Problema virus redirect

[elioteliot123]

Caro menatwork ho fatto come mi indicavi.. combofix ha captato attività rookit e chiesto di riavviare cosa che ho fatto... ecco il report di cui non capisco nulla.. non mi abbandonare.. lo metto su due post perchè mi dice il sistema che è troppo lungo e come allegato non è possibile metterlo (per la cronaca come prima IE7 pareva ripulito ma aggiornando la pagina di nuovo il redirect malevolo):

ComboFix 10-07-04.04 - ennio 05/07/2010 19.46.15.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1652 [GMT 2:00]
Eseguito da: c:\documents and settings\ennio\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2010-06-05 al 2010-07-05 )))))))))))))))))))))))))))))))))))
.

2010-07-05 00:06 . 2010-07-05 00:06 -------- d-----w- c:\documents and settings\ennio\Impostazioni locali\Dati applicazioni\Sunbelt Software
2010-07-05 00:04 . 2010-07-05 00:04 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{CCE9E666-4D7C-4946-A98B-CFDE0A0C1706}
2010-07-05 00:04 . 2010-01-15 07:42 2828488 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{CCE9E666-4D7C-4946-A98B-CFDE0A0C1706}\Download Guard for Internet Explorer.exe
2010-07-04 13:42 . 2010-07-04 12:48 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-04 12:48 . 2010-07-04 12:44 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-04 12:48 . 2010-07-04 12:48 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-04 12:33 . 2010-07-04 12:33 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-07-04 12:33 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-07-04 12:32 . 2010-07-05 00:04 -------- d-----w- c:\programmi\Lavasoft
2010-07-04 12:32 . 2010-07-04 12:48 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2010-07-04 00:52 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2010-07-05 16:20 . 2010-05-31 07:28 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-07-05 00:02 . 2009-05-01 08:28 13992 ----a-w- c:\documents and settings\ennio\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-07-04 22:53 . 2010-03-24 23:15 -------- d-----w- c:\programmi\SUPERAntiSpyware
2010-07-04 10:28 . 2009-05-02 13:44 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-07-04 10:23 . 2009-05-02 13:44 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2010-07-03 22:55 . 2009-05-01 08:05 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-06-28 20:57 . 2010-02-16 23:48 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-02-16 23:48 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-02-16 23:48 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-02-16 23:48 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-02-16 23:48 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2010-02-16 23:48 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2010-02-16 23:48 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2010-02-16 23:48 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-28 09:40 . 2009-11-20 18:03 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-06-23 07:42 . 2010-05-12 13:38 -------- d-----w- c:\programmi\Debugging Tools for Windows (x86)
2010-06-07 19:06 . 2009-12-13 14:31 -------- d-----w- c:\documents and settings\ennio\Dati applicazioni\uTorrent
2010-05-31 07:34 . 2001-09-01 14:00 91682 ----a-w- c:\windows\system32\perfc010.dat
2010-05-31 07:34 . 2001-09-01 14:00 510676 ----a-w- c:\windows\system32\perfh010.dat
2010-05-30 20:41 . 2010-05-30 20:41 -------- d-----w- c:\programmi\Microsoft CAPICOM 2.1.0.2
2010-05-29 13:55 . 2010-05-12 18:42 -------- d-----w- c:\documents and settings\ennio\Dati applicazioni\Download Manager
2010-05-16 08:10 . 2010-05-16 08:10 -------- d-----w- c:\programmi\ANI
2010-05-16 08:10 . 2009-05-01 08:24 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-05-16 08:09 . 2010-05-16 08:09 -------- d-----w- c:\programmi\D-Link
2010-05-12 13:40 . 2010-05-12 13:40 -------- d-----w- c:\programmi\WhoCrashed
2010-05-12 13:04 . 2010-05-12 13:04 -------- d-----w- c:\programmi\NirSoft
2010-04-29 13:39 . 2009-11-20 18:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2009-11-20 18:03 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.

------- Sigcheck -------

[-] 2008-10-22 . E248A8391D7388A0A3679D1FB33E003D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-10-22 . E092AEB03D40F40854D4C3D90C9AFECC . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Google Update"="c:\documents and settings\ennio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-12-21 135664]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"IntelliType"="c:\programmi\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI. exe" [2010-06-28 2837864]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-07-19 413696]
"ANIWZCS2Service"="c:\programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2009-08-21 98304]
"D-Link D-Link Wireless G DWL-G122_DWA-110"="c:\programmi\D-Link\DWL-G122_DWA-110\AirGCFG.exe" [2009-09-18 1708032]
"DivXUpdate"="c:\programmi\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"_nltide_3"="advpack.dll" [2010-03-11 124928]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-11-17 08:08 17676288 ----a-w- c:\windows\RTHDCPL.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3984:TCP"= 3984:TCP:Services
"6468:TCP"= 6468:TCP:Services
"1718:TCP"= 1718:TCP:Services
"1936:TCP"= 1936:TCP:Services

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [04/07/2010 14.48.18 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboo t.sys [28/11/2009 16.50.34 28552]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17/02/2010 1.48.29 165456]
R2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [16/05/2010 10.10.46 151552]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [17/02/2010 1.48.30 17744]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [04/02/2010 17.52.57 1352832]
S3 DFE528TX;D-Link DFE-528TX PCI Adapter;c:\windows\system32\drivers\DLKRTL.SYS [15/05/2010 18.24.24 45568]
S3 Diag69xp;Diag69xp;c:\windows\system32\Drivers\Diag 69xp.sys --> c:\windows\system32\Drivers\Diag69xp.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\6.tmp --> c:\windows\system32\6.tmp [?]
S3 NDISKIO;NDISKIO;\??\c:\docume~1\ennio\IMPOST~1\Tem p\00000d99.nmc\nse\bin\ndiskio.sys --> c:\docume~1\ennio\IMPOST~1\Temp\00000d99.nmc\nse\b in\ndiskio.sys [?]
S3 nsak;nsak;\??\c:\docume~1\ennio\IMPOST~1\Temp\0000 0e6d.nmc\nse\bin\nsak.sys --> c:\docume~1\ennio\IMPOST~1\Temp\00000e6d.nmc\nse\b in\nsak.sys [?]
S3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\drivers\SIVX32.sys [23/05/2009 22.58.53 49656]
S3 ute4mtyx;AVZ Kernel Driver;\??\c:\windows\system32\Drivers\ute4mtyx.sy s --> c:\windows\system32\Drivers\ute4mtyx.sys [?]
.
Contenuto della cartella 'Scheduled Tasks'

2010-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-57989841-1801674531-1004Core.job
- c:\documents and settings\ennio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-12-21 18:17]

2010-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-57989841-1801674531-1004UA.job
- c:\documents and settings\ennio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-12-21 18:17]