searchqu report di combofix

[michefra]

qui il link a wikisend per il report di combofix:
logotext.txt

eventualmente lo posto anche sotto per intero
vi prego aiutatemi perchè non ne posso più di questo searchqu!!!(che sia maledetto)
grazie

ComboFix 11-09-28.01 - Patrizia 28/09/2011 20.34.00.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.39.1040.18.3062.1421 [GMT 2:00]
Eseguito da: c:\users\Desktop\ComboFix.exe
.
.
((((( Altre eliminazioni
.
.
c:\users\AppData\Roaming\Buesdo
c:\users\AppData\Roaming\Buesdo\saly.yfa
c:\users\AppData\Roaming\OfferBox
c:\users\AppData\Roaming\OfferBox\config.dat
c:\users\AppData\Roaming\OfferBox\config.xml
c:\users\Documents\foo3676704198799423680.tmp
c:\windows\system32\AutoRun.inf
c:\windows\system32\comct332.ocx
.
.
((((((((( Files Creati Da 2011-08-28 al 2011-09-28
.
.
2011-09-28 18:41 . 2011-09-28 18:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
.
.
.
((( Find3M Report )
.
2011-09-06 20:45 . 2011-03-29 19:32 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2011-03-29 19:32 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-03-29 19:32 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2011-03-29 19:32 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2011-03-29 19:32 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2011-03-29 19:32 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2011-03-29 19:32 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-06 20:36 . 2011-03-29 19:32 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-02 06:13 . 2011-06-23 18:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-02 09:44 . 2011-07-02 09:44 114 ----a-w- c:\users\Patrizia\AppData\Local\GLF275.tmp
.
.
((((( Punti Reg Caricati )))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\00 avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-03-27 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"recinfo479"="c:\recinfo\RecInfo.exe" [2007-06-06 2768896]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.ex e" [2010-02-22 406992]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2008-02-11 133656]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\users\Patrizia\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Monitor Apache Servers.lnk - c:\program files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2010-10-18 41051]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorUser"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\WI371A~1\Datamngr\datam ngr.dll c:\progra~1\WI371A~1\Datamngr\IEBHO.dll c:\progra~1\Bandoo\BndHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon .exe [2008-01-14 81920]
R3 acfva;acfva;c:\windows\system32\DRIVERS\ACFVA32.sy s [2007-04-26 86784]
R3 dgcfltr;DGC Filter Driver;c:\windows\system32\DRIVERS\ACFDCP32.sys [2007-05-09 28928]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2006-11-02 22016]
S2 Apache2.2;Apache2.2;c:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2010-10-17 20549]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [2011-09-06 54616]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
Akamai REG_MULTI_SZ Akamai
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-26 00:25]
.
2011-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-26 00:25]
.
2011-09-28 c:\windows\Tasks\User_Feed_Synchronization-{1BC0CC98-8EDA-42F7-860B-701EEF0EA750}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE: Free YouTube to MP3 Converter - c:\users\Patrizia\AppData\Roaming\DVDVideoSoftIEHe lpers\freeyoutubetomp3converter.htm
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\program files\PokerStars.IT\PokerStarsUpdate.exe
TCP: DhcpNameServer = 212.216.112.112 212.216.172.62
TCP: Interfaces\{AB4DE54D-7F8C-4DE2-8B91-68BD6ACFE72D}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Patrizia\AppData\Roaming\Mozilla\Firefox\ Profiles\9t1zbhzd.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&q=
FF - prefs.js: network.proxy.type - 1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-{99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
Toolbar-10 - (no file)
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
HKLM-Run-LaunchAp - c:\program files\Launch Manager\LaunchAp.exe
HKLM-Run-Wbutton - c:\program files\Launch Manager\WButton.exe
HKLM-Run-toolbar_eula_launcher - c:\tb_eula\EULALauncher.NET.exe
AddRemove-Notepad++ - f:\notepad++\uninstall.exe
.
.
.
******
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-28 20:42
Windows 6.0.6000 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CtrlVol = c:\program files\Launch Manager\CtrlVol.exe?????H?>???????>??2>????w?????? ??????0???<???????|??????w???w????3 ?w!??w??????>???>???????F?L???~zpv??>???????>????? +?A???>?????J?A??5?h??????????F?$l@?`???????????? A????h????J?A?[?@???>??v@???>??5?h??@???>????
LaunchAp = c:\program files\Launch Manager\LaunchAp.exe????H?>???????>??2>????w?????? ??????0???<???????|??????w???w????3 ?w!??w??????>???>???????F?L???~zpv??>???????>????? +?A???>?????J?A??5?h??????????F?$l@?`???????????? A????h????J?A?[?@???>??v@???>??5?h??@???>????
Wbutton = c:\program files\Launch Manager\WButton.exe?????H?>???????>??2>????w?????? ??????0???<???????|??????w???w????3 ?w!??w??????>???>???????F?L???~zpv??>???????>????? +?A???>?????J?A??5?h??????????F?$l@?`???????????? A????h????J?A?[?@???>??v@???>??5?h??@???>????
.
Scansione files nascosti ...
.
.
C:\## aswSnx private storage
.
Scansione completata con successo
Files nascosti: 1
.
**********
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\M ySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000059
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2011-09-28 20:44:54
ComboFix-quarantined-files.txt 2011-09-28 18:44
.
Pre-Run: 23.490.383.872 byte disponibili
Post-Run: 25.074.106.368 byte disponibili
.
- - End Of File - - AD03BF07B970FCF6AF13DD453E2356D4

[menatwork]

ciao

prova ad andare su strumenti -> opzioni internet -> scheda generale e vedi cosa e' scritto accanto a indirizzo, cambialo con la tua home page

posta anche un log di hijackthis

[menatwork]

appena terminati i controlli che ti ho chiesto dovremo fare altre eliminazioni dal log combofix

a dopo

[michefra]

scusa l'ignoranza come faccio a postarti il log di HijackThis?

[michefra]

[?] - Eseguito da: c:\users\Patrizia\Desktop\ComboFix.exe
[?] - c:\users\Patrizia\AppData\Roaming\OfferBox\config. dat
[?] - 2011-09-06 20:45 . 2011-03-29 19:32 41184 ----a-w- c:\windows\avastSS.scr
[?] - 2011-09-06 20:45 . 2011-03-29 19:32 199304 ----a-w- c:\windows\system32\aswBoot.exe
[?] - 2011-09-06 20:38 . 2011-03-29 19:32 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
[?] - 2011-09-06 20:37 . 2011-03-29 19:32 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
[?] - 2011-09-06 20:36 . 2011-03-29 19:32 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
[?] - 2011-09-06 20:36 . 2011-03-29 19:32 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
[?] - 2011-09-06 20:36 . 2011-03-29 19:32 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
[?] - 2011-09-06 20:36 . 2011-03-29 19:32 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
[?] - 2011-07-02 09:44 . 2011-07-02 09:44 114 ----a-w- c:\users\Patrizia\AppData\Local\GLF275.tmp
[X] - [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\00 avast]
[?] - 2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
[?] - "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
[?] - "recinfo479"="c:\recinfo\RecInfo.exe" [2007-06-06 2768896]
[?] - "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe" [2010-03-06 500208]
[?] - "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
[?] - "AppInit_DLLs"=c:\progra~1\WI371A~1\Datamngr\datam ngr.dll c:\progra~1\WI371A~1\Datamngr\IEBHO.dll c:\progra~1\Bandoo\BndHook.dll
[?] - R3 acfva;acfva;c:\windows\system32\DRIVERS\ACFVA32.sy s [2007-04-26 86784]
[?] - R3 dgcfltr;DGC Filter Driver;c:\windows\system32\DRIVERS\ACFDCP32.sys [2007-05-09 28928]
[?] - S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
[?] - S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [2011-09-06 54616]
[?] - HKLM-Run-toolbar_eula_launcher - c:\tb_eula\EULALauncher.NET.exe

[menatwork]

michefra non devi postare combofix ma hijackthis

scaricalo da qui lancia il programma cliccando l’eseguibile e avvia la scansione, scegliendo la voce "Do a system scan and save a logfile"

Ricordati di mettere HIJACKTHIS in una cartella a lui dedicata (in Programmi o Documenti), l'importante è che non si trovi sul desktop o in cartelle temporanee è importante se vuoi salvare i backup

Posta il log che ti rilascia

[michefra]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21.59.00, on 29/09/2011
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [recinfo479] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.ex e" -launchedbylogin
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O9 - Extra button: Libro dei ritagli HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Selezione intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Program Files\PokerStars.IT\PokerStarsUpdate.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01...PUpldit-it.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB4DE54D-7F8C-4DE2-8B91-68BD6ACFE72D}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\wi371a~1\datamngr\datamngr.dll c:\progra~1\wi371a~1\datamngr\iebho.dll c:\progra~1\bandoo\bndhook.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autorun CDROM Monitor - Unknown owner - C:\Windows\system32\SupportAppXL\cdrom_mon.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bandoo Coordinator - Bandoo Media Inc. - C:\PROGRA~1\Bandoo\Bandoo.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Apache Tomcat 6 (Tomcat6) - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\ACFXAU32.exe

--
End of file - 8481 bytes

[menatwork]

Ora apri una pagina del blocco note e copia incolla quanto segue

File::
c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys
c:\progra~1\Bandoo\BndHook.dll
c:\progra~1\WI371A~1\Datamngr\datamngr.dll
c:\progra~1\WI371A~1\Datamngr\IEBHO.dll


Folder::
c:\program files\Enigma Software Group\SpyHunter
c:\progra~1\Bandoo

Driver::
esgiguard

Firefox::
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406
FF - prefs.js: browser.search.selectedEngine - Search Results

salva la pagina nominandola obligatoriamente in CFScript.txt
a questo punto trascina e lascia il file CFScript.txt sull'icona di combofix
non toccare niente mentre lavora nemmeno mouse e tastiera
lascialo lavorare fino alla fine e riposta il suo log

appena combofix finisce la scansione recupera il log e postalo subito

Poi.....


Apri HiJackThis
Clicca Do a scan only
Metti la spunta a fianco delle righe che ti segnalo qui sotto
Clicca su Fix Checked



O20 - AppInit_DLLs: c:\progra~1\wi371a~1\datamngr\datamngr.dll c:\progra~1\wi371a~1\datamngr\iebho.dll c:\progra~1\bandoo\bndhook.dll

O23 - Service: Bandoo Coordinator - Bandoo Media Inc. - C:\PROGRA~1\Bandoo\Bandoo.exe

se la voce 023 non va via dopo eliminiamo il servizio in un altro modo

[michefra]

ComboFix.txt

[menatwork]

il problema Searchqu persiste o e' risolto? semmai facciamo un altro controllo

posta un log aggiornato di hijackthis