ComboFix 12-11-29.01 - Utente 29/11/2012 10.56.26.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.511.316 [GMT 1:00]
Eseguito da: c:\documents and settings\Utente\Documenti\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Utente\Dati applicazioni\Toolbar4
c:\documents and settings\Utente\WINDOWS
c:\programmi\DealPly
c:\programmi\DealPly\DealPly.crx
c:\programmi\DealPly\DealPlyIE.dll
c:\programmi\DealPly\DealPlyUpdate.exe
c:\programmi\DealPly\DealPlyUpdateRun.exe
c:\programmi\DealPly\icon.ico
c:\windows\IsUn0410.exe
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\6e0c62658803795b.fb
c:\windows\system32\Cache\7b892fead523e4b7.fb
c:\windows\system32\Cache\7d1cff1061f19f8f.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\sqlite3.dll
.
.
((((((((((((((((((((((((( Files Creati Da 2012-10-28 al 2012-11-29 )))))))))))))))))))))))))))))))))))
.
.
2012-11-29 09:12 . 2012-11-29 09:13 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\GetRightToGo
2012-11-25 21:01 . 2012-11-25 21:01 -------- d-----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Google
2012-11-25 20:48 . 2008-04-14 12:00 26624 ----a-w- c:\documents and settings\LocalService\Dati applicazioni\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2012-11-25 20:46 . 2012-11-25 20:46 -------- d-----w- c:\programmi\Windows Media Connect 2
2012-11-25 20:45 . 2009-01-30 19:33 276992 ------w- c:\windows\system32\audiodev.dll
2012-11-25 20:44 . 2012-11-25 20:45 -------- d-----w- c:\windows\system32\drivers\UMDF
2012-11-25 20:44 . 2012-11-25 20:44 -------- d-----w- c:\windows\system32\LogFiles
2012-11-25 20:16 . 2012-11-25 20:16 -------- d-----w- c:\windows\system32\Adobe
2012-11-25 18:44 . 2012-11-25 18:44 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Qualys
2012-11-25 17:49 . 2012-11-20 06:17 262112 ----a-w- c:\programmi\Mozilla Firefox\components\browsercomps.dll
2012-11-25 17:49 . 2012-11-20 06:16 96224 ----a-w- c:\programmi\Mozilla Firefox\webapprt-stub.exe
2012-11-25 17:49 . 2012-11-20 06:16 157272 ----a-w- c:\programmi\Mozilla Firefox\webapp-uninstaller.exe
2012-11-25 17:49 . 2012-11-20 06:16 73696 ----a-w- c:\programmi\Mozilla Firefox\breakpadinjector.dll
2012-11-08 21:51 . 2012-11-08 21:51 -------- d-----w- c:\programmi\Google
2012-11-08 21:46 . 2012-11-08 21:46 -------- d-----w- c:\programmi\Microsoft.NET
2012-11-05 14:23 . 2012-11-05 14:23 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Motive
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-27 08:13 . 2012-06-09 13:10 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-27 08:13 . 2012-06-09 13:10 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-22 19:56 . 2008-04-14 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-22 12:02 . 2011-12-23 11:32 179936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-10-15 02:48 . 2012-04-19 02:50 55776 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-10-05 02:32 . 2011-08-08 04:08 93536 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2012-10-02 18:04 . 2008-04-14 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-10-02 01:30 . 2011-10-07 04:23 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-09-21 01:46 . 2011-07-10 23:14 164832 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-09-21 01:46 . 2012-08-09 11:56 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys
2012-09-21 01:45 . 2011-12-23 11:32 19936 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-09-14 01:05 . 2011-09-13 04:30 35552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-11-20 06:17 . 2012-11-25 17:49 262112 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTMSG"="LTMSG.exe 7" [X]
"SoundMan"="SOUNDMAN.EXE" [2006-08-02 577536]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"AVG_UI"="c:\programmi\AVG\AVG2013\avgui.exe" [2012-11-06 3143800]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Utente\Menu Avvio\Programmi\Esecuzione automatica\
Dropbox.lnk - c:\documents and settings\Utente\Dati applicazioni\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OpenOffice.org 3.4.1.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk
backup=c:\windows\pss\Alice ti aiuta.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Utente^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\Utente\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\programmi\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX100 Series]
2008-02-05 06:00 188928 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIEDE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2012-06-06 11:38 20480 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
2005-06-08 12:44 196608 ----a-w- c:\programmi\Logitech\Video\ManifestEngine.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2005-06-08 13:24 458752 ----a-w- c:\programmi\Logitech\Video\ISStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2005-06-08 13:14 217088 ----a-w- c:\programmi\Logitech\Video\LogiTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 11:33 17418928 ----a-r- c:\programmi\Skype\Phone\Skype.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Utente\\Dati applicazioni\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Programmi\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Programmi\\AVG\\AVG2013\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 3.50.26 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [09/08/2012 12.56.44 177376]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13/09/2011 5.30.10 35552]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 12.32.00 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 12.32.08 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/10/2011 5.23.48 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/07/2011 0.14.38 164832]
R2 avgwd;AVG WatchDog;c:\programmi\AVG\AVG2013\avgwdsvc.exe [22/10/2012 13.05.08 196664]
S2 AVGIDSAgent;AVGIDSAgent;c:\programmi\AVG\AVG2013\avgidsagent.exe [06/11/2012 19.00.04 5814392]
S2 SkypeUpdate;Skype Updater;c:\programmi\Skype\Updater\Updater.exe [13/07/2012 12.28.36 160944]
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-11-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 08:13]
.
2012-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1659004503-1801674531-1004Core.job
- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-09-18 08:11]
.
2012-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1659004503-1801674531-1004UA.job
- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-09-18 08:11]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\rfugiech.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT28516 ... hSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - ExtSQL: 2012-10-21 14:20; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\rfugiech.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF - ExtSQL: 2012-10-21 20:55; {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}; c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\rfugiech.default\extensions\{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}
FF - ExtSQL: 2012-11-25 19:43; {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}; c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\rfugiech.default\extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-Adobe Acrobat 4.0 - c:\windows\ISUN0410.EXE
AddRemove-lollipop - c:\documents and settings\utente\impostazioni locali\dati applicazioni\lollipop\lollipop.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-29 11:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2012-11-29 11:05:15
ComboFix-quarantined-files.txt 2012-11-29 10:05
.
Pre-Run: 100.942.852.096 byte disponibili
Post-Run: 100.953.157.632 byte disponibili
.
WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 3012A509A523335D27C56A4E62C79036