log combo fix

[Hakuin]

Salve a tutti,
sono nuovo di questo forum e volevo porvi una questione.
qualche giorno fa mi hanno crackato la mail di yahoo. Ho installato e fatto andare Malwarebyte su consiglio di mio fratello e il log non riportava nulla di grave. L'altra mattina malware mi ha avvisato che c'era una spyware password nel software della poker room dove gioco. L'ho eliminata e ho fatto partire di nuovo MB che ne ha rilevata un'altra nella vecchia poker room. Eliminata anche questa ho fatto un giro su internet e ho seguito un consiglio di installare e far partire combofix. Non ho letto che bisognava essere esperti per usarlo, ma x fortuna dopo il ravvio pare che il pc funzioni come prima. Ho fatto anche ripartire MB che non ha trovato elementi. Forse è tutto ok, ma data la mia ignoranza vi sarei grato se qualcuno potesse dare uno sguardo al log di combo e dirmi se e cosa devo eventualmente fare.
Vi ringrazio anticipatamente,
Hakuin
ComboFix 12-09-24.03 - Kiki 25/09/2012 9:20.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.39.1040.18.3005.2011 [GMT 2:00]
Eseguito da: c:\users\Kiki\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
c:\program files\OfferBox
c:\program files\OfferBox\help.url
c:\program files\OfferBox\home.url
c:\program files\OfferBox\OfferBox.exe
c:\program files\OfferBox\OfferBoxEngine.dll
c:\program files\OfferBox\res\about_bk.bmp
c:\program files\OfferBox\res\Language.xml
c:\program files\OfferBox\res\loader.gif
c:\program files\OfferBox\res\tray-paused.ico
c:\program files\OfferBox\res\tray.ico
c:\program files\OfferBox\search.url
c:\programdata\boost_interprocess\20120923132525.3 74313
c:\programdata\FullRemove.exe
c:\users\Kiki\AppData\Local\Microsoft\Windows\Temp orary Internet Files\cookies.sqlite
c:\users\Kiki\AppData\Local\piqyj.dat
c:\users\Kiki\AppData\Local\piqyj_nav.dat
c:\users\Kiki\AppData\Local\piqyj_navps.dat
c:\users\Kiki\AppData\Roaming\.#
c:\users\Kiki\AppData\Roaming\OfferBox
c:\users\Kiki\AppData\Roaming\OfferBox\config.dat
c:\users\Kiki\AppData\Roaming\OfferBox\config.xml
c:\users\Kiki\AppData\Roaming\OfferBox\offerboxffx @offerbox.com\chrome.manifest
c:\users\Kiki\AppData\Roaming\OfferBox\offerboxffx @offerbox.com\chrome\OfferBoxffx.jar
c:\users\Kiki\AppData\Roaming\OfferBox\offerboxffx @offerbox.com\components\DataXPCOM.dll
c:\users\Kiki\AppData\Roaming\OfferBox\offerboxffx @offerbox.com\components\DataXPCOM_TypeLib.xpt
c:\users\Kiki\AppData\Roaming\OfferBox\offerboxffx @offerbox.com\defaults\preferences\offerboxffxPref s.js
c:\users\Kiki\AppData\Roaming\OfferBox\offerboxffx @offerbox.com\install.rdf
.
.
((((((((((((((((((((((((( Files Creati Da 2012-08-25 al 2012-09-25 )))))))))))))))))))))))))))))))))))
.
.
2012-09-25 07:38 . 2012-09-25 07:40 -------- d-----w- c:\users\Kiki\AppData\Local\temp
2012-09-25 07:38 . 2012-09-25 07:38 -------- d-----w- c:\users\postgres\AppData\Local\temp
2012-09-25 07:38 . 2012-09-25 07:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-24 16:55 . 2012-09-24 16:55 -------- d-----w- c:\program files\Izi Poker
2012-09-17 12:59 . 2012-09-17 12:59 -------- d-----w- c:\users\Kiki\AppData\Roaming\Malwarebytes
2012-09-17 12:58 . 2012-09-17 12:58 -------- d-----w- c:\programdata\Malwarebytes
2012-09-17 12:58 . 2012-09-17 12:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-17 12:58 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-12 12:12 . 2012-08-02 17:05 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-06 22:38 . 2012-09-06 22:38 -------- d-----w- c:\users\Kiki\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2012-09-21 10:27 . 2012-04-13 17:40 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-21 10:27 . 2011-05-21 16:38 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 18:24 . 2012-06-14 10:27 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-28 18:24 . 2010-09-27 05:15 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-24 13:43 . 2012-08-24 13:43 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-07-26 01:21 . 2012-07-26 01:21 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-07-18 17:10 . 2012-08-14 19:35 2344448 ----a-w- c:\windows\system32\win32k.sys
2012-07-09 13:26 . 2012-07-09 13:26 90112 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2012-07-09 13:26 . 2012-07-09 13:26 861696 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-07-09 13:26 . 2012-07-09 13:26 73216 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2012-07-09 13:26 . 2012-07-09 13:26 64384 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2012-07-09 13:26 . 2012-07-09 13:26 353280 ----a-w- c:\windows\system32\drivers\ewusbwwan.sys
2012-07-09 13:26 . 2012-07-09 13:26 26624 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2012-07-09 13:26 . 2012-07-09 13:26 25856 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-07-09 13:26 . 2012-07-09 13:26 193792 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-07-09 13:26 . 2012-07-09 13:26 19200 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2012-07-09 13:26 . 2012-07-09 13:26 181760 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
2012-07-09 13:26 . 2012-07-09 13:26 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-07-09 13:26 . 2012-07-09 13:26 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2012-07-09 13:26 . 2011-10-27 16:14 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dl l
2012-07-09 13:26 . 2009-09-23 15:17 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-07-06 19:31 . 2012-08-18 10:02 393216 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-07-04 21:23 . 2012-08-14 19:35 41472 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:23 . 2012-08-14 19:35 102912 ----a-w- c:\windows\system32\browser.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-01-26 2633976]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-14 8120864]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-26 1713448]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-22 175640]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2010-04-22 169496]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMen u.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu. exe" [2009-05-19 222504]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.ex e" [2009-02-17 218408]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2011-10-28 557056]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-04-20 222504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Kiki\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-11-2 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [x]
R2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\program data\DatacardService\HWDeviceService.exe [x]
R2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files\Mobile Partner\UpdateDog\ouc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPl ayerUpdateService.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\D RIVERS\KMWDFILTER.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.e xe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgi dshx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [x]
S2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files/PostgreSQL/8.4/data -w [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIV ERS\avgidsdriverx.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIV ERS\avgidsfilterx.sys [x]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\ avgidsshimx.sys [x]
S3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\DRIVERS\CryptOSD.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\sys tem32\DRIVERS\ew_jubusenum.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

[Hakuin]

Contenuto della cartella 'Scheduled Tasks'
.
2012-09-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe [2012-04-13 10:27]
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 14:19]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-18 14:19]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2900431811-4106917416-381626465-1000Core.job
- c:\users\Kiki\AppData\Local\Google\Update\GoogleUp date.exe [2011-01-30 23:41]
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2900431811-4106917416-381626465-1000UA.job
- c:\users\Kiki\AppData\Local\Google\Update\GoogleUp date.exe [2011-01-30 23:41]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{4B21E152-BA59-4ebf-B522-8C55B265EE1A}
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0A0F4C56-BF22-443F-B0D6-2505D4BECF1D}: NameServer = 212.52.97.25 193.70.152.25
TCP: Interfaces\{18084B73-866F-47AA-910F-C726CA0DCC7A}: NameServer = 212.52.97.25 193.70.152.25
TCP: Interfaces\{2CBE801B-014E-4AE9-A6EB-08595F87018A}: NameServer = 212.52.97.25 193.70.152.25
TCP: Interfaces\{34B0BE65-C78E-4CEA-8CC9-3BA62D391DD2}: NameServer = 212.52.97.25 193.70.152.25
TCP: Interfaces\{DD7F3F76-EA7D-41E9-87D9-D179DB76AA07}: NameServer = 193.70.152.25 212.52.97.25
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-10 - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-{B7050CBDB2504B34BC2A9CA0A692CC29} - c:\program files\DivX\DivXWebPlayerUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\p ostgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\p ostgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2012-09-25 09:43:09
ComboFix-quarantined-files.txt 2012-09-25 07:43
.
Pre-Run: 111.024.328.704 byte disponibili
Post-Run: 111.546.814.464 byte disponibili
.
- - End Of File - - 1628EB8C90F820F81C2E05B5DB96DE50


Scusate ma nn mi bastavano i caratteri e non sono riusicto ad allegare....

[menatwork]

ciao

hai per caso la Vodafone Mobile? combofix ha rilevato ed eliminato un bel po' di toolbar e affini, fai questa scansione per ripulire a fondo il pc

Scarica OTL e salvalo sul desktop

Metti la spunta su SCAN ALL USERS.

Sotto output, metti la spunta su minimal output

Clicca sulla freccettina di File Age e seleziona 60 Days

Metti la spunta a LOP Check e Purity Check.

Clicca su RUN SCAN

Lascia fare la scansione senza interferire.

Al termine della scansione trovi 2 log sul desktop. OTL.txt ed Extras.txt, salvali e allegal



i

[Hakuin]

Ciao e grazie innanzitutto,
no non uso vodafone, fuori città uso una pennetta wind.
Può dipendere dai siti streaming?
Questi sono i log.

http://wikisend.com/download/192338/OTL.Txt

http://wikisend.com/download/282458/Extras.Txt

Una domanda, è un problema se sul pc tengo contemporaneamente avast, combo, mbam e superantispyware (che ho fatto girare ieri)?

Grazie ancora,
Hakuin

[menatwork]

superantispyware puoi toglierlo malwarebytes e' sufficiente, combofix lo rimuoviamo dopo

controllo il log e dopo ti lascio la procedura per le eliminazioni

[Hakuin]

ok Menat, aspetto la tua diagnosi.
Nel frattempo io sto tenendo il OTL acceso e fermo da fine scansione onde evitare di fare pasticci. intanto ho disinstallato SAS come mi hai detto.

[menatwork]

oltre le pulizie che ora farai ti posso dire che hai un'infezione del rootkit zero access, probabilmente una delle ultime varianti

ora apri otl e incolla questo script in verde

:OTL

PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpywa re\SDDLLS\SD10006.dll ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpywa re\SDDLLS\SD10007.dll ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpywa re\SDDLLS\UIREPAIR.DLL ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpywa re\SDDLLS\SD10005.dll ()
DRV - (ewusbnet) -- system32\DRIVERS\ewusbnet.sys File not found
DRV - (catchme) -- C:\Users\Kiki\AppData\Local\Temp\catchme.sys File not found
DRV - (awrdrrde) -- File not found
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src...id=406&sr=0&q={searchTerms}
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-2900431811-4106917416-381626465-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110819&tt=050412_30b&babsrc=SP _ss&mntrId=dc853a8e0000000000000aeee697d57b
IE - HKU\S-1-5-21-2900431811-4106917416-381626465-1000\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=dc853a8e0000000000000aeee697d 57b&tlver=1.4.19.19&affID=17160
IE - HKU\S-1-5-21-2900431811-4106917416-381626465-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2365312
IE - HKU\S-1-5-21-2900431811-4106917416-381626465-1000\..\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}: "URL" = http://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensi ons\\offerboxffx@offerbox.com: C:\Users\Kiki\AppData\Roaming\OfferBox\offerboxffx @offerbox.com
O2 - BHO: (no name) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - No CLSID value found.
O4 - HKU\S-1-5-21-2900431811-4106917416-381626465-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O9 - Extra Button: PartyPoker.it - {4B21E152-BA59-4ebf-B522-8C55B265EE1A} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.it - {4B21E152-BA59-4ebf-B522-8C55B265EE1A} - Reg Error: Value error. File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
[2012/09/25 23:36:08 | 000,000,000 | ---D | C] -- C:\Users\Kiki\AppData\Roaming\SUPERAntiSpyware.com
[2012/09/25 23:35:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/09/25 23:35:51 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/09/25 23:35:51 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/09/25 09:15:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/25 09:14:52 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/09/25 09:16:30 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/09/25 09:16:30 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/09/25 09:16:30 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/09/25 09:16:30 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/09/25 09:16:30 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/10/21 14:47:54 | 000,004,951 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2010/01/21 18:01:01 | 000,000,087 | ---- | C] () -- C:\Users\Kiki\AppData\Local\koagcns.bat
[2010/01/10 17:49:15 | 000,000,089 | ---- | C] () -- C:\Users\Kiki\AppData\Local\edvumfvu.bat

:Files
ipconfig /flushdns /c

:commands
[purity]
[Reboot]

clicca su RUN FIX e allega il log che rilascia

appena finito ti diro' come proseguire per eliminare il resto

[Hakuin]

Ecco il log che mi hai chiesto:

http://wikisend.com/download/822566/09262012_204237.log

Ho mantenuto le impostazioni che mi avevi fatto mettere precedentemente.

Ma...spiegato in 2 parole (se puoi): cosa possono avermi fatto con questo Rootkit ZeroAccess? E da quanto tempo ce l'ho nel pc?

[menatwork]

come hai preso l'infezione davvero non lo so ma nel log vedo diverse date una risale allo scorso giugno, vediamo di rimuovere le chiavi che sono infettate

segui attentamente la procedura, e' facile

procurati una pennetta e formattala

scarica nella pennetta questo file:

questo file (per S.O a 64 bit)

questo file (per S.O a 32 bit)

Inserisci la Pendrive nel Pc infetto.
Avvia il pc in Modalità provvisoria. (tasto F8)
Clicca su Ripristina il computer tra le opzioni disponibili (in alto)
Seleziona la lingua
Seleziona il tuo account
Saranno ora disponibili le seguenti opzioni

================================================== =========
Ripristino all'avvio / Startup Repair
Ripristino configurazione di sistema / System Restore
Ripristino immagine di sistema / Windows Complete Pc Restore
Strumento di diagnostica memoria Windows / Windows Memory Diagnostic Tool
Prompt Dei Comandi / Command Prompt
================================================== =========

Seleziona Prompt Dei Comandi

Nel Prompt dei Comandi scrivi notepad e premi Invio.

Si aprirà un file di testo

Nel menu in alto clicca file e seleziona Apri.

Cerca la lettera a cui è riferita la pennetta usb.

Questa operazione serve per verificare con certezza quale lettera è assegnata alla pennetta.

Una volta identificata la lettera della pennetta:

Nel Prompt dei comandi digita E:\frst.exe dove E è la lettera che è stata assegnata alla tua Pendrive, per cui nel comando sostituisci E con la lettera a cui si riferisce la pennetta usb.

Clicca Invio

Il tool si avvierà.

Clicca Yes per accettare le condizioni di contratto.
Premi su SCAN.
A scansione finita, verrà prodotto un log sulla pendrive stessa, chiamato FRST.TXT
Postalo qui, allegalo come gli altri

edit

Rootkit ZeroAccess

[Hakuin]

Scusa Menatwork, ma entrando in modalità provvisoria non trovo in alto nessuna voce Ripristina il Computer. Mi parte la pagina di spiegazione della modalità provvissoria e se la chiudo c'è il desktop. Devo entrare nel pannello di controllo? Con F8 mi da anche la possibilità di selezionare Modalità Provvisoria con il Prompt dei Comandi: devo scegliere questa opzione forse? Ma provando anche lì non trovo Ripristina Computer?
Cosa faccio?