Cari ragazzi per favore aiutatemi. se attivo il norton si aprono tantissime finestre "impssibile inviare il messaggio..." ho letto di altri post su questo forum e ho scaricato hijack. questa è la scansione che mi dà. per favore mi dite cosa devo fare. vi ringrazio tanto.


Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Utente\AppData\Local\Temp\DATE15D.tmp.exe
C:\Program Files\Fighters\Tray\FightersTray.exe
C:\Program Files\Fighters\SPYWAREfighter\swproTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=10148&tb=MYC-ST
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CommonToolkitTray] C:\Program Files\Fighters\Tray\FightersTray.exe
O4 - HKLM\..\Run: [SWPROguard] C:\Program Files\Fighters\SPYWAREfighter\swprotray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [DATE15D.tmp.exe] C:\Users\Utente\AppData\Local\Temp\DATE15D.tmp.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Scarica i video con Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Scarica selezionati con Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Scarica tutto con Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1401633-56FC-4406-BBAB-C44A64781610}: NameServer = 212.52.97.25 193.70.152.25
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AV Engine Scanning Service - Preventon Technologies Limited - C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe
O23 - Service: AV Watch Service - Preventon Technologies Limited - C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Client di gestione Symantec (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files\Fighters\FighterSuiteService.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: WTGService - Unknown owner - C:\Program Files\WINDEasyConnect\WTGService.exe

ciao

vai qui e analizza il file in grassetto

C:\Users\Utente\AppData\Local\Temp\DATE15D.tmp.exe

posta il risultato dell'analisi, poi fai una scansione con malwarebytes aggiornato

scaricalo da qui clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completa, fai clic su OK => Mostra i Risultati.
Assicurarti che tutto sia selezionato e clicca clic su Rimuovi selezionati.
Se ti chiede di riavviare, riavvia per completare il processo di pulizia.
Posta il rapporto .

prima di tutto ti ringrazio per avermi risposto. sto facendo come hai detto, ho scaricato anche il malwarebytes e lo sto aggiornando. tuttavia ci mette una vita per scansire il file date15d.tmp.exe
ho notato che nella stessa cartella c'è il file 14540915.exe che, come il date15d.tmp.exe ha un'icona raffigurante un computer con una x rossa in basso, stesse dimensioni, stessa icona stessa data. il virus l'ho preso ieri ma non so se aggiornando adobe o navigando cmq appena posso posto tutto grazie ancora.

quell'eseguibile non e' niente di buono, finisci la scansione con malwarebytes e scarica combofix
per ora lascialo sul desktop, piu' tardi ti daro' le istruzioni per eseguirlo

La scansione del file con virustotal non mi dà alcun rapporto. non so come mai: faccio l'upload del file, clicco scan e poi dopo un bel pezzo la maschera scompare senza alcun rapporto. la scansione intanto ha già trovato 6 elementi dannosi, ho scaricato combofix e resto in attesa di istruzioni. il norton pur se disattivato continua a inviarmi messaggi dello stesso file infetto in quarantena, un trojan gen.2 sto cominciando a perdere le speranze e a considerare l'idea di una formattazione... a saperla fare... (grazie ancora di tutto e scusa se rispondo in ritardo ma navigo con un telefonino wind e quando si scarica la batteria devo ricaricarla prima di accedere di nuovo)

ho analizzato il secondo file eseguibile (14540915.exe) ti posto il rapporto


File already analysed

This file was already analysed by VirusTotal on 2012-06-30 14:33:30.

Detection ratio: 4/42

You can take a look at the last analysis or analyse it again now.

SHA256: b510fda2fed8aa7f31550026a99623844f9f04a4024ef3fbe03e20a470517308
SHA1: 0e4be100dbf93e79cf573a6162f3e85f5bfefaef
MD5: efc700e343c3f7897df4fc6f2d57f30f
File size: 48.0 KB ( 49152 bytes )
File name: 45F396500058BE90C06D00935BFC3D00C2775405.exe
File type: Win32 EXE
Detection ratio: 4 / 42
Analysis date: 2012-06-30 14:33:30 UTC ( 23 ore, 48 minuti ago )
0
0
More details
Antivirus Result Update
AhnLab-V3 - 20120630
AntiVir - 20120630
Antiy-AVL - 20120630
Avast - 20120630
AVG - 20120630
BitDefender - 20120630
ByteHero - 20120626
CAT-QuickHeal - 20120630
ClamAV - 20120629
Commtouch - 20120630
Comodo - 20120630
DrWeb - 20120630
Emsisoft - 20120630
eSafe - 20120628
F-Prot - 20120629
F-Secure - 20120630
Fortinet W32/Zbot.ACM!tr 20120630
GData - 20120630
Ikarus - 20120630
Jiangmin - 20120630
K7AntiVirus - 20120630
Kaspersky UDSangerousObject.Multi.Generic 20120630
McAfee - 20120630
McAfee-GW-Edition - 20120630
Microsoft TrojanDownloader:Win32/Phdet.E 20120630
NOD32 - 20120630
Norman - 20120629
nProtect - 20120630
Panda Suspicious file 20120630
PCTools - 20120630
Rising - 20120628
Sophos - 20120630
SUPERAntiSpyware - 20120630
Symantec - 20120630
TheHacker - 20120629
TotalDefense - 20120629
TrendMicro - 20120630
TrendMicro-HouseCall - 20120630
VBA32 - 20120629
VIPRE - 20120630
ViRobot - 20120630
VirusBuster - 20120630

finisci la scansione con malwarebytes e posta il report, dopo proseguiamo con combofix, come vedi anche se riconosciuto solo da quattro antivirus il file tanto buono non e'

come mi hai consigliato ho effettuato la scansione, eliminato tutti i file selezionati e riavviato il pc. attendo istruzioni.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Versione database: v2012.07.01.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Utente :: UTENTE-PC [amministratore]

01/07/2012 15:08:25
mbam-log-2012-07-01 (17-07-54).txt

Tipo di scansione: Scansione completa
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 315009
Tempo impiegato: 1 ore, 55 minuti, 36 secondi

Processi rilevati in memoria: 1
C:\Users\Utente\AppData\Local\Temp\DATE15D.tmp.exe (Trojan.FakeAlert) -> 3380 -> Nessuna azione intrapresa.

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Nessuna azione intrapresa.

Valori di registro rilevati: 2
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Dati: C:\Users\Utente\AppData\Local\{d76afc7e-deab-8ebd-e710-3f154c1fb29d}\n. -> Nessuna azione intrapresa.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|DATE15D.tmp.exe (Trojan.FakeAlert) -> Dati: C:\Users\Utente\AppData\Local\Temp\DATE15D.tmp.exe -> Nessuna azione intrapresa.

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 7
c:\programdata\symantec\srtsp\quarantine\apq1fee.tmp (Rootkit.0Access) -> Nessuna azione intrapresa.
C:\Users\Utente\AppData\Local\{d76afc7e-deab-8ebd-e710-3f154c1fb29d}\n (Trojan.Dropper.PE4) -> Nessuna azione intrapresa.
C:\Users\Utente\Downloads\SoftonicDownloader_for_fixwin.exe (PUP.OfferBundler.ST) -> Nessuna azione intrapresa.
C:\Users\Utente\Downloads\SoftonicDownloader_per_windows-live-mail.exe (PUP.OfferBundler.ST) -> Nessuna azione intrapresa.
C:\Users\Utente\Downloads\SoftonicDownloader_per_winrar.exe (PUP.BundleOffer.Downloader.S) -> Nessuna azione intrapresa.
C:\Windows\Installer\{d76afc7e-deab-8ebd-e710-3f154c1fb29d}\n (Trojan.Dropper.PE4) -> Nessuna azione intrapresa.
C:\Users\Utente\AppData\Local\Temp\DATE15D.tmp.exe (Trojan.FakeAlert) -> Nessuna azione intrapresa.

e' come pensavo sei infetta dal Rootkit.0Access

Evidenzia gli elementi trovati da malwarebyts e premi "Rimuovi elementi selezionati".

Ora fai la scansione che ti avevo consigliato prima dobbiamo ripulire pe r bene l'infezione

avvia il combofix che ti ho fatto scaricare

alla richiesta se vuoi installare la recovery console clicca su NO

esegui ComboFix.exe

segui le instruzioni

finita la scansione portati in C:\ e allega , nella tua prossima risposta, il contenuto del file di testo Combofix.txt

come usare correttamente combofix

a dire il vero ho selezionato tutti gli elementi segnalati, compresi quelli senza la spunta. ho fatto proprio piazza pulita. spero di non aver fatto casini. cmq ora faccio una nuova scansione con malware e poi aziono combofix. ti faccio sapere presto grazie.

ti ho detto di selezionarli perche' ho visto ''Nessuna azione intrapresa"

lancia combofix e' prioritario in questo caso

barbara&g ti pregherei di non prendere iniziative personali potresti avere dei problemi, sono programmi e a volte bisogna tenerli "con le unghie"

ok grazie allora lo lancio subito

ComboFix 12-07-01.03 - Utente 01/07/2012 21:05:52.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.39.1040.18.3039.2370 [GMT 2:00]
Eseguito da: c:\users\Utente\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\users\Utente\AppData\Roaming\Microsoft\Windows\Recent\[SUMOTorrent.pif
c:\windows\$NtUninstallKB64548$
c:\windows\Installer\{d76afc7e-deab-8ebd-e710-3f154c1fb29d}\@
c:\windows\Installer\{d76afc7e-deab-8ebd-e710-3f154c1fb29d}\U\00000001.@
c:\windows\Installer\{d76afc7e-deab-8ebd-e710-3f154c1fb29d}\U\80000000.@
c:\windows\IsUn0410.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2012-06-01 al 2012-07-01 )))))))))))))))))))))))))))))))))))
.
.
2012-07-01 19:12 . 2012-07-01 19:14 -------- d-----w- c:\users\Utente\AppData\Local\temp
2012-07-01 19:12 . 2012-07-01 19:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-01 15:11 . 2012-07-01 15:11 -------- d-----w- c:\programdata\Preventon
2012-07-01 12:43 . 2012-07-01 12:43 -------- d-----w- c:\users\Utente\AppData\Roaming\Malwarebytes
2012-07-01 12:42 . 2012-07-01 12:42 -------- d-----w- c:\programdata\Malwarebytes
2012-07-01 12:42 . 2012-07-01 12:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-01 12:42 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-01 07:31 . 2012-07-01 07:31 -------- d-----w- c:\program files\SmartPCFixer
2012-07-01 05:32 . 2012-07-01 05:32 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-01 05:27 . 2012-07-01 05:27 388096 ----a-r- c:\users\Utente\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-01 05:26 . 2012-07-01 05:26 -------- d-----w- c:\program files\Trend Micro
2012-07-01 04:46 . 2012-07-01 05:16 -------- d-----w- c:\programdata\clp
2012-07-01 04:45 . 2012-07-01 04:46 -------- d-----w- c:\users\Utente\AppData\Roaming\Fighters
2012-07-01 04:44 . 2012-07-01 04:44 -------- d-----w- c:\programdata\Common Toolkit Suite
2012-07-01 04:42 . 2012-07-01 18:55 -------- d-----w- c:\programdata\Fighters
2012-06-23 04:10 . 2012-06-23 04:10 -------- d-----w- c:\users\Utente\AppData\Local\Macromedia
2012-06-23 03:25 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-23 03:25 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-23 03:25 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-23 03:25 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 03:25 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-23 03:25 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-23 03:25 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 03:24 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 03:24 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-12 19:08 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-12 19:08 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-12 19:08 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-12 19:08 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-12 19:08 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-12 19:08 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-12 19:08 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-12 19:08 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-12 19:08 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-12 19:08 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-06 14:38 . 2012-06-06 14:38 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-06-04 05:14 . 2012-06-04 05:14 -------- d-----w- c:\program files\CONEXANT
2012-06-02 16:40 . 2012-06-23 03:56 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 03:56 . 2011-07-11 10:15 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-07 08:12 . 2011-07-11 14:34 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-06-30 880496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-06-18 1537320]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2009-09-08 468264]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 WTGService;WTGService;c:\program files\WINDEasyConnect\WTGService.exe [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-02 03:56]
.
2012-06-12 c:\windows\Tasks\HPCeeScheduleForUtente.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.ask.com?o=10148&tb=MYC-ST
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Scarica con Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Scarica i video con Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Scarica selezionati con Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Scarica tutto con Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
FF - ProfilePath - c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\hf1y6jfh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-37071401.sys
AddRemove-Adobe Photoshop 6.0 - c:\windows\ISUN0410.EXE
AddRemove-Adobe SVG Viewer - c:\windows\IsUn0410.exe
AddRemove-Pdf995 - c:\program files\pdf995\setup.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'Explorer.exe'(3732)
c:\program files\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFTaskbar.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Ora fine scansione: 2012-07-01 21:17:56 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-07-01 19:17
.
Pre-Run: 58.585.161.728 byte disponibili
Post-Run: 58.399.580.160 byte disponibili
.
- - End Of File - - 75E10608630D534EC37B8182E8096BD0

devo controllarti il report nel frattempo fai anche questa scansione

scarica sul desktop tdsskiller
Estrai il contenuto sul desktop.
Assicurati che TDSSKiller.exe sia sul desktop.

Start > Esegui > copia/incolla il seguente comando e dai OK.

"%userprofile%\Desktop\TDSSKiller.exe"


Clicca su Start Scan.
Se c’è un’infezione, l'azione di default sarà cure. Clicca su continua.
Se c’è il sospetto di un’infezione, l'azione di default sarà skip. Clicca su continua.
Se viene richiesto il riavvio, accetta.
Il rapporto si troverà in C:, sotto queste sembianze: TDSSKiller.[Version]_[Date]_[Time]_log.txt
Se non è stato richiesto il riavvio, chiudi e clicca su report. Salva il contenuto in un file di testo e allegalo

ho fatto come hai detto e non è stata rilevata alcuna infezione. l'unico problema è che il report in formato txt non me lo fa allegare. che faccio?