Finalmente è partito combofix, copio e incollo il log:
ComboFix 10-05-27.03 - Luca 28/05/2010 14.36.07.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.3066.2018 [GMT 2:00]
Eseguito da: c:\users\Luca\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\HotbarSA
c:\programdata\HotbarSA\HotbarSA.dat
c:\programdata\HotbarSA\HotbarSA_kyf.dat
c:\programdata\HotbarSA\HotbarSAAbout.mht
c:\programdata\HotbarSA\HotbarSAau.dat
c:\programdata\HotbarSA\HotbarSAEULA.mht
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\About Hotbar.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Customer Support Center.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Games!.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Uninstall Instructions.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Videos!.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Reset Cursor.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Weather.lnk
c:\users\Luca\AppData\Local\owkdanxlx
c:\users\Luca\AppData\Local\owkdanxlx\ieskswctssd.exe
c:\users\Luca\AppData\Roaming\.#
c:\users\Luca\AppData\Roaming\Hotbar
c:\users\Luca\AppData\Roaming\WeatherDPA
c:\windows\system32\key
c:\windows\system32\key\Rarreg.key
.
((((((((((((((((((((((((( Files Creati Da 2010-04-28 al 2010-05-28 )))))))))))))))))))))))))))))))))))
.
2010-05-28 12:42 . 2010-05-28 12:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-27 22:28 . 2010-05-27 22:28 -------- d-----w- c:\windows\Sun
2010-05-27 22:27 . 2010-05-27 22:27 105388 ----a-w- c:\windows\system32\9d8180cb.exe
2010-05-27 22:27 . 2010-05-27 22:27 50992 ----a-w- c:\windows\system32\ywnmlbojlkynqyqs.exe
2010-05-26 22:17 . 2010-05-26 22:17 49152 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-05-26 22:17 . 2010-05-26 22:17 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-05-26 22:17 . 2010-05-26 22:17 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-05-26 22:17 . 2010-05-26 22:17 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-05-26 22:17 . 2010-05-26 22:17 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-05-26 22:17 . 2010-05-26 22:17 308808 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-05-26 22:17 . 2010-05-26 22:17 14848 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-05-26 22:17 . 2010-05-26 22:17 40960 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-05-26 22:17 . 2010-05-26 22:17 341600 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-05-26 22:16 . 2010-05-26 22:16 -------- d-----w- c:\program files\Common Files\xing shared
2010-05-26 12:40 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-21 17:21 . 2010-05-21 17:21 1522688 ----a-w- c:\windows\system32\632213ba.dll
2010-05-21 09:58 . 2010-05-21 09:58 -------- d-----w- c:\temp\04H43FEP
2010-05-17 14:50 . 2010-05-17 14:50 -------- d-----w- c:\program files\Adobe Media Player
2010-05-17 14:47 . 2010-05-17 14:47 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-05-12 20:00 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-09 10:12 . 2010-05-09 10:12 -------- d-----w- c:\program files\Microsoft Silverlight
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-28 11:48 . 2009-02-25 08:42 662846 ----a-w- c:\windows\system32\perfh010.dat
2010-05-28 11:48 . 2009-02-25 08:42 120326 ----a-w- c:\windows\system32\perfc010.dat
2010-05-27 09:39 . 2010-01-23 09:13 7160 ----a-w- c:\users\Luca\AppData\Local\d3d9caps.dat
2010-05-26 22:33 . 2010-03-14 19:55 -------- d-----w- c:\users\Luca\AppData\Roaming\vlc
2010-05-26 22:17 . 2010-02-12 17:03 -------- d-----w- c:\program files\Common Files\Real
2010-05-26 22:16 . 2010-02-12 17:03 -------- d-----w- c:\program files\Real
2010-05-25 16:15 . 2010-04-12 21:26 -------- d-----w- c:\users\Luca\AppData\Roaming\dvdcss
2010-05-22 17:51 . 2010-03-12 17:15 443912 ----a-w- c:\users\Luca\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-05-17 15:00 . 2010-01-06 09:42 -------- d-----w- c:\programdata\FLEXnet
2010-05-17 14:59 . 2010-01-05 17:03 133992 ----a-w- c:\users\Luca\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-17 14:52 . 2009-02-25 01:17 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-14 22:01 . 2010-01-04 17:56 -------- d-----w- c:\users\Luca\AppData\Roaming\skypePM
2010-05-14 22:01 . 2010-01-04 17:53 -------- d-----w- c:\users\Luca\AppData\Roaming\Skype
2010-05-12 22:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-12 21:59 . 2009-02-25 01:05 -------- d-----w- c:\programdata\Microsoft Help
2010-05-12 09:21 . 2010-02-12 18:41 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-24 16:33 . 2010-01-09 22:34 -------- d-----w- c:\program files\Common Files\Java
2010-04-24 16:32 . 2010-04-24 16:32 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-24 16:31 . 2010-01-09 22:34 -------- d-----w- c:\program files\Java
2010-04-18 22:02 . 2010-04-18 22:02 -------- d-----w- c:\users\Luca\AppData\Roaming\Nik Software
2010-04-10 12:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2010-04-10 12:17 . 2010-04-10 12:17 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-04-01 17:28 . 2010-04-01 17:26 102 ----a-w- c:\users\Luca\AppData\Roaming\wklnhst.dat
2010-04-01 17:27 . 2010-04-01 17:27 -------- d-----w- c:\users\Luca\AppData\Roaming\Template
2010-03-21 17:41 . 2010-03-21 17:41 118784 ----a-w- c:\users\Luca\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-14 21:35 . 2010-03-14 18:17 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-03-05 14:01 . 2010-04-16 16:12 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-15 12:21 . 2010-02-15 12:21 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42580f7c-0fb6-a051-4b0f-e3fdba39597d}]
2010-05-21 17:21 1522688 ----a-w- c:\windows\System32\632213ba.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-14 21:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-10 2153472]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-05 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-01-20 156968]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-01-20 202024]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-02 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-19 6793760]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-19 1833504]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-06-25 1069576]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-06-23 440864]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-13 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-14 345384]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-12-26 173288]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-15 30192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-26 202256]
c:\users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Server di rete.lnk - c:\program files\WIBUKEY\Server\WkSvMgr.exe [2010-3-3 3768320]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):40,d0,fb,4f,9b,97,ca,01
R2 gupdate1ca8d66d80f7240;Servizio di Google Update (gupdate1ca8d66d80f7240);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 133104]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-02-15 30192]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2008-12-04 19504]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2008-12-04 16432]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-12-04 59952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-06-03 176128]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-18 75048]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-06-23 707104]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-05-14 305448]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-11 61184]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenuto della cartella 'Scheduled Tasks'
2010-05-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 13:21]
2010-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 17:53]
2010-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-04 17:53]
2010-05-28 c:\windows\Tasks\User_Feed_Synchronization-{14755AAA-5C3F-4623-BEF1-A98D3FB45564}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&s=2&o=vp32&d=0809&m=aspire_5738
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&s=2&o=vp32&d=0809&m=aspire_5738
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: {C50B5E64-FEB9-43A5-8D7F-A5168348F856} = 213.140.2.12,213.140.2.21
FF - ProfilePath - c:\users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\y5pn9kho.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{7369188f-3091-84f6-f155-0b251a54d4a3}\components\e77440cc.dll
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
------- Associazioni dei file -------
.
.scr=AutoCADScriptFile
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-usfashvi - c:\users\Luca\AppData\Local\owkdanxlx\ieskswctssd.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-05-28 14:42
Windows 6.0.6002 Service Pack 2 NTFS
scansione processi nascosti ...
[0] 0x6174616E
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2010-05-28 14:45:09
ComboFix-quarantined-files.txt 2010-05-28 12:45
Pre-Run: 186.284.535.808 byte disponibili
Post-Run: 185.996.107.776 byte disponibili
- - End Of File - - E8F41F1F15E8D2466F0BCC1D11FBDDF9