Virus win32:Malware-gen e google redirect

[robyfff]

Questa volta è andato tutto a buon fine. Riporto di seguito il contenuto del log (diviso in due messaggi):

ComboFix 11-09-01.03 - Nuova Vago 02/09/2011 10.57.23.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.39.1040.18.6143.4922 [GMT 2:00]
Eseguito da: c:\users\Nuova Vago\Desktop\abc.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
C:\install.exe
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Creati Da 2011-08-02 al 2011-09-02 )))))))))))))))))))))))))))))))))))
.
.
2011-09-02 09:00 . 2011-09-02 09:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-02 06:12 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C04C507B-AA31-4046-8D81-5ED462B79C06}\mpengine.dll
2011-09-01 13:32 . 2011-09-01 14:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-09-01 13:08 . 2011-09-01 13:31 -------- d-----w- C:\sh4ldr
2011-09-01 13:08 . 2011-09-01 13:08 -------- d-----w- c:\program files\Enigma Software Group
2011-09-01 13:08 . 2011-09-01 13:31 -------- d-----w- c:\windows\8AE3EC14EAF84064958AC340C66EDD44.TMP
2011-09-01 13:08 . 2011-09-01 13:08 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-09-01 13:01 . 2011-09-01 13:03 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-09-01 12:38 . 2011-09-01 13:01 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-09-01 12:34 . 2011-09-01 12:34 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-09-01 12:33 . 2011-09-01 13:01 -------- d-----w- c:\programdata\Hitman Pro
2011-09-01 09:16 . 2011-09-01 09:16 -------- d-----w- c:\program files (x86)\BurnAware Free
2011-08-31 16:01 . 2011-08-31 16:01 -------- d-----w- c:\program files\CCleaner
2011-08-31 12:51 . 2011-08-31 12:51 -------- d-----w- c:\users\Nuova Vago\AppData\Roaming\Malwarebytes
2011-08-31 12:51 . 2011-08-31 12:51 -------- d-----w- c:\programdata\Malwarebytes
2011-08-31 12:51 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-31 12:50 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-31 12:50 . 2011-08-31 12:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-08-31 12:39 . 2011-08-31 12:39 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-08-31 07:48 . 2011-08-31 07:48 -------- d-----w- c:\program files\Recuva
2011-08-25 10:19 . 2011-08-25 10:19 -------- d-----w- c:\program files (x86)\7-Zip
2011-08-25 08:14 . 2011-08-31 13:29 -------- d-----w- C:\NewSFree
2011-08-25 08:06 . 2011-08-25 08:06 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2011-08-25 08:05 . 2011-08-25 08:05 -------- d-----w- c:\users\Nuova Vago\AppData\Local\Microsoft Help
2011-08-25 08:05 . 2011-08-25 08:06 -------- d-----w- c:\programdata\Microsoft Help
2011-08-25 08:01 . 2011-06-21 06:27 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-25 07:47 . 2011-07-04 11:43 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-25 07:47 . 2011-07-04 11:36 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2011-07-30 08:44 . 2011-07-30 08:44 147456 ----a-r- c:\users\Nuova Vago\AppData\Roaming\Microsoft\Installer\{959FC708-635B-40DF-8A63-234A589B6C1E}\NewShortcut2_22A4F417E6C545538945423 345574E5B.exe
2011-07-30 08:44 . 2011-07-30 08:44 147456 ----a-r- c:\users\Nuova Vago\AppData\Roaming\Microsoft\Installer\{959FC708-635B-40DF-8A63-234A589B6C1E}\NewShortcut1_22A4F417E6C545538945423 345574E5B_1.exe
2011-07-30 08:44 . 2011-07-30 08:44 147456 ----a-r- c:\users\Nuova Vago\AppData\Roaming\Microsoft\Installer\{959FC708-635B-40DF-8A63-234A589B6C1E}\ARPPRODUCTICON.exe
2011-07-16 04:32 . 2011-08-25 08:01 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-04 11:43 . 2010-08-28 10:46 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2010-08-28 10:46 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-07-04 11:36 . 2010-08-28 10:46 288088 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2010-08-28 10:46 45400 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2010-08-28 10:46 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-08-28 10:46 64856 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2010-08-28 10:46 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-11 02:56 . 2011-07-13 06:13 3134464 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-08 98304]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
.
c:\users\Nuova Vago\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E [2010-01-09 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.e xe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [x]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3216975852-1230623304-3063015468-1001Core.job
- c:\users\Nuova Vago\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-28 10:40]
.
2011-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3216975852-1230623304-3063015468-1001UA.job
- c:\users\Nuova Vago\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-28 10:40]
.
2011-08-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\00 avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-14 610360]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
"combofix"="c:\abc\CF3304.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0