luisa64]

Ecco la seconda parte, i risultati del programma combofix
nON CI STA NEL MESSAGGIO PROVO AMETTERLO COME ALLEGATO

[luisa64]

NEL MESSAGGIO PRECEDENTE NON SONO RIUSCITO A FARCI STARE NIENTE NEMMENO L' ALLEGATO.
RIPROVO DIVIDENDO I RISULTATI DI COMBOFIX IN DUE PARTI
1°PARTE:
ComboFix 07-11-29.3 - Umberto 2007-12-04 21.51.40.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.552 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Umberto\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Creati Da 2007-11-04 al 2007-12-04 )))))))))))))))))))))))))))))))))))
.

2007-11-30 12:48 . 2007-11-30 12:48 <DIR> d-------- C:\Programmi\Microsoft SQL Server Compact Edition
2007-11-30 12:29 . 2007-10-17 13:53 43,816 --a------ C:\WINDOWS\system32\drivers\fssfltr.sys
2007-11-30 08:48 . 2007-11-30 08:48 268 --ah----- C:\sqmdata07.sqm
2007-11-30 08:48 . 2007-11-30 08:48 244 --ah----- C:\sqmnoopt07.sqm
2007-11-30 08:46 . 2007-11-30 08:46 268 --ah----- C:\sqmdata06.sqm
2007-11-30 08:46 . 2007-11-30 08:46 244 --ah----- C:\sqmnoopt06.sqm
2007-11-29 13:01 . 2007-11-29 13:01 268 --ah----- C:\sqmdata05.sqm
2007-11-29 13:01 . 2007-11-29 13:01 244 --ah----- C:\sqmnoopt05.sqm
2007-11-29 12:47 . 2007-11-29 12:47 268 --ah----- C:\sqmdata04.sqm
2007-11-29 12:47 . 2007-11-29 12:47 244 --ah----- C:\sqmnoopt04.sqm
2007-11-29 12:19 . 2007-11-29 12:46 491,520 --a------ C:\WINDOWS\system32\ddeeg.tmp
2007-11-29 09:19 . 2007-11-29 09:19 268 --ah----- C:\sqmdata03.sqm
2007-11-29 09:19 . 2007-11-29 09:19 244 --ah----- C:\sqmnoopt03.sqm
2007-11-28 13:52 . 2007-11-28 13:52 268 --ah----- C:\sqmdata02.sqm
2007-11-28 13:52 . 2007-11-28 13:52 244 --ah----- C:\sqmnoopt02.sqm
2007-11-28 12:39 . 2007-11-28 12:39 268 --ah----- C:\sqmdata01.sqm
2007-11-28 12:39 . 2007-11-28 12:39 244 --ah----- C:\sqmnoopt01.sqm
2007-11-28 08:36 . 2007-11-28 08:36 268 --ah----- C:\sqmdata00.sqm
2007-11-28 08:36 . 2007-11-28 08:36 244 --ah----- C:\sqmnoopt00.sqm
2007-11-27 11:09 . 2007-11-27 11:09 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-11-27 10:45 . 2007-11-27 10:45 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Lavasoft
2007-11-27 09:52 . 2006-04-19 22:03 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2007-11-27 09:52 . 2006-04-19 22:03 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di rete
2007-11-27 09:52 . 2006-04-19 22:16 <DIR> dr------- C:\Documents and Settings\Administrator\Preferiti
2007-11-27 09:52 . 2006-04-19 22:03 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2007-11-27 09:52 . 2006-04-19 22:03 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2007-11-27 09:52 . 2006-04-19 22:03 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2007-11-27 09:52 . 2006-04-19 22:16 <DIR> dr------- C:\Documents and Settings\Administrator\Documenti
2007-11-27 09:52 . 2006-04-19 22:03 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2007-11-26 12:59 . 2007-11-26 12:59 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2007-11-26 09:48 . 2007-11-26 09:48 <DIR> d-------- C:\Programmi\Lavasoft
2007-11-26 09:48 . 2007-11-26 09:48 <DIR> d-------- C:\Documents and Settings\Umberto\Dati applicazioni\Lavasoft
2007-11-26 09:10 . 2007-11-26 09:10 <DIR> d-------- C:\Programmi\Alwil Software
2007-11-26 09:10 . 2007-10-25 17:24 815,480 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-26 09:10 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-11-26 09:10 . 2007-10-25 17:14 95,608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-11-26 09:10 . 2007-10-25 18:05 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-26 09:10 . 2007-10-25 18:05 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-26 09:10 . 2007-10-25 18:01 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-26 09:10 . 2007-10-25 17:58 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-26 09:10 . 2007-10-25 18:03 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-25 23:41 . 2007-11-25 23:44 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-24 18:28 . 2007-11-24 18:28 39,424 --a------ C:\WINDOWS\system32\e404d.dll
2007-11-24 16:11 . 2007-11-24 16:11 <DIR> d-------- C:\Programmi\File comuni\ODBC
2007-11-16 02:59 . 2007-11-16 02:59 0 --a------ C:\WINDOWS\system32\jrspnnqat.pbk
2007-11-16 02:59 . 2007-11-16 02:59 0 --a------ C:\WINDOWS\system32\gfbrlqaok.pbk
2007-11-16 02:58 . 2007-11-16 02:58 0 --a------ C:\WINDOWS\system32\nbrjebglh.pbk
2007-11-16 02:55 . 2007-11-16 02:55 0 --a------ C:\WINDOWS\system32\qse.pbk
2007-11-16 02:55 . 2007-11-16 02:55 0 --a------ C:\WINDOWS\system32\nsafcae.pbk
2007-11-16 02:55 . 2007-11-16 02:55 0 --a------ C:\WINDOWS\system32\hcht.pbk
2007-11-16 02:55 . 2007-11-16 02:55 0 --a------ C:\WINDOWS\system32\glfsr.pbk
2007-11-16 02:55 . 2007-11-16 02:55 0 --a------ C:\WINDOWS\system32\fcs.pbk
2007-11-16 02:54 . 2007-11-16 02:54 0 --a------ C:\WINDOWS\system32\pbp.pbk
2007-11-16 02:54 . 2007-11-16 02:54 0 --a------ C:\WINDOWS\system32\p.pbk
2007-11-16 02:54 . 2007-11-16 02:54 0 --a------ C:\WINDOWS\system32\jchijskike.pbk
2007-11-16 02:54 . 2007-11-16 02:54 0 --a------ C:\WINDOWS\system32\h.pbk
2007-11-14 05:46 . 2007-11-14 05:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-14 05:46 . 2007-11-14 05:46 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-14 04:30 . 2007-11-14 04:30 <DIR> d-------- C:\Programmi\Microsoft CAPICOM 2.1.0.2
2007-11-12 03:39 . 2007-11-12 03:39 <DIR> d-------- C:\Documents and Settings\Umberto\Dati applicazioni\WinAnonymous
2007-11-12 03:34 . 2007-11-12 03:34 <DIR> d-------- C:\Programmi\File comuni\WinAnonymous
2007-11-12 03:33 . 2007-11-12 03:33 <DIR> d-------- C:\Programmi\Windows Live Toolbar
2007-11-12 03:33 . 2007-11-12 03:33 <DIR> d-------- C:\Programmi\Windows Live Favorites
2007-11-12 03:31 . 2007-11-12 03:31 <DIR> d-------- C:\Documents and Settings\Umberto\Contacts
2007-11-12 02:50 . 2007-11-12 02:50 <DIR> d-------- C:\Documents and Settings\Umberto\Dati applicazioni\winpcdoctor
2007-11-12 02:44 . 2007-11-12 02:44 <DIR> d-------- C:\Programmi\File comuni\WinPCDoctor
2007-11-12 02:28 . 2007-11-12 02:28 <DIR> d-------- C:\Programmi\WinSecureAv
2007-11-12 02:28 . 2007-11-12 02:28 <DIR> d-------- C:\Documents and Settings\Umberto\Dati applicazioni\WinSecureAv
2007-11-12 02:28 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-11-12 02:04 . 2007-11-12 02:04 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2007-11-11 22:22 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-11-11 22:22 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-11-11 22:22 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-11-11 13:04 . 2007-11-11 13:04 <DIR> d-------- C:\Programmi\Windows Live
2007-11-11 13:04 . 2007-11-11 13:04 <DIR> d--hs---- C:\Programmi\File comuni\WindowsLiveInstaller
2007-11-11 13:03 . 2007-11-11 13:04 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2007-11-11 12:39 . 2007-11-11 12:39 188 --a------ C:\WINDOWS\system32\eDataSecurity.dat
2007-11-11 11:55 . 2007-11-11 11:55 <DIR> d---s---- C:\Documents and Settings\Umberto\UserData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2007-11-28 08:29 454 ----a-w C:\Documents and Settings\Umberto\Dati applicazioni\wklnhst.dat
2007-10-25 16:54 8,483,840 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-23 16:49 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
.

((((((((((((((((((((((((((((( snapshot@2007-11-29_12.50.27.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-30 11:26:58 86,746 ----a-r C:\WINDOWS\Installer\{7FDEE06E-736C-4515-9476-EF4CB0186E6D}\wlmail.exe
+ 2007-11-30 11:49:18 125,472 ----a-r C:\WINDOWS\Installer\{ED3A387C-4C22-488A-B39D-EEC7A0198C43}\WLXPhotoGalleryIcon.exe
+ 2007-10-17 12:53:16 43,816 ----a-w C:\WINDOWS\system32\DRVSTORE\fssfltr_FB301EB9307D2 FAB641A9804E59C568C22487732\fssfltr.sys
- 2007-11-24 15:13:18 54,614 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-12-04 20:31:28 54,874 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-11-24 15:13:18 65,292 ----a-w C:\WINDOWS\system32\perfc010.dat
+ 2007-12-04 20:31:28 65,602 ----a-w C:\WINDOWS\system32\perfc010.dat
- 2007-11-24 15:13:18 384,930 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-12-04 20:31:28 385,190 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-11-24 15:13:18 430,148 ----a-w C:\WINDOWS\system32\perfh010.dat
+ 2007-12-04 20:31:28 430,442 ----a-w C:\WINDOWS\system32\perfh010.dat
+ 2006-10-24 11:30:20 412,160 ------w C:\WINDOWS\system32\photometadatahandler.dll
- 2007-03-06 01:48:10 15,584 ------w C:\WINDOWS\system32\spmsg.dll
+ 2006-10-16 15:10:58 14,640 ------w C:\WINDOWS\system32\spmsg.dll
- 2005-06-28 09:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-10-16 15:10:58 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-10-24 11:30:06 716,288 ------w C:\WINDOWS\system32\WindowsCodecs.dll
+ 2006-10-24 11:29:50 352,256 ------w C:\WINDOWS\system32\WindowsCodecsExt.dll
+ 2007-12-02 13:20:16 56,696 ----a-w C:\WINDOWS\system32\winxtv\videochat03.EXE
+ 2006-10-24 11:30:00 276,992 ------w C:\WINDOWS\system32\WMPhoto.dll
+ 2007-12-04 20:33:36 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_1c0.dat
+ 2007-12-04 20:33:32 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_67c.dat
+ 2005-09-22 22:48:08 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2005-09-22 22:48:08 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2005-09-22 22:48:06 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
GRAZIE ADESSO MANDO LA SECONDA PARTE

[luisa64]

ECCO LA SECONDA METà DEI RISULTATI CHE MI HA DATO COMBOFIX
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
2007-10-17 13:53 57384 --a------ C:\Programmi\Windows Live\Family Safety\fssbho.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 05:00]
"Polar Sync"="" []
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"LaunchApp"="Alaunch" []
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-16 17:24 C:\WINDOWS\AGRSMMSG.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-02-27 17:28 C:\WINDOWS\RTHDCPL.exe]
"AzMixerSel"="C:\Programmi\Realtek\InstallShield\A zMixerSel.exe" [2005-08-25 14:21]
"SynTPLpr"="C:\Programmi\Synaptics\SynTP\SynTPLpr. exe" [2005-01-08 07:17]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh. exe" [2005-01-08 07:16]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2006-03-23 00:12]
"ntiMUI"="C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.e xe" [2004-08-19 05:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScI nst.exe" [2004-08-19 05:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT \TINTSETP.exe" [2004-08-19 05:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TIN TSETP.exe" [2004-08-19 05:00]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 15:00]
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39]
"eLockMonitor"="C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe" [2006-03-31 10:14]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 13:55]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 13:52]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 13:55]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-03-30 18:47]
"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12]
"EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\ 3\E_FATIACE.exe" [2005-02-08 06:00]
"Start RF Wireless Mouse"="C:\Programmi\RF Wireless Mouse\cm20.exe" [2004-03-06 10:10]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [2007-10-25 17:20]
"fssui"="C:\Programmi\Windows Live\Family Safety\fssui.exe" [2007-10-17 13:53]
"Wintext"="C:\WINDOWS\system32\winxtv\videochat03. exe" [2007-12-02 14:20]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 05:00]

C:\Documents and Settings\Umberto\Menu Avvio\Programmi\Esecuzione automatica\
wkcalrem.LNK - C:\Programmi\File comuni\Microsoft Shared\Works Shared\WkCalRem.exe [2004-07-12 03:54:24]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Speed Launch.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-03-27 11:37:58]
Photo Loader residente.lnk - C:\Programmi\CASIO\Photo Loader\Plauto.exe [2006-09-29 14:05:11]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
"E404Helper"= {9b78985a-f68a-457b-84d2-7c08bdb7d8dd} - e404d.dll [ ]

R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHe lper.sys
R2 DbgMsg;Debug Message;\??\C:\WINDOWS\System32\Drivers\DbgMsg.sys
R2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\ C:\WINDOWS\system32\eLock2BurnerLockDriver.sys
R2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\C:\WINDOWS \system32\eLock2FSCTLDriver.sys
R2 EpmPsd;Acer EPM Power Scheme Driver;\??\C:\WINDOWS\system32\drivers\epm-psd.sys
R2 EpmShd;Acer EPM System Hardware Driver;\??\C:\WINDOWS\system32\drivers\epm-shd.sys
R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssflt r.sys
R2 fsssvc;Windows Live OneCare Family Safety;"C:\Programmi\Windows Live\Family Safety\fsssvc.exe"
R2 int15;int15;\??\C:\WINDOWS\system32\drivers\int15. sys
R2 LockServ;LockServ;C:\Acer\Empowering Technology\eLock\LockServ.exe -p
R2 tvicport;tvicport;\??\C:\WINDOWS\system32\drivers\ tvicport.sys
R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\Drivers\lv321av.sys
R3 psdfilter;psdfilter;\??\C:\WINDOWS\system32\Driver s\psdfilter.sys
R3 psdvdisk;psdvdisk;\??\C:\WINDOWS\system32\Drivers\ psdvdisk.sys
R3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
R3 wma9bus;9507 Mobile Phone driver (WDM);C:\WINDOWS\system32\DRIVERS\wma9bus.sys
R3 wma9mdfl;9507 Mobile Phone USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\wma9mdfl.sys
R3 wma9mdm;9507 Mobile Phone USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\wma9mdm.sys
R3 wma9mgmt;9507 Mobile Phone USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\wma9mgmt.sys
R3 wma9obex;9507 Mobile Phone USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\wma9obex.sys
S3 MosIrUsb;MosIrUsb.sys;C:\WINDOWS\system32\DRIVERS\ MosIrUsb.sys
S3 PolarUSB;Polar USB Interface;C:\WINDOWS\system32\DRIVERS\PolarUSB.sys
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys

.
************************************************** ************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-04 21:53:04
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Polar Sync = ?:\program files\polar\polar sync\????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ??????????????????????????????

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

************************************************** ************************
.
Ora fine scansione: 2007-12-04 21.53.38
C:\ComboFix2.txt ... 2007-11-29 12:50
.
--- E O F ---
GRAZIE A CHIUNQUE MI POSSA AIUTARE