Olimpo Informatico

[fulmine]

questi sono i miei log :

Logfile of HijackThis v1.99.1
Scan saved at 20.10.32, on 17/04/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Windows\vVX3000.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\AliceTiAiuta\McciTrayApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Portrait Displays\forteManager\DTHtml.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Lphant\eLePhantClient.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\samu\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [DT LGE] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -LGE
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [ataDaemon] C:\Program Files\AliceTiAiuta\McciTrayApp.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28DBB6BB-DC31-471F-BF9B-BFA84D3D7F9E}: NameServer = 85.37.17.4 85.38.28.70
O17 - HKLM\System\CS1\Services\Tcpip\..\{28DBB6BB-DC31-471F-BF9B-BFA84D3D7F9E}: NameServer = 85.37.17.4 85.38.28.70
O17 - HKLM\System\CS2\Services\Tcpip\..\{28DBB6BB-DC31-471F-BF9B-BFA84D3D7F9E}: NameServer = 85.37.17.4 85.38.28.70
O17 - HKLM\System\CS6\Services\Tcpip\..\{28DBB6BB-DC31-471F-BF9B-BFA84D3D7F9E}: NameServer = 85.37.17.4 85.38.28.70
O17 - HKLM\System\CS8\Services\Tcpip\..\{28DBB6BB-DC31-471F-BF9B-BFA84D3D7F9E}: NameServer = 85.37.17.4 85.38.28.70
O17 - HKLM\System\CS12\Services\Tcpip\..\{28DBB6BB-DC31-471F-BF9B-BFA84D3D7F9E}: NameServer = 85.37.17.4 85.38.28.70
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O20 - Winlogon Notify: klogon - C:\Windows\system32\klogon.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Accesso secondario (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)


ComboFix 08-04-16.5 - samu 2008-04-17 20.17.32.3 - NTFSx86
Microsoft® Windows Vista? Home Premium 6.0.6000.0.1252.1.1040.18.1167 [GMT 2:00]
Eseguito da: C:\Users\samu\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Creati Da 2008-03-17 al 2008-04-17 )))))))))))))))))))))))))))))))))))
.

2008-04-06 21:45 . 2000-05-16 10:40 83,968 --a------ C:\Windows\UnGins.exe
2008-03-26 16:49 . 2008-03-26 16:49 <DIR> d-------- C:\Users\samu\AppData\Roaming\PC Tools
2008-03-26 16:49 . 2008-04-17 15:14 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-03-26 16:49 . 2007-12-10 15:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-03-26 16:49 . 2007-12-10 15:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-03-26 16:49 . 2008-02-01 13:55 42,376 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-03-26 16:49 . 2007-12-10 15:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-03-26 16:47 . 2008-04-17 14:44 <DIR> d-------- C:\Users\All Users\Google Updater
2008-03-26 16:47 . 2008-04-17 14:44 <DIR> d-------- C:\ProgramData\Google Updater
2008-03-26 15:35 . 2008-03-26 15:35 2,311 --a------ C:\Windows\wininit.ini
2008-03-26 15:02 . 2008-03-26 15:36 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-03-26 15:02 . 2008-03-26 15:36 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-03-26 15:02 . 2008-03-26 15:02 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-26 14:49 . 2008-04-17 20:13 <DIR> d-a------ C:\Users\All Users\TEMP
2008-03-26 14:49 . 2008-04-17 20:13 <DIR> d-a------ C:\ProgramData\TEMP
2008-03-25 23:10 . 2008-03-25 23:10 244 --ah----- C:\sqmnoopt00.sqm
2008-03-25 23:10 . 2008-03-25 23:10 232 --ah----- C:\sqmdata00.sqm
2008-03-25 12:45 . 2008-03-25 12:45 <DIR> d-------- C:\Program Files\VS Revo Group
2008-03-22 16:39 . 2008-03-22 16:52 <DIR> d-------- C:\Users\samu\AppData\Roaming\MiniDm
2008-03-22 13:38 . 2005-09-17 12:24 <DIR> d-------- C:\nero7
2008-03-21 21:47 . 2008-03-21 21:47 <DIR> d-------- C:\Program Files\AskTBar
2008-03-21 21:21 . 2008-03-21 21:21 <DIR> d-------- C:\Program Files\IEPro
2008-03-21 21:19 . 2008-03-21 21:21 <DIR> d-------- C:\Program Files\IE7Pro
2008-03-21 21:03 . 2007-11-07 10:41 82,945 --a------ C:\Users\samu\encopy4.exe
2008-03-21 21:00 . 2008-03-21 21:00 <DIR> d-------- C:\Program Files\Encopy4
2008-03-21 20:52 . 2008-04-05 19:35 <DIR> d-------- C:\Windows\Downloaded Installations
2008-03-21 20:39 . 2008-03-26 16:54 <DIR> d-------- C:\Users\All Users\Adobe
2008-03-21 20:39 . 2008-03-26 16:54 <DIR> d-------- C:\Program Files\Common Files\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-17 18:17 47,385,888 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-04-17 18:13 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-04-17 12:56 636,596 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-04-17 12:53 96,645 ----a-w C:\Windows\system32\drivers\klin.dat
2008-04-17 12:53 87,941 ----a-w C:\Windows\system32\drivers\klick.dat
2008-04-17 09:56 --------- d-----w C:\Users\samu\AppData\Roaming\Skype
2008-04-17 09:04 --------- d-----w C:\Users\samu\AppData\Roaming\skypePM
2008-04-12 15:35 --------- d-----w C:\Users\samu\AppData\Roaming\Canon
2008-04-09 14:25 --------- d-----w C:\Program Files\Windows Mail
2008-04-07 20:14 440 ----a-w C:\Users\samu\AppData\Roaming\wklnhst.dat
2008-03-26 15:43 --------- d-----w C:\Program Files\Google
2008-03-25 14:57 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-03-25 14:54 --------- d-----w C:\Program Files\Yahoo!
2008-03-25 11:28 --------- d-----w C:\Users\samu\AppData\Roaming\BitTorrent
2008-03-25 11:27 --------- d-----w C:\ProgramData\NtiDvdCopy
2008-03-25 11:05 --------- d-----w C:\ProgramData\Nero
2008-03-25 11:05 --------- d-----w C:\Program Files\Common Files\Nero
2008-03-23 14:57 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-27 16:13 --------- d-----w C:\Program Files\Windows Live
2008-02-23 02:38 43,872 ----a-w C:\Windows\system32\drivers\pxhelp20.sys
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-20 11:41 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe
2008-02-13 15:58 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-13 15:51 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-13 15:51 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-13 15:51 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 15:51 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 15:51 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-13 15:50 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 15:50 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 15:50 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 15:50 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-13 15:50 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 15:50 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 15:50 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-01 10:17 586,752 ----a-w C:\Windows\WLXPGSS.SCR
2008-01-31 14:40 2,560 ----a-w C:\Windows\_MSRSTRT.EXE
2007-12-18 11:25 1,505,581 ----a-w C:\Users\samu\Lphant-v2.01-Installer.exe
2007-12-18 11:24 1,382,178 ----a-w C:\Users\samu\Lphant-v3.50-Installer.exe
2007-12-10 09:24 113 ----a-w C:\Users\samu\BackupResult.DAT
2007-11-28 10:17 32 ----a-w C:\Users\All Users\ezsid.dat
2007-11-28 10:17 32 ----a-w C:\ProgramData\ezsid.dat
2007-11-27 00:41 174 --sha-w C:\Program Files\desktop.ini
2007-12-29 21:31 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-12-29 21:31 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-12-29 21:31 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-04-17_14.43.06,99 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-17 12:29:23 67,584 ----a-w C:\Windows\bootstat.dat
+ 2008-04-17 12:56:53 67,584 ----a-w C:\Windows\bootstat.dat
- 2008-04-17 12:29:24 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-04-17 12:56:55 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-04-17 12:29:24 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-04-17 12:56:55 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-04-17 12:32:58 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-17 13:00:24 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-17 13:00:24 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-04-17 12:32:52 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-17 13:00:14 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-17 13:00:14 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-04-16 14:34:23 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-17 12:57:18 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-16 14:34:23 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-17 12:57:18 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-16 14:34:23 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-17 12:57:18 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-17 12:34:55 103,726 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-04-17 13:03:32 103,726 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-17 12:34:55 114,622 ----a-w C:\Windows\System32\perfc010.dat
+ 2008-04-17 13:03:32 114,622 ----a-w C:\Windows\System32\perfc010.dat
- 2008-04-17 12:34:55 609,944 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-04-17 13:03:32 609,944 ----a-w C:\Windows\System32\perfh009.dat
- 2008-04-17 12:34:55 682,184 ----a-w C:\Windows\System32\perfh010.dat
+ 2008-04-17 13:03:32 682,184 ----a-w C:\Windows\System32\perfh010.dat
- 2008-04-17 12:33:24 10,228 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-854369108-3402513607-758492476-1000_UserData.bin
+ 2008-04-17 13:00:53 10,228 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-854369108-3402513607-758492476-1000_UserData.bin
- 2008-04-17 12:33:23 83,556 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-17 13:00:51 83,708 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-04-17 12:33:18 68,828 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-04-17 13:00:44 68,844 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-27 02:15 68856]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-11-19 14:49 214456]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eRecoveryService"="" []
"Acer Tour"="" []
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 13:51 218376]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"VX3000"="C:\Windows\vVX3000.exe" [2007-04-10 23:46 709992]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-10-14 19:09 103712]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 10:56 4493312 C:\Windows\RtHDVCpl.exe]
"PCMMediaSharing"="C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2007-06-21 18:33 204908]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 12:02 79400]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 23:45 279912]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 16:33 457216]
"DT LGE"="C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2007-10-11 17:17 81920]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-03 18:00 644696]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 18:50 1603152]
"ataDaemon"="C:\Program Files\AliceTiAiuta\McciTrayApp.exe" [2007-10-17 11:56 1007504]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 13:55 1103240]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\Windows\pss\Google Updater.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
--a------ 2007-05-31 16:35 326440 C:\Acer\Empowering Technology\SysMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
--a------ 2007-05-22 15:49 151552 C:\Acer\AcerTour\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-22 16:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-01-24 00:30 29744 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
--a------ 2008-02-01 13:55 1103240 C:\Program Files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2007-07-11 10:18 1006264 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{374A709D-89CD-442B-8327-722C8EF98D34}C:\\program files\\lphant\\elephantclient.exe"= UDP:C:\program files\lphant\elephantclient.exe:lphant Client
"UDP Query User{257142A9-E46B-4A77-AEF6-97AB65EB64D7}C:\\program files\\lphant\\elephantclient.exe"= TCP:C:\program files\lphant\elephantclient.exe:lphant Client
"TCP Query User{3161CA07-A8AD-4FF8-9941-B80CCB26927C}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"UDP Query User{3BA5FE19-3B40-4C4E-84F9-F4BBAC60DE23}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"4c54a7a0-1e55-4d1f-b42c-c82b568646aa"= UDP:5665:porta tpc
"05550553-bf3a-41ce-8498-42eb2b42c044"= TCP:5666:porta udp
"TCP Query User{368DB67B-EA78-4B19-B26B-44C5BE09D943}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{3ADAA755-AAB5-4E65-B101-787A11B7BDC8}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\\Program Files\\IEPro\\MiniDM.exe"= C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 16:34]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 16:34]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 16:34]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-04-04 15:59]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-06-21 18:33]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 16:34]
R2 McciCMService;McciCMService;"C:\Program Files\Common Files\Motive\McciCMService.exe" [2007-09-07 15:07]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 23:45]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-17 16:01]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSGB6.sys [2007-01-22 10:09]
S3 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-24 00:30]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-10-12 16:30]
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-10-12 16:30]
S3 SiS6350;SiS6350;C:\Windows\system32\DRIVERS\SISGRKMD.sys [2007-06-05 13:08]
S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2006-09-19 16:47]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbf2bf75-b9df-11dc-ae0a-001c252909a0}]
\shell\Auto\command - UFO.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2008-04-17 11:27:19 C:\Windows\Tasks\User_Feed_Synchronization-{7B4B2A60-3646-4CAE-B1C7-DBF8DA168A00}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-17 20:21:21
Windows 6.0.6000 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 62

**************************************************************************
.
Ora fine scansione: 2008-04-17 20.23.04
ComboFix-quarantined-files.txt 2008-04-17 18:22:54
ComboFix2.txt 2008-04-17 12:43:59
ComboFix3.txt 2008-04-16 14:11:17

14 Directory 170,824,638,464 byte disponibili
21 Directory 170,786,488,320 byte disponibili
.
2008-04-11 10:38:09 --- E O F ---

[bdoriano]

Ciao fulmine,

l'unica voce fuori posto è la seguente:

[fulmine]

può essere il mio hard-disk esterno, unità j.

[fulmine]

ok, grazie Bdoriano, speravo in un tuo appoggio

[bdoriano]

Hai fatto questi passaggi?

[fulmine]

il log hijackthis è questo:
Logfile of HijackThis v1.99.1
Scan saved at 21.27.02, on 19/04/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Windows\vVX3000.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\AliceTiAiuta\McciTrayApp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Portrait Displays\forteManager\DTHtml.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Windows\system32\svchost.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\samu\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [DT LGE] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -LGE
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [ataDaemon] C:\Program Files\AliceTiAiuta\McciTrayApp.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28DBB6BB-DC31-471F-BF9B-BFA84D3D7F9E}: NameServer = 85.37.17.4 85.38.28.70
O17 - HKLM\System\CS1\Services\Tcpip\..\{28DBB6BB-DC31-471F-BF9B-BFA84D3D7F9E}: NameServer = 85.37.17.4 85.38.28.70
O17 - HKLM\System\CS2\Services\Tcpip\..\{28DBB6BB-DC31-471F-BF9B-BFA84D3D7F9E}: NameServer = 85.37.17.4 85.38.28.70
O17 - HKLM\System\CS6\Services\Tcpip\..\{28DBB6BB-DC31-471F-BF9B-BFA84D3D7F9E}: NameServer = 85.37.17.4 85.38.28.70
O17 - HKLM\System\CS8\Services\Tcpip\..\{28DBB6BB-DC31-471F-BF9B-BFA84D3D7F9E}: NameServer = 85.37.17.4 85.38.28.70
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: klogon - C:\Windows\system32\klogon.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Accesso secondario (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

[fulmine]

il log di combofix l'ho postato, dimmi tu ora

[fulmine]

Pardon il log n-fix l'ho postato come hai detto

[fulmine]

Questo è il mio log nfix_2008
Norman Malware Cleaner
Copyright © 1990 - 2008, Norman ASA. Built 2008/04/14 19:07:00

Norman Scanner Engine Version: 5.92.04
Nvcbin.def Version: 5.92.00, Date: 2008/04/14 19:07:00, Variants: 1516167

Running pre-scan cleanup routine:
Operating System: Microsoft Windows Vista 6.0.6000
Logged on user: PC-samu\samu

edit by bdoriano: log eliminato perché incompleto. I logs vanno caricati su FreeFileHosting come indicato qui.

[bdoriano]

Mancano 2 cose:

[fulmine]

NFix_2008-04-19_14-48-122.log

[fulmine]

scusa la confusione, questo è il log hijackthis e combofix:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.36.27, on 20/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Windows\vVX3000.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\AliceTiAiuta\McciTrayApp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Portrait Displays\forteManager\DTHtml.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Hijackthis\HiJackThis(2).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [DT LGE] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -LGE
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [ataDaemon] C:\Program Files\AliceTiAiuta\McciTrayApp.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CS2\Services\Tcpip\..\{28DBB6BB-DC31-471F-BF9B-BFA84D3D7F9E}: NameServer = 85.37.17.4 85.38.28.70
O17 - HKLM\System\CS6\Services\Tcpip\..\{28DBB6BB-DC31-471F-BF9B-BFA84D3D7F9E}: NameServer = 85.37.17.4 85.38.28.70
O17 - HKLM\System\CS8\Services\Tcpip\..\{28DBB6BB-DC31-471F-BF9B-BFA84D3D7F9E}: NameServer = 85.37.17.4 85.38.28.70
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 9673 bytes
ComboFix 08-04-18.3 - samu 2008-04-20 10.44.35.5 - NTFSx86
Microsoft® Windows Vista? Home Premium 6.0.6000.0.1252.1.1040.18.1455 [GMT 2:00]
Eseguito da: C:\Users\samu\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Creati Da 2008-03-20 al 2008-04-20 )))))))))))))))))))))))))))))))))))
.

2008-04-18 11:14 . 2008-04-18 11:14 <DIR> d-------- C:\Users\All Users\Office Genuine Advantage
2008-04-18 11:14 . 2008-04-18 11:14 <DIR> d-------- C:\ProgramData\Office Genuine Advantage
2008-04-17 22:27 . 2008-04-17 22:27 <DIR> d-------- C:\Users\samu\AppData\Roaming\Leadertech
2008-04-08 12:16 . 2008-04-08 12:16 693,792 --a------ C:\Windows\System32\OGACheckControl.dll
2008-04-08 12:16 . 2008-04-08 12:16 560,672 --a------ C:\Windows\System32\OGAAddin.dll
2008-04-08 12:16 . 2008-04-08 12:16 504,864 --a------ C:\Windows\System32\OGAVerify.exe
2008-04-06 21:45 . 2000-05-16 10:40 83,968 --a------ C:\Windows\UnGins.exe
2008-03-26 16:49 . 2008-03-26 16:49 <DIR> d-------- C:\Users\samu\AppData\Roaming\PC Tools
2008-03-26 16:49 . 2008-04-17 15:14 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-03-26 16:49 . 2007-12-10 15:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-03-26 16:49 . 2007-12-10 15:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-03-26 16:49 . 2008-02-01 13:55 42,376 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-03-26 16:49 . 2007-12-10 15:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-03-26 16:47 . 2008-04-19 20:31 <DIR> d-------- C:\Users\All Users\Google Updater
2008-03-26 16:47 . 2008-04-19 20:31 <DIR> d-------- C:\ProgramData\Google Updater
2008-03-26 15:35 . 2008-03-26 15:35 2,311 --a------ C:\Windows\wininit.ini
2008-03-26 15:02 . 2008-03-26 15:36 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-03-26 15:02 . 2008-03-26 15:36 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-03-26 15:02 . 2008-03-26 15:02 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-26 14:49 . 2008-04-20 07:47 <DIR> d-a------ C:\Users\All Users\TEMP
2008-03-26 14:49 . 2008-04-20 07:47 <DIR> d-a------ C:\ProgramData\TEMP
2008-03-25 23:10 . 2008-03-25 23:10 244 --ah----- C:\sqmnoopt00.sqm
2008-03-25 23:10 . 2008-03-25 23:10 232 --ah----- C:\sqmdata00.sqm
2008-03-25 12:45 . 2008-03-25 12:45 <DIR> d-------- C:\Program Files\VS Revo Group
2008-03-22 16:39 . 2008-03-22 16:52 <DIR> d-------- C:\Users\samu\AppData\Roaming\MiniDm
2008-03-22 13:38 . 2005-09-17 12:24 <DIR> d-------- C:\nero7
2008-03-21 21:47 . 2008-03-21 21:47 <DIR> d-------- C:\Program Files\AskTBar
2008-03-21 21:21 . 2008-03-21 21:21 <DIR> d-------- C:\Program Files\IEPro
2008-03-21 21:19 . 2008-03-21 21:21 <DIR> d-------- C:\Program Files\IE7Pro
2008-03-21 21:03 . 2007-11-07 10:41 82,945 --a------ C:\Users\samu\encopy4.exe
2008-03-21 21:00 . 2008-03-21 21:00 <DIR> d-------- C:\Program Files\Encopy4
2008-03-21 20:52 . 2008-04-05 19:35 <DIR> d-------- C:\Windows\Downloaded Installations
2008-03-21 20:39 . 2008-03-26 16:54 <DIR> d-------- C:\Users\All Users\Adobe
2008-03-21 20:39 . 2008-03-26 16:54 <DIR> d-------- C:\Program Files\Common Files\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-20 08:43 48,014,880 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-04-20 05:22 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-04-19 19:44 647,636 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-04-19 19:27 --------- d-----w C:\Users\samu\AppData\Roaming\Skype
2008-04-19 19:05 --------- d-----w C:\Users\samu\AppData\Roaming\skypePM
2008-04-17 12:53 96,645 ----a-w C:\Windows\system32\drivers\klin.dat
2008-04-17 12:53 87,941 ----a-w C:\Windows\system32\drivers\klick.dat
2008-04-12 15:35 --------- d-----w C:\Users\samu\AppData\Roaming\Canon
2008-04-09 14:25 --------- d-----w C:\Program Files\Windows Mail
2008-04-07 20:14 440 ----a-w C:\Users\samu\AppData\Roaming\wklnhst.dat
2008-03-26 15:43 --------- d-----w C:\Program Files\Google
2008-03-25 14:57 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-03-25 14:54 --------- d-----w C:\Program Files\Yahoo!
2008-03-25 11:28 --------- d-----w C:\Users\samu\AppData\Roaming\BitTorrent
2008-03-25 11:27 --------- d-----w C:\ProgramData\NtiDvdCopy
2008-03-25 11:05 --------- d-----w C:\ProgramData\Nero
2008-03-25 11:05 --------- d-----w C:\Program Files\Common Files\Nero
2008-03-23 14:57 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-27 16:13 --------- d-----w C:\Program Files\Windows Live
2008-02-23 02:38 43,872 ----a-w C:\Windows\system32\drivers\pxhelp20.sys
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-20 11:41 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe
2008-02-13 15:58 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-13 15:51 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-13 15:51 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-13 15:51 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 15:51 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 15:51 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-13 15:50 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 15:50 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 15:50 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 15:50 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-13 15:50 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 15:50 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 15:50 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-01 10:17 586,752 ----a-w C:\Windows\WLXPGSS.SCR
2008-01-31 14:40 2,560 ----a-w C:\Windows\_MSRSTRT.EXE
2007-12-18 11:25 1,505,581 ----a-w C:\Users\samu\Lphant-v2.01-Installer.exe
2007-12-18 11:24 1,382,178 ----a-w C:\Users\samu\Lphant-v3.50-Installer.exe
2007-12-10 09:24 113 ----a-w C:\Users\samu\BackupResult.DAT
2007-11-28 10:17 32 ----a-w C:\Users\All Users\ezsid.dat
2007-11-28 10:17 32 ----a-w C:\ProgramData\ezsid.dat
2007-11-27 00:41 174 --sha-w C:\Program Files\desktop.ini
2007-12-29 21:31 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-12-29 21:31 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-12-29 21:31 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot_2008-04-19_21.22.07,01 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-19 18:25:44 67,584 ----a-w C:\Windows\bootstat.dat
+ 2008-04-20 08:26:08 67,584 ----a-w C:\Windows\bootstat.dat
- 2008-04-19 18:25:45 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-04-20 05:20:20 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-04-19 18:25:45 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-04-20 05:20:20 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-04-19 18:29:26 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-20 05:23:59 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-20 05:23:59 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-04-19 18:29:21 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-20 05:23:54 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-20 05:23:54 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-04-19 18:31:14 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-20 05:20:25 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-19 18:31:14 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-20 05:20:25 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-19 18:31:14 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-20 05:20:25 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-19 18:33:09 103,726 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-04-20 05:27:26 103,726 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-19 18:33:09 114,622 ----a-w C:\Windows\System32\perfc010.dat
+ 2008-04-20 05:27:27 114,622 ----a-w C:\Windows\System32\perfc010.dat
- 2008-04-19 18:33:09 609,944 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-04-20 05:27:26 609,944 ----a-w C:\Windows\System32\perfh009.dat
- 2008-04-19 18:33:09 682,184 ----a-w C:\Windows\System32\perfh010.dat
+ 2008-04-20 05:27:27 682,184 ----a-w C:\Windows\System32\perfh010.dat
- 2008-04-19 18:30:01 10,260 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-854369108-3402513607-758492476-1000_UserData.bin
+ 2008-04-20 05:24:31 10,268 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-854369108-3402513607-758492476-1000_UserData.bin
- 2008-04-19 18:30:00 84,100 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-20 05:24:29 84,228 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-04-19 18:29:47 69,050 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-04-20 05:24:17 69,050 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-04-19 18:22:42 397,740 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2008-04-20 08:26:10 398,804 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-27 02:15 68856]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-11-19 14:49 214456]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eRecoveryService"="" []
"Acer Tour"="" []
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 13:51 218376]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"VX3000"="C:\Windows\vVX3000.exe" [2007-04-10 23:46 709992]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-10-14 19:09 103712]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 10:56 4493312 C:\Windows\RtHDVCpl.exe]
"PCMMediaSharing"="C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2007-06-21 18:33 204908]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 12:02 79400]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 23:45 279912]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 16:33 457216]
"DT LGE"="C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2007-10-11 17:17 81920]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-03 18:00 644696]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 18:50 1603152]
"ataDaemon"="C:\Program Files\AliceTiAiuta\McciTrayApp.exe" [2007-10-17 11:56 1007504]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 13:55 1103240]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\Windows\pss\Google Updater.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
--a------ 2007-05-31 16:35 326440 C:\Acer\Empowering Technology\SysMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
--a------ 2007-05-22 15:49 151552 C:\Acer\AcerTour\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-22 16:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-01-24 00:30 29744 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
--a------ 2008-02-01 13:55 1103240 C:\Program Files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2007-07-11 10:18 1006264 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{374A709D-89CD-442B-8327-722C8EF98D34}C:\\program files\\lphant\\elephantclient.exe"= UDP:C:\program files\lphant\elephantclient.exe:lphant Client
"UDP Query User{257142A9-E46B-4A77-AEF6-97AB65EB64D7}C:\\program files\\lphant\\elephantclient.exe"= TCP:C:\program files\lphant\elephantclient.exe:lphant Client
"TCP Query User{3161CA07-A8AD-4FF8-9941-B80CCB26927C}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"UDP Query User{3BA5FE19-3B40-4C4E-84F9-F4BBAC60DE23}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"4c54a7a0-1e55-4d1f-b42c-c82b568646aa"= UDP:5665:porta tpc
"05550553-bf3a-41ce-8498-42eb2b42c044"= TCP:5666:porta udp
"TCP Query User{368DB67B-EA78-4B19-B26B-44C5BE09D943}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{3ADAA755-AAB5-4E65-B101-787A11B7BDC8}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\\Program Files\\IEPro\\MiniDM.exe"= C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 16:34]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 16:34]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 16:34]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-04-04 15:59]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-06-21 18:33]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 16:34]
R2 McciCMService;McciCMService;"C:\Program Files\Common Files\Motive\McciCMService.exe" [2007-09-07 15:07]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 23:45]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-17 16:01]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSGB6.sys [2007-01-22 10:09]
S3 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-24 00:30]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-10-12 16:30]
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-10-12 16:30]
S3 SiS6350;SiS6350;C:\Windows\system32\DRIVERS\SISGRKMD.sys [2007-06-05 13:08]
S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2006-09-19 16:47]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbf2bf75-b9df-11dc-ae0a-001c252909a0}]
\shell\Auto\command - UFO.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2008-04-20 05:25:16 C:\Windows\Tasks\User_Feed_Synchronization-{7B4B2A60-3646-4CAE-B1C7-DBF8DA168A00}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-20 10:47:59
Windows 6.0.6000 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


**************************************************************************
.
Ora fine scansione: 2008-04-20 10.50.39
ComboFix-quarantined-files.txt 2008-04-20 08:49:31
ComboFix2.txt 2008-04-19 19:23:24
ComboFix3.txt 2008-04-17 18:23:06
ComboFix4.txt 2008-04-17 12:43:59
ComboFix5.txt 2008-04-16 14:11:17

14 Directory 167,145,725,952 byte disponibili
21 Directory 167,108,829,184 byte disponibili

273 --- E O F --- 2008-04-17 20:24:45

[bdoriano]

Crea un file di testo con le seguenti istruzioni:

[fulmine]

ecco i log di hijackthis e combofix:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.07.11, on 20/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Windows\vVX3000.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\AliceTiAiuta\McciTrayApp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Portrait Displays\forteManager\DTHtml.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Hijackthis\HiJackThis(2).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [DT LGE] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -LGE
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [ataDaemon] C:\Program Files\AliceTiAiuta\McciTrayApp.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CS2\Services\Tcpip\..\{28DBB6BB-DC31-471F-BF9B-BFA84D3D7F9E}: NameServer = 85.37.17.4 85.38.28.70
O17 - HKLM\System\CS6\Services\Tcpip\..\{28DBB6BB-DC31-471F-BF9B-BFA84D3D7F9E}: NameServer = 85.37.17.4 85.38.28.70
O17 - HKLM\System\CS8\Services\Tcpip\..\{28DBB6BB-DC31-471F-BF9B-BFA84D3D7F9E}: NameServer = 85.37.17.4 85.38.28.70
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 9673 bytes

ComboFix 08-04-18.3 - samu 2008-04-20 13.58.30.6 - NTFSx86
Microsoft® Windows Vista? Home Premium 6.0.6000.0.1252.1.1040.18.1331 [GMT 2:00]
Eseguito da: C:\Users\samu\Desktop\ComboFix.exe
Command switches used :: C:\Users\samu\Desktop\CFScript.txt
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((( Files Creati Da 2008-03-20 al 2008-04-20 )))))))))))))))))))))))))))))))))))
.

2008-04-18 11:14 . 2008-04-18 11:14 <DIR> d-------- C:\Users\All Users\Office Genuine Advantage
2008-04-18 11:14 . 2008-04-18 11:14 <DIR> d-------- C:\ProgramData\Office Genuine Advantage
2008-04-17 22:27 . 2008-04-17 22:27 <DIR> d-------- C:\Users\samu\AppData\Roaming\Leadertech
2008-04-08 12:16 . 2008-04-08 12:16 693,792 --a------ C:\Windows\System32\OGACheckControl.dll
2008-04-08 12:16 . 2008-04-08 12:16 560,672 --a------ C:\Windows\System32\OGAAddin.dll
2008-04-08 12:16 . 2008-04-08 12:16 504,864 --a------ C:\Windows\System32\OGAVerify.exe
2008-04-06 21:45 . 2000-05-16 10:40 83,968 --a------ C:\Windows\UnGins.exe
2008-03-26 16:49 . 2008-03-26 16:49 <DIR> d-------- C:\Users\samu\AppData\Roaming\PC Tools
2008-03-26 16:49 . 2008-04-17 15:14 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-03-26 16:49 . 2007-12-10 15:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-03-26 16:49 . 2007-12-10 15:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-03-26 16:49 . 2008-02-01 13:55 42,376 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-03-26 16:49 . 2007-12-10 15:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-03-26 16:47 . 2008-04-19 20:31 <DIR> d-------- C:\Users\All Users\Google Updater
2008-03-26 16:47 . 2008-04-19 20:31 <DIR> d-------- C:\ProgramData\Google Updater
2008-03-26 15:35 . 2008-03-26 15:35 2,311 --a------ C:\Windows\wininit.ini
2008-03-26 15:02 . 2008-03-26 15:36 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-03-26 15:02 . 2008-03-26 15:36 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-03-26 15:02 . 2008-03-26 15:02 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-26 14:49 . 2008-04-20 11:39 <DIR> d-a------ C:\Users\All Users\TEMP
2008-03-26 14:49 . 2008-04-20 11:39 <DIR> d-a------ C:\ProgramData\TEMP
2008-03-25 23:10 . 2008-03-25 23:10 244 --ah----- C:\sqmnoopt00.sqm
2008-03-25 23:10 . 2008-03-25 23:10 232 --ah----- C:\sqmdata00.sqm
2008-03-25 12:45 . 2008-03-25 12:45 <DIR> d-------- C:\Program Files\VS Revo Group
2008-03-22 16:39 . 2008-03-22 16:52 <DIR> d-------- C:\Users\samu\AppData\Roaming\MiniDm
2008-03-22 13:38 . 2005-09-17 12:24 <DIR> d-------- C:\nero7
2008-03-21 21:47 . 2008-03-21 21:47 <DIR> d-------- C:\Program Files\AskTBar
2008-03-21 21:21 . 2008-03-21 21:21 <DIR> d-------- C:\Program Files\IEPro
2008-03-21 21:19 . 2008-03-21 21:21 <DIR> d-------- C:\Program Files\IE7Pro
2008-03-21 21:03 . 2007-11-07 10:41 82,945 --a------ C:\Users\samu\encopy4.exe
2008-03-21 21:00 . 2008-03-21 21:00 <DIR> d-------- C:\Program Files\Encopy4
2008-03-21 20:52 . 2008-04-05 19:35 <DIR> d-------- C:\Windows\Downloaded Installations
2008-03-21 20:39 . 2008-03-26 16:54 <DIR> d-------- C:\Users\All Users\Adobe
2008-03-21 20:39 . 2008-03-26 16:54 <DIR> d-------- C:\Program Files\Common Files\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-20 11:57 48,088,352 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-04-20 09:24 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-04-20 09:21 648,644 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-04-19 19:27 --------- d-----w C:\Users\samu\AppData\Roaming\Skype
2008-04-19 19:05 --------- d-----w C:\Users\samu\AppData\Roaming\skypePM
2008-04-17 12:53 96,645 ----a-w C:\Windows\system32\drivers\klin.dat
2008-04-17 12:53 87,941 ----a-w C:\Windows\system32\drivers\klick.dat
2008-04-12 15:35 --------- d-----w C:\Users\samu\AppData\Roaming\Canon
2008-04-09 14:25 --------- d-----w C:\Program Files\Windows Mail
2008-04-07 20:14 440 ----a-w C:\Users\samu\AppData\Roaming\wklnhst.dat
2008-03-26 15:43 --------- d-----w C:\Program Files\Google
2008-03-25 14:57 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-03-25 14:54 --------- d-----w C:\Program Files\Yahoo!
2008-03-25 11:28 --------- d-----w C:\Users\samu\AppData\Roaming\BitTorrent
2008-03-25 11:27 --------- d-----w C:\ProgramData\NtiDvdCopy
2008-03-25 11:05 --------- d-----w C:\ProgramData\Nero
2008-03-25 11:05 --------- d-----w C:\Program Files\Common Files\Nero
2008-03-23 14:57 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-27 16:13 --------- d-----w C:\Program Files\Windows Live
2008-02-23 02:38 43,872 ----a-w C:\Windows\system32\drivers\pxhelp20.sys
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-20 11:41 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe
2008-02-13 15:58 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-13 15:51 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-13 15:51 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-13 15:51 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 15:51 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 15:51 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-13 15:50 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 15:50 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 15:50 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 15:50 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-13 15:50 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 15:50 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 15:50 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-01 10:17 586,752 ----a-w C:\Windows\WLXPGSS.SCR
2008-01-31 14:40 2,560 ----a-w C:\Windows\_MSRSTRT.EXE
2007-12-18 11:25 1,505,581 ----a-w C:\Users\samu\Lphant-v2.01-Installer.exe
2007-12-18 11:24 1,382,178 ----a-w C:\Users\samu\Lphant-v3.50-Installer.exe
2007-12-10 09:24 113 ----a-w C:\Users\samu\BackupResult.DAT
2007-11-28 10:17 32 ----a-w C:\Users\All Users\ezsid.dat
2007-11-28 10:17 32 ----a-w C:\ProgramData\ezsid.dat
2007-11-27 00:41 174 --sha-w C:\Program Files\desktop.ini
2007-12-29 21:31 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-12-29 21:31 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-12-29 21:31 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot_2008-04-20_10.48.48,91 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-20 08:26:08 67,584 ----a-w C:\Windows\bootstat.dat
+ 2008-04-20 11:27:42 67,584 ----a-w C:\Windows\bootstat.dat
- 2008-04-20 05:20:20 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-04-20 09:22:25 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-04-20 05:20:20 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-04-20 09:22:25 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-04-20 05:23:59 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-20 09:26:06 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-04-20 09:26:06 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-04-20 05:23:54 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-20 09:26:01 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-04-20 09:26:01 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-04-20 05:20:25 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-04-20 09:22:35 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-20 05:20:25 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-20 09:22:35 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-20 05:20:25 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-20 09:22:35 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-20 05:27:26 103,726 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-04-20 11:33:49 103,726 ----a-w C:\Windows\System32\perfc009.dat
- 2008-04-20 05:27:27 114,622 ----a-w C:\Windows\System32\perfc010.dat
+ 2008-04-20 11:33:49 114,622 ----a-w C:\Windows\System32\perfc010.dat
- 2008-04-20 05:27:26 609,944 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-04-20 11:33:49 609,944 ----a-w C:\Windows\System32\perfh009.dat
- 2008-04-20 05:27:27 682,184 ----a-w C:\Windows\System32\perfh010.dat
+ 2008-04-20 11:33:49 682,184 ----a-w C:\Windows\System32\perfh010.dat
- 2008-04-20 05:24:31 10,268 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-854369108-3402513607-758492476-1000_UserData.bin
+ 2008-04-20 09:26:26 10,268 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-854369108-3402513607-758492476-1000_UserData.bin
- 2008-04-20 05:24:29 84,228 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-20 09:26:25 84,260 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-04-16 14:32:43 4,370 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-04-20 09:21:16 4,370 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-04-20 05:24:17 69,050 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-04-20 09:26:20 69,208 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-04-20 08:26:10 398,804 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2008-04-20 11:28:34 399,436 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-27 02:15 68856]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-11-19 14:49 214456]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eRecoveryService"="" []
"Acer Tour"="" []
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 13:51 218376]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"VX3000"="C:\Windows\vVX3000.exe" [2007-04-10 23:46 709992]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-10-14 19:09 103712]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 10:56 4493312 C:\Windows\RtHDVCpl.exe]
"PCMMediaSharing"="C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2007-06-21 18:33 204908]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 12:02 79400]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 23:45 279912]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 16:33 457216]
"DT LGE"="C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2007-10-11 17:17 81920]
"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-03 18:00 644696]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 18:50 1603152]
"ataDaemon"="C:\Program Files\AliceTiAiuta\McciTrayApp.exe" [2007-10-17 11:56 1007504]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 13:55 1103240]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\Windows\pss\Google Updater.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
--a------ 2007-05-31 16:35 326440 C:\Acer\Empowering Technology\SysMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
--a------ 2007-05-22 15:49 151552 C:\Acer\AcerTour\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-22 16:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-01-24 00:30 29744 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
--a------ 2008-02-01 13:55 1103240 C:\Program Files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2007-07-11 10:18 1006264 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{374A709D-89CD-442B-8327-722C8EF98D34}C:\\program files\\lphant\\elephantclient.exe"= UDP:C:\program files\lphant\elephantclient.exe:lphant Client
"UDP Query User{257142A9-E46B-4A77-AEF6-97AB65EB64D7}C:\\program files\\lphant\\elephantclient.exe"= TCP:C:\program files\lphant\elephantclient.exe:lphant Client
"TCP Query User{3161CA07-A8AD-4FF8-9941-B80CCB26927C}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"UDP Query User{3BA5FE19-3B40-4C4E-84F9-F4BBAC60DE23}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"4c54a7a0-1e55-4d1f-b42c-c82b568646aa"= UDP:5665:porta tpc
"05550553-bf3a-41ce-8498-42eb2b42c044"= TCP:5666:porta udp
"TCP Query User{368DB67B-EA78-4B19-B26B-44C5BE09D943}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{3ADAA755-AAB5-4E65-B101-787A11B7BDC8}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\\Program Files\\IEPro\\MiniDM.exe"= C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 16:34]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 16:34]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 16:34]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-04-04 15:59]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;"C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [2007-06-21 18:33]
R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 16:34]
R2 McciCMService;McciCMService;"C:\Program Files\Common Files\Motive\McciCMService.exe" [2007-09-07 15:07]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 23:45]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-17 16:01]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSGB6.sys [2007-01-22 10:09]
S3 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-24 00:30]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-10-12 16:30]
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-10-12 16:30]
S3 SiS6350;SiS6350;C:\Windows\system32\DRIVERS\SISGRKMD.sys [2007-06-05 13:08]
S3 WSVD;WSVD;C:\Windows\system32\drivers\WSVD.sys [2006-09-19 16:47]

.
Contenuto della cartella 'Scheduled Tasks'
"2008-04-20 05:25:16 C:\Windows\Tasks\User_Feed_Synchronization-{7B4B2A60-3646-4CAE-B1C7-DBF8DA168A00}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-20 14:02:07
Windows 6.0.6000 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 62

**************************************************************************
.
Ora fine scansione: 2008-04-20 14.03.48
ComboFix-quarantined-files.txt 2008-04-20 12:03:39
ComboFix2.txt 2008-04-20 08:50:40
ComboFix3.txt 2008-04-19 19:23:24
ComboFix4.txt 2008-04-17 18:23:06
ComboFix5.txt 2008-04-17 12:43:59

14 Directory 166,881,787,904 byte disponibili
21 Directory 166,420,217,856 byte disponibili

276 --- E O F --- 2008-04-17 20:24:45

[fulmine]

ecco fatto, questo è il link assegnatomi.
report9.html

[bdoriano]

Vengono identificati 2 adware: uno legato a IncrediMail e l'altro a LPhant.
Hai (quasi) sicuramente una periferica USB (disco esterno o chiavetta) infetta.

Devi disabilitare l'avvio automatico delle periferiche USB per poterle poi controllare con il tuo antivirus.
Per farlo in maniera semplice, scaricati il programma TweakUI da questa pagina e installalo.
Una volta installato, eseguilo e procedi con questi passaggi:

[fulmine]

Ma TweakUI.exe con vista non va, non c'è altro modo?

[bdoriano]

Ops!

Abituato come sono con XP, dimenticavo che tu hai Vista.

1. Dal menu Esegui...
   
2. digita gpedit.msc
   
3. Configurazione computer
   
4. Modelli amministrativi
   
5. Sistema
   
6. Disattiva riproduzione automatica
   
7. Impostazione - Attivata - Disattivazione riproduzione automatica: Tutte le unità

[fulmine]

non c'è sul mio pc gpedit.msc e non riesco a scaricarlo

[bdoriano]

ero convinto che anche Vista avesse quei comandi...

L'unico consiglio che ti posso dare è di provare a scaricare uno dei seguenti tools:
Thoosje Vista Tweaker
WinBubble
VistaTweaker
e cercare tra le varie opzioni la possibilità di disabilitare l'avvio automatico delle periferiche USB.

Prova anche a chiedere nella sezione apposita.