Probabile malware

[neo_17]

Ciao ragazzi,

Ho rilevato lo strano comportamento di un processo che si avvia ciclicamente per pochi istanti facendomi uscire dalla modalità a schermo intero mentre ad esempio gioco a pes.
Non ha altre ripercussioni visibili ma sebbene non ci sia nessun programma in particolare attivo sono riuscito a vederlo comparire facendo una ripresa dello schermo e rallentando il video fatto sia come icona nella barra delle applicazioni che tra i processi con il nome "liveupd.exe" in concomitanza al servizio "UIODetect.exe".
Ho cercato che tipo di processo fosse ma nulla di risolutivo.
Pensando fosse un malware ho provato con malwarebytes sia in modalità normale che provvisoria, ma nulla. Ho provato anche con avg ma ancora nulla.

Fatemi sapere se avete qualche suggerimento!
Grazie!!!!

[neo_17]

Log hiJackThis:

[neo_17]

scusate avevo lasciato chrome aperto posto sotto

[neo_17]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 04:40:10, on 30/09/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
D:\hijackthis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search-us.linkury.com/results...of=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search-us.linkury.com/results...of=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://smartbar.linkury.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search-us.linkury.com/results...of=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search-us.linkury.com/results...of=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = proxy.polimi.it:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: PXCIEaddin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O3 - Toolbar: PDFXChange 4.0 IE Plugin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Primo\AppData\Local\Google\Update\Google Update.exe" /c
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_Chiavetta Internet] "C:\Program Files\Chiavetta Internet\UpdateDog\ouc.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Primo\AppData\Local\Facebook\Update\Face bookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461 B1589E8B4FB7.dll/cmsidewiki.html
O8 - Extra context menu item: ʹÓÃUUSee¼ÓËÙ²¥·Å - C:\Program Files\uusee\geturltoplay.htm
O8 - Extra context menu item: ʹÓÃUUSeeÏÂÔØ - C:\Program Files\uusee\geturltodown.htm
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ºÜ¿ìÊÓƵËÑË÷ - {998A88A0-A355-809B-831C-B83A80000991} - http://www.henkuai.com/?from=iebannel (file missing)
O9 - Extra 'Tools' menuitem: ºÜ¿ìÊÓƵËÑË÷ - {998A88A0-A355-809B-831C-B83A80000991} - http://www.henkuai.com/?from=iebannel (file missing)
O9 - Extra button: Æô¶¯UUSee ÍøÂçµçÊÓ - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files\uusee\UUSeePlayer.exe
O9 - Extra 'Tools' menuitem: Æô¶¯UUSee ÍøÂçµçÊÓ - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files\uusee\UUSeePlayer.exe
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Program Files\PokerStars.IT\PokerStarsUpdate.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - http://content.systemrequirementslab...l_4.1.66.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Chiavetta Internet. OUC (Chiavetta Internet. RunOuc) - Unknown owner - C:\Program Files\Chiavetta Internet\UpdateDog\ouc.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HWDeviceService.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

--
End of file - 12769 bytes

[menatwork]

ciao

per caso usi hai un programma cinese per vedere le partite ??


Apri HiJackThis
Clicca Do a scan only
Metti la spunta a fianco delle righe che ti segnalo qui sotto
Clicca su Fix Checked

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Primo\AppData\Local\Facebook\Update\Face bookUpdate.exe" /c /nocrashserver

O8 - Extra context menu item: ʹÓÃUUSee¼ÓËÙ²¥·Å - C:\Program Files\uusee\geturltoplay.htm

O8 - Extra context menu item: ʹÓÃUUSeeÏÂÔØ - C:\Program Files\uusee\geturltodown.htm

O9 - Extra button: ºÜ¿ìÊÓƵËÑË÷ - {998A88A0-A355-809B-831C-B83A80000991} - http://www.henkuai.com/?from=iebannel (file missing)

O9 - Extra 'Tools' menuitem: ºÜ¿ìÊÓƵËÑË÷ - {998A88A0-A355-809B-831C-B83A80000991} - http://www.henkuai.com/?from=iebannel (file missing)

O9 - Extra button: Æô¶¯UUSee ÍøÂçµçÊÓ - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files\uusee\UUSeePlayer.exe

O9 - Extra 'Tools' menuitem: Æô¶¯UUSee ÍøÂçµçÊÓ - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files\uusee\UUSeePlayer.exe

disattiva momentaneamente l'antivirus

scarica combofix sul desktop

alla richiesta se vuoi installare la recovery console clicca su NO

esegui ComboFix.exe

segui le instruzioni

finita la scansione portati in C:\ e copia/incolla, nella tua prossima risposta, il contenuto del file di testo Combofix.txt

come usare correttamente combofix

[neo_17]

Si mi è capitato di usare UuSee un programma giapponese di streaming!
Non mi ha chiesto se installare la console, e poi ha riavviato il pc e l'antivirus si è riattivato, dimmi se hai bisogno che lo rifaccia!

ComboFix 11-09-30.01 - Primo 30/09/2011 12:00:05.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.39.1040.18.3067.1734 [GMT 2:00]
Eseguito da: c:\users\Primo\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
c:\program files\google\common\google updater\googleupdaterservice.exe
c:\users\Primo\AppData\Roaming\cacaoweb
c:\windows\struct~.ini
c:\windows\system32\nsis_loader.dll
c:\windows\WindowsUpdate.log
.
.
((((((((((((((((((((((((( Files Creati Da 2011-08-28 al 2011-09-30 )))))))))))))))))))))))))))))))))))
.
.
2011-09-30 01:59 . 2011-09-30 01:59 388096 ----a-r- c:\users\Primo\AppData\Roaming\Microsoft\Installer \{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-30 01:58 . 2011-09-30 01:58 -------- d-----w- c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-09-30 01:29 . 2011-09-30 01:58 -------- d-----w- c:\programdata\SecTaskMan
2011-09-29 18:18 . 2011-09-29 18:18 -------- d-----w- c:\program files\ZD Soft
2011-09-29 18:11 . 2011-09-29 18:11 -------- d-----w- c:\users\Primo\AppData\Local\PackageAware
2011-09-21 22:04 . 2011-09-21 22:04 -------- d-----w- c:\program files\Common Files\Java
2011-09-21 19:13 . 2011-09-28 21:35 -------- d-----w- C:\bwinPoker JPC
2011-09-19 20:41 . 2011-09-19 20:47 -------- d-----w- c:\users\Primo\P5JavaClientSettings
2011-09-18 21:33 . 2011-09-18 21:42 -------- d-----w- c:\programdata\eMule
2011-09-18 21:31 . 2011-09-18 21:42 -------- d-----w- c:\users\Primo\AppData\Local\eMule
2011-09-15 11:25 . 2011-06-21 05:28 981504 ----a-w- c:\windows\system32\wininet.dll
2011-09-15 11:25 . 2011-07-22 04:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-15 11:25 . 2011-06-21 05:25 163328 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2011-09-14 12:30 . 2011-09-14 12:31 -------- d-----w- c:\users\Primo\AppData\Local\Facebook
2011-09-13 13:43 . 2011-09-13 13:43 -------- d-----w- c:\programdata\OnlineUpdate
2011-09-13 13:43 . 2011-09-13 13:43 -------- d-----w- c:\programdata\log
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2011-08-31 15:00 . 2010-05-12 20:06 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-18 10:18 . 2011-08-18 10:19 90112 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2011-08-18 10:18 . 2011-08-18 10:19 861696 ----a-w- c:\windows\system32\drivers\mod7700.sys
2011-08-18 10:18 . 2011-08-18 10:19 73216 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2011-08-18 10:18 . 2011-08-18 10:19 64384 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2011-08-18 10:18 . 2011-08-18 10:19 353280 ----a-w- c:\windows\system32\drivers\ewusbwwan.sys
2011-08-18 10:18 . 2011-08-18 10:19 26624 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2011-08-18 10:18 . 2011-08-18 10:19 25856 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-08-18 10:18 . 2011-08-18 10:19 193792 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-08-18 10:18 . 2011-08-18 10:19 19200 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2011-08-18 10:18 . 2011-08-18 10:19 181760 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
2011-08-18 10:18 . 2011-08-18 10:19 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2011-08-18 10:18 . 2011-08-18 10:19 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2011-08-18 10:18 . 2011-08-18 10:19 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2011-08-18 10:18 . 2011-08-18 10:19 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dl l
2011-07-19 03:05 . 2011-01-19 22:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-16 04:27 . 2011-08-11 09:50 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:15 . 2011-08-11 09:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 09:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 09:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 09:50 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 09:50 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 09:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 09:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 09:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 09:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 09:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 09:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 09:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 09:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 09:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 09:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 09:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 09:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 09:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 09:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 09:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 09:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 09:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 09:50 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:15 . 2011-08-11 09:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:17 . 2011-08-11 09:50 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17 . 2011-08-11 09:50 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17 . 2011-08-11 09:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17 . 2011-08-11 09:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-09 04:29 . 2011-08-24 16:48 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-09 02:30 . 2011-08-11 09:50 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-04 07:27 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

[neo_17]

*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-03-18 06:11 2471240 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-03-18 2471240]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-03-18 2471240]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"HW_OPENEYE_OUC_Chiavetta Internet"="c:\program files\Chiavetta Internet\UpdateDog\ouc.exe" [2011-08-18 224096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-05-13 1190920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-06-15 47408]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-28 13797920]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~2\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 Chiavetta Internet. RunOuc;Chiavetta Internet. OUC;c:\program files\Chiavetta Internet\UpdateDog\ouc.exe [2011-08-18 224096]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 136176]
R2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-03-18 947528]
R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [x]
R3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\ connctfy.sys [x]
R3 dc3d;Driver di rilevamento del dispositivo hardware Microsoft;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-01 44432]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-08-18 102784]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [2011-08-18 353280]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 136176]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [2009-07-07 28160]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-04-19 18432]
R3 NETw5s32;Driver scheda Intel(R) Wireless WiFi Link per Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
R3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [2004-10-24 13952]
R3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [2004-10-24 28800]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.e xe [2010-05-19 1343400]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGI DSEH.Sys [2011-02-22 22992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-14 691696]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-04 297168]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-08-17 7390560]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-08-19 24576]
S2 HWDeviceService.exe;HWDeviceService.exe;c:\program data\DatacardService\HWDeviceService.exe [2011-03-14 271712]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIV ERS\AVGIDSDriver.Sys [2011-05-27 134480]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIV ERS\AVGIDSFilter.Sys [2011-02-10 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\ AVGIDSShim.Sys [2011-02-10 21968]
S3 huawei_enumerator;huawei_enumerator;c:\windows\sys tem32\DRIVERS\ew_jubusenum.sys [2011-08-18 73216]
S3 netw5v32;Driver scheda Intel(R) Wireless WiFi Link per Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2008-05-05 3658752]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-04-30 64032]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-05-12 171520]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VS TAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VS TDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVER S\VSTCNXT3.SYS [2009-07-13 661504]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir .sys [2007-03-28 43008]
S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\DRIVERS\xpadfl02.sys [2006-12-24 27904]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-09-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1830672832-2747421311-3034302833-1000Core.job
- c:\users\Primo\AppData\Local\Facebook\Update\Faceb ookUpdate.exe [2011-09-14 12:30]
.
2011-09-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1830672832-2747421311-3034302833-1000UA.job
- c:\users\Primo\AppData\Local\Facebook\Update\Faceb ookUpdate.exe [2011-09-14 12:30]
.
2011-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 10:17]
.
2011-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 10:17]
.
2011-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1830672832-2747421311-3034302833-1000Core.job
- c:\users\Primo\AppData\Local\Google\Update\GoogleU pdate.exe [2011-05-03 21:13]
.
2011-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1830672832-2747421311-3034302833-1000UA.job
- c:\users\Primo\AppData\Local\Google\Update\GoogleU pdate.exe [2011-05-03 21:13]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://smartbar.linkury.com
uInternet Settings,ProxyServer = proxy.polimi.it:8080
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search-us.linkury.com/results.htm?cx=partner-pub-7890126930977991:5731629158&cof=FORID:11&q={search Terms}&sa=Search&siteurl=search.linkury.com
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461 B1589E8B4FB7.dll/cmsidewiki.html
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\program files\PokerStars.IT\PokerStarsUpdate.exe
TCP: DhcpNameServer = 192.168.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKCU-Run-DS3 Tool - c:\program files\MotioninJoy\ds3\DS3_Tool.exe
HKCU-Run-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'Explorer.exe'(2636)
c:\windows\System32\SysHook.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\programdata\DatacardService\DCSHelper.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\programdata\Chiavetta Internet\OnlineUpdate\ouc.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\program files\AVG\AVG10\avgui.exe
.
************************************************** ************************
.
Ora fine scansione: 2011-09-30 12:15:52 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-09-30 10:15
.
Pre-Run: 8.358.625.280 byte disponibili
Post-Run: 10.666.962.944 byte disponibili
.
- - End Of File - - 42A8B5774E82AD6F3C60118520377FBD

[neo_17]

Caspita non era sul desktop avevo cambiato da poco la cartella di destinazione di chrome e non lo ricordavo!
Rifaccio?

[menatwork]

se lo hai ancora installato rimuovilo

Scarica TDSSKiller.zip sul desktop:
http://support.kaspersky.com/viruses...?qid=208280684
Estrai il contenuto sul desktop.

Clicca su Start Scan.
Se c’è un’infezione, l'azione di default sarà cure. Clicca su continua.
Se c’è il sospetto di un’infezione, l'azione di default sarà skip. Clicca su continua.
Se viene richiesto il riavvio, accetta.
Il rapporto si troverà in C:, sotto queste sembianze: TDSSKiller.[Version]_[Date]_[Time]_log.txt
Se non è stato richiesto il riavvio, chiudi e clicca su report. Salva il contenuto in un file di testo e allegalo

Per ora trascina solo l'icona di combofix sul desktop e fai la scansione con tds killer

[neo_17]

12:45:06.0699 1496 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
12:45:06.0895 1496 ================================================== ==========
12:45:06.0895 1496 Current date / time: 2011/09/30 12:45:06.0895
12:45:06.0896 1496 SystemInfo:
12:45:06.0896 1496
12:45:06.0896 1496 OS Version: 6.1.7601 ServicePack: 1.0
12:45:06.0896 1496 Product type: Workstation
12:45:06.0896 1496 ComputerName: PRIMO-PC
12:45:06.0896 1496 UserName: Primo
12:45:06.0896 1496 Windows directory: C:\Windows
12:45:06.0896 1496 System windows directory: C:\Windows
12:45:06.0896 1496 Processor architecture: Intel x86
12:45:06.0896 1496 Number of processors: 2
12:45:06.0896 1496 Page size: 0x1000
12:45:06.0896 1496 Boot type: Normal boot
12:45:06.0896 1496 ================================================== ==========
12:45:07.0991 1496 Initialize success
12:45:09.0734 1932 ================================================== ==========
12:45:09.0734 1932 Scan started
12:45:09.0734 1932 Mode: Manual;
12:45:09.0734 1932 ================================================== ==========
12:45:10.0787 1932 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
12:45:10.0790 1932 1394ohci - ok
12:45:10.0857 1932 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
12:45:10.0862 1932 ACPI - ok
12:45:10.0912 1932 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
12:45:10.0913 1932 AcpiPmi - ok
12:45:10.0975 1932 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
12:45:10.0982 1932 adp94xx - ok
12:45:11.0008 1932 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
12:45:11.0013 1932 adpahci - ok
12:45:11.0035 1932 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
12:45:11.0038 1932 adpu320 - ok
12:45:11.0120 1932 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
12:45:11.0125 1932 AFD - ok
12:45:11.0168 1932 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
12:45:11.0169 1932 agp440 - ok
12:45:11.0199 1932 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
12:45:11.0202 1932 aic78xx - ok
12:45:11.0247 1932 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
12:45:11.0249 1932 aliide - ok
12:45:11.0289 1932 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
12:45:11.0292 1932 amdagp - ok
12:45:11.0310 1932 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
12:45:11.0312 1932 amdide - ok
12:45:11.0360 1932 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
12:45:11.0363 1932 AmdK8 - ok
12:45:11.0381 1932 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
12:45:11.0383 1932 AmdPPM - ok
12:45:11.0445 1932 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
12:45:11.0448 1932 amdsata - ok
12:45:11.0475 1932 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
12:45:11.0479 1932 amdsbs - ok
12:45:11.0500 1932 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
12:45:11.0502 1932 amdxata - ok
12:45:11.0557 1932 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
12:45:11.0557 1932 AppID - ok
12:45:11.0635 1932 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
12:45:11.0651 1932 arc - ok
12:45:11.0666 1932 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
12:45:11.0666 1932 arcsas - ok
12:45:11.0729 1932 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
12:45:11.0729 1932 AsyncMac - ok
12:45:11.0776 1932 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
12:45:11.0776 1932 atapi - ok
12:45:11.0869 1932 AVGIDSDriver (b9acb889ba1e0561868c025f95d63e25) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
12:45:11.0869 1932 AVGIDSDriver - ok
12:45:11.0916 1932 AVGIDSEH (13256fc72fa5b3f6d6e8c5957e579b7c) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
12:45:11.0933 1932 AVGIDSEH - ok
12:45:11.0972 1932 AVGIDSFilter (fa0685cc51de5cfd804e7deaa6488e0e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
12:45:11.0974 1932 AVGIDSFilter - ok
12:45:11.0989 1932 AVGIDSShim (f788b51100d0f40ea176798cce954a1a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
12:45:11.0989 1932 AVGIDSShim - ok
12:45:12.0060 1932 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
12:45:12.0062 1932 Avgldx86 - ok
12:45:12.0110 1932 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
12:45:12.0111 1932 Avgmfx86 - ok
12:45:12.0157 1932 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
12:45:12.0159 1932 Avgrkx86 - ok
12:45:12.0196 1932 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
12:45:12.0199 1932 Avgtdix - ok
12:45:12.0281 1932 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
12:45:12.0288 1932 b06bdrv - ok
12:45:12.0341 1932 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
12:45:12.0346 1932 b57nd60x - ok
12:45:12.0405 1932 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
12:45:12.0405 1932 Beep - ok
12:45:12.0451 1932 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
12:45:12.0452 1932 blbdrive - ok
12:45:12.0508 1932 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
12:45:12.0510 1932 bowser - ok
12:45:12.0530 1932 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:45:12.0532 1932 BrFiltLo - ok
12:45:12.0555 1932 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:45:12.0557 1932 BrFiltUp - ok
12:45:12.0593 1932 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
12:45:12.0599 1932 Brserid - ok
12:45:12.0618 1932 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
12:45:12.0621 1932 BrSerWdm - ok
12:45:12.0639 1932 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:45:12.0641 1932 BrUsbMdm - ok
12:45:12.0660 1932 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
12:45:12.0663 1932 BrUsbSer - ok
12:45:12.0714 1932 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
12:45:12.0715 1932 BthEnum - ok
12:45:12.0736 1932 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
12:45:12.0738 1932 BTHMODEM - ok
12:45:12.0772 1932 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
12:45:12.0775 1932 BthPan - ok
12:45:12.0832 1932 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
12:45:12.0839 1932 BTHPORT - ok
12:45:12.0897 1932 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
12:45:12.0899 1932 BTHUSB - ok
12:45:12.0924 1932 btwaudio - ok
12:45:12.0955 1932 btwavdt - ok
12:45:12.0955 1932 btwrchid - ok
12:45:13.0117 1932 catchme - ok
12:45:13.0273 1932 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
12:45:13.0276 1932 cdfs - ok
12:45:13.0354 1932 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
12:45:13.0356 1932 cdrom - ok
12:45:13.0444 1932 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
12:45:13.0445 1932 circlass - ok
12:45:13.0493 1932 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
12:45:13.0496 1932 CLFS - ok
12:45:13.0554 1932 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
12:45:13.0555 1932 CmBatt - ok
12:45:13.0598 1932 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
12:45:13.0601 1932 cmdide - ok
12:45:13.0630 1932 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
12:45:13.0636 1932 CNG - ok
12:45:13.0670 1932 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
12:45:13.0673 1932 Compbatt - ok
12:45:13.0735 1932 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
12:45:13.0736 1932 CompositeBus - ok
12:45:13.0786 1932 connctfy - ok
12:45:13.0833 1932 connctfyMP - ok
12:45:13.0929 1932 cpuz132 - ok
12:45:14.0014 1932 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
12:45:14.0017 1932 crcdisk - ok
12:45:14.0089 1932 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
12:45:14.0095 1932 CSC - ok
12:45:14.0142 1932 dc3d (b6672f62f75fb952d7ae7cb4e80011a9) C:\Windows\system32\DRIVERS\dc3d.sys
12:45:14.0145 1932 dc3d - ok
12:45:14.0199 1932 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
12:45:14.0200 1932 DfsC - ok
12:45:14.0238 1932 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
12:45:14.0239 1932 discache - ok
12:45:14.0264 1932 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
12:45:14.0267 1932 Disk - ok
12:45:14.0324 1932 DKbFltr (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys
12:45:14.0325 1932 DKbFltr - ok
12:45:14.0385 1932 DritekPortIO - ok
12:45:14.0452 1932 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
12:45:14.0454 1932 drmkaud - ok
12:45:14.0512 1932 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
12:45:14.0517 1932 DXGKrnl - ok
12:45:14.0645 1932 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
12:45:14.0725 1932 ebdrv - ok
12:45:14.0827 1932 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
12:45:14.0834 1932 elxstor - ok
12:45:14.0872 1932 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
12:45:14.0873 1932 ErrDev - ok
12:45:14.0969 1932 ewusbmbb (026f6d48cc5293c7b8a696376618b9d2) C:\Windows\system32\DRIVERS\ewusbwwan.sys
12:45:14.0974 1932 ewusbmbb - ok
12:45:15.0038 1932 ew_hwusbdev (57c171ea22f0a7f068fcb0caedd1e8e7) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
12:45:15.0040 1932 ew_hwusbdev - ok
12:45:15.0083 1932 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
12:45:15.0087 1932 exfat - ok
12:45:15.0106 1932 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
12:45:15.0106 1932 fastfat - ok
12:45:15.0137 1932 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
12:45:15.0137 1932 fdc - ok
12:45:15.0184 1932 FileInfo (6cf00369c97f3cf563be99be983d13d8)