Now I deleted AVG and Firefox mozilla and run Combofix.
Thank you in advance for your help
This is log
ComboFix 13-12-13.01 - home 16/12/2013 12.22.04.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1013.440 [GMT 1:00]
Eseguito da: F:\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Creati Da 2013-11-16 al 2013-12-16 )))))))))))))))))))))))))))))))))))
.
.
2013-12-19 18:38 . 2013-12-19 18:38 -------- d-----r- c:\documents and settings\LocalService\Preferiti
2013-12-19 18:37 . 2013-12-19 18:37 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2013-12-17 12:19 . 2013-12-17 12:19 -------- d-----w- c:\documents and settings\home\Dati applicazioni\Canon
2013-12-17 12:11 . 2013-12-17 12:11 -------- d-----w- c:\documents and settings\home\Impostazioni locali\Dati applicazioni\CANON_INC
2013-12-17 12:03 . 2013-12-17 12:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ZoomBrowser
2013-12-17 12:02 . 2013-12-17 12:04 -------- d-----w- c:\programmi\Canon
2013-12-17 11:53 . 2013-12-17 11:53 -------- d-----w- c:\programmi\File comuni\Canon
2013-12-17 10:57 . 2001-08-30 22:07 5632 ----a-w- c:\windows\system32\ptpusb.dll
2013-12-17 10:57 . 2008-04-13 18:13 159232 ----a-w- c:\windows\system32\ptpusd.dll
2013-12-16 10:47 . 2013-12-16 10:47 -------- d-----w- c:\documents and settings\home\Impostazioni locali\Dati applicazioni\cache
2013-12-16 10:47 . 2013-12-16 11:12 -------- d-----w- c:\documents and settings\home\Impostazioni locali\Dati applicazioni\Mobogenie
2013-12-16 10:47 . 2013-12-16 10:47 -------- d-----w- C:\Users
2013-12-16 10:47 . 2013-12-16 10:47 -------- d-----w- c:\programmi\DivX
2013-12-16 10:46 . 2013-12-16 10:46 -------- d-----w- c:\documents and settings\home\Dati applicazioni\0D0S1L2Z1P1B0T1P1B2Z
2013-12-16 10:46 . 2013-12-16 10:46 -------- d-----w- c:\programmi\Lame For Audacity
2013-12-16 10:46 . 2013-12-16 10:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DivX
2013-12-16 10:46 . 2013-12-16 11:10 -------- d-----w- c:\programmi\Haali
2013-12-16 10:46 . 2013-12-16 11:08 -------- d-----w- c:\programmi\DSP-worx
2013-12-16 10:46 . 2013-12-16 10:46 -------- d-----w- c:\documents and settings\home\Dati applicazioni\LavFilters
2013-12-16 10:46 . 2013-12-16 10:46 -------- d-----w- c:\documents and settings\home\Dati applicazioni\CDXReader
2013-12-16 10:44 . 2013-12-16 11:16 -------- d-----w- c:\documents and settings\home\Dati applicazioni\mysearchdial
2013-11-17 15:30 . 2013-11-17 15:30 -------- d-----w- c:\programmi\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-08 10:10 . 2012-12-13 09:39 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2013-10-31 09:49 . 2012-12-16 17:46 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b5b901e2-6e04-4b31-bd54-3ffb8264dfda}"= "c:\programmi\MoreFunGames\prxtbMor0.dll" [2013-11-06 226592]
.
[HKEY_CLASSES_ROOT\clsid\{b5b901e2-6e04-4b31-bd54-3ffb8264dfda}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{b5b901e2-6e04-4b31-bd54-3ffb8264dfda}]
2013-11-06 11:59 226592 ----a-w- c:\programmi\MoreFunGames\prxtbMor0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b5b901e2-6e04-4b31-bd54-3ffb8264dfda}"= "c:\programmi\MoreFunGames\prxtbMor0.dll" [2013-11-06 226592]
.
[HKEY_CLASSES_ROOT\clsid\{b5b901e2-6e04-4b31-bd54-3ffb8264dfda}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B5B901E2-6E04-4B31-BD54-3FFB8264DFDA}"= "c:\programmi\MoreFunGames\prxtbMor0.dll" [2013-11-06 226592]
.
[HKEY_CLASSES_ROOT\clsid\{b5b901e2-6e04-4b31-bd54-3ffb8264dfda}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Del1445609"="del" [X]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\BitComet\\BitComet.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Gruppi peer-to-peer Windows
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"7736:TCP"= 7736:TCP:BitComet 7736 TCP
"7736:UDP"= 7736:UDP:BitComet 7736 UDP
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [15/10/2012 3.48.52 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21/09/2012 3.46.00 245048]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [21/09/2012 3.46.06 182072]
R2 AUS;Auto Update Service;c:\programmi\lsm\aus.exe [07/07/2013 18.11.40 287744]
R2 IduService;Intel(R) Desktop Utilities Service;c:\programmi\Intel\Intel Desktop Utilities\iduServ.exe [11/01/2010 0.05.10 131248]
R2 Iprip;Listener RIP;c:\windows\System32\svchost.exe -k netsvcs [14/04/2008 13.00.00 14336]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\programmi\RealNetworks\RealDownloader\rndlresolversvc.exe [29/11/2012 20.31.04 38608]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\programmi\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [05/01/2012 16.42.34 75624]
S2 Log S.M.;Log Session Manager;c:\programmi\lsm\LSM.exe [07/07/2013 18.11.40 425984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-12-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-16 09:49]
.
2013-12-16 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2000478354-1677128483-725345543-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2012-11-30 14:30]
.
2013-12-15 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2000478354-1677128483-725345543-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2012-11-30 14:30]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://start.mysearchdial.com/?f=1&a=ds ... 687782&ir=
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=ds ... 687782&ir=
IE: Aggiungi a PDF esistente - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Aggiungi destinazione link a PDF esistente - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti destinazione link in Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti in Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-16 12:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(4040)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2013-12-16 12:26:40
ComboFix-quarantined-files.txt 2013-12-16 11:26
ComboFix2.txt 2013-12-16 11:02
ComboFix3.txt 2013-11-24 10:31
ComboFix4.txt 2013-11-17 16:24
.
Pre-Run: 131.778.342.912 byte disponibili
Post-Run: 131.784.867.840 byte disponibili
.
- - End Of File - - 3D164ABD572368A187CFC0D1BE926189
828E02D5C4A4FBE53441EE9DBEE51F43