ComboFix 13-04-10.01 - Giorgio 10/04/2013   7.23.27.4.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.39.1040.18.2046.1333 [GMT 2:00]
Eseguito da: c:\documents and settings\Giorgio\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Giorgio\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Outdated* {00000002-0002-0000-3C24-9E7C08000A00}
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
- MODALITÀ CON FUNZIONALITÀ RIDOTTE -
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\AegisI5Installer.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Creati Da 2013-03-10 al 2013-04-10  )))))))))))))))))))))))))))))))))))
.
.
2013-04-09 19:49 . 2013-04-09 19:49	--------	d-----w-	C:\TDSSKiller_Quarantine
2013-04-09 19:17 . 2013-04-09 19:17	--------	d-----w-	c:\programmi\File comuni\Skype
2013-04-09 15:53 . 2013-04-09 15:53	--------	d-----w-	C:\_OTL
2013-04-09 08:54 . 2013-04-09 09:39	--------	d-----w-	c:\programmi\WhoCrashed
2013-04-08 10:59 . 2013-04-08 10:59	--------	d-----w-	c:\documents and settings\Giorgio\Application Data\addpcs
2013-04-07 10:43 . 2013-04-07 10:43	--------	d-----w-	c:\documents and settings\Giorgio\Application Data\Malwarebytes
2013-03-31 08:25 . 2013-03-31 08:25	--------	d-----w-	C:\efe0b77fa8068f4a3b5245701a00bd56
2013-03-17 09:24 . 2013-02-12 00:32	12928	-c----w-	c:\windows\system32\dllcache\usb8023x.sys
2013-03-17 09:24 . 2013-02-12 00:32	12928	-c----w-	c:\windows\system32\dllcache\usb8023.sys
2013-03-11 18:15 . 2013-03-11 18:15	--------	d-----w-	c:\documents and settings\Giorgio\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-27 16:57 . 2012-10-17 17:23	84744	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-03-27 16:57 . 2012-10-17 17:23	37352	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-03-27 16:57 . 2012-10-17 17:23	135136	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-03-16 17:57 . 2012-07-01 13:19	693976	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-03-16 17:57 . 2011-12-01 16:22	73432	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-12 00:32 . 2010-10-18 10:04	12928	----a-w-	c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-19 12:00	12928	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-02-06 00:47 . 2006-03-04 03:34	832512	----a-w-	c:\windows\system32\wininet.dll
2013-02-06 00:47 . 2004-08-19 12:00	1830912	----a-w-	c:\windows\system32\inetcpl.cpl
2013-02-06 00:47 . 2004-08-19 12:00	78336	----a-w-	c:\windows\system32\ieencode.dll
2013-02-06 00:47 . 2004-08-19 12:00	17408	------w-	c:\windows\system32\corpol.dll
2013-01-26 03:55 . 2004-08-19 12:00	552448	----a-w-	c:\windows\system32\oleaut32.dll
2009-02-12 11:31 . 2009-02-12 11:32	9002496	-c--a-w-	c:\programmi\Trust WB-1400T Webcam.msi
2013-03-09 10:12 . 2013-03-09 10:12	263064	----a-w-	c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\documents and settings\Giorgio\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\documents and settings\Giorgio\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\documents and settings\Giorgio\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\documents and settings\Giorgio\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"NVHotkey"="nvHotkey.dll" [2006-03-21 73728]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"nwiz"="nwiz.exe" [2006-03-21 1519616]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2013-03-27 345312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7557120]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Logitech SetPoint.lnk - c:\programmi\Logitech\SetPoint\SetPoint.exe [2010-12-1 805392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42	72208	----a-w-	c:\programmi\File comuni\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Giorgio^Menu Avvio^Programmi^Esecuzione automatica^Dropbox.lnk]
path=c:\documents and settings\Giorgio\Menu Avvio\Programmi\Esecuzione automatica\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-18 19:08	946352	----a-w-	c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-01-28 12:08	59720	----a-w-	c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-03-21 19:03	7557120	----a-w-	c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-02-28 16:50	18642024	----a-r-	c:\programmi\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-10-24 17:12	273528	----a-w-	c:\programmi\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YTBackup"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"SolidWorks Licensing Service"=3 (0x3)
"odserv"=3 (0x3)
"idsvc"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)
"Fax"=2 (0x2)
"gupdatem"=3 (0x3)
"gupdate1c9b9e112ab0db0"=2 (0x2)
"TeamViewer7"=2 (0x2)
"fsssvc"=3 (0x3)
"bepldr6PixelPlanetService"=3 (0x3)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"WZCSVC"=2 (0x2)
"TapiSrv"=3 (0x3)
"SkypeUpdate"=2 (0x2)
"ServiceLayer"=3 (0x3)
"RichVideo"=2 (0x2)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"MozillaMaintenance"=3 (0x3)
"mnmsrvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"ERSvc"=2 (0x2)
"BthServ"=2 (0x2)
"Autodesk Licensing Service"=3 (0x3)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" /background
"H/PC Connection Agent"="c:\programmi\Microsoft ActiveSync\wcescomm.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /installquiet
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe"
"IntelWireless"="c:\programmi\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
"IntelZeroConfig"="c:\programmi\Intel\Wireless\bin\ZCfgSvc.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Yosemite\\Yosemite Backup\\v8.10-sp3a\\win\\x86\\ytwingqa.exe"=
"c:\\Programmi\\Yosemite\\Yosemite Backup\\v8.10-sp3a\\win\\x86\\ytwincsc.exe"=
"c:\\Programmi\\Yosemite\\Yosemite Backup\\v8.10-sp3a\\win\\x86\\ytwingad.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1005MC.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Delta Industrial Automation\\WPLSoft 2.11\\WPLSoft.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Opera\\opera.exe"=
"c:\\Programmi\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programmi\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Programmi\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\File comuni\\XPressUpdate\\XPressUpdate.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\programmi\Microsoft ActiveSync\WCESMgr.exe"= c:\programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Application
"c:\programmi\Microsoft ActiveSync\wcescomm.exe"= c:\programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Connection Manager
"c:\programmi\Microsoft ActiveSync\rapimgr.exe"= c:\programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync RAPI Manager
"c:\\Programmi\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Programmi\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Vodafone\\VodafoneStation2\\VodafoneStation2.exe"=
"c:\\Programmi\\Vodafone\\VodafoneStation2\\python\\win\\VFsocket.exe"=
"c:\\Documents and Settings\\Giorgio\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Programmi\\File comuni\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20006:UDP"= 20006:UDP:WPLSoft Ethernet Tool
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Disabled:ActiveSync Service
"990:TCP"= 990:TCP:samsung
"14955:TCP"= 14955:TCP:*:Disabled:µTorrent
"50000:TCP"= 50000:TCP:utorrent
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [17/10/2012 19.23.43 37352]
R1 PLCHW;PLCHW;c:\windows\system32\drivers\plchw.sys [20/12/2010 10.43.12 44368]
R2 AntiVirSchedulerService;Avira Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [17/10/2012 19.23.47 86752]
R2 s7oiehsx;SIMATIC IEPG Help Service;c:\program files\common files\Siemens\S7IEPG\s7oiehsx.exe [07/07/2004 12.17.02 200769]
S2 KeyP;KeyP;c:\windows\system32\drivers\KeyP.sys [03/12/2002 21.55.31 14232]
S2 RDXmon;RDXmon 1.12;c:\programmi\RD1000\Service\RDXmon.exe [13/09/2006 13.57.22 45056]
S2 SkypeUpdate;Skype Updater;c:\programmi\Skype\Updater\Updater.exe [28/02/2013 18.45.16 161384]
S2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 20.19.58 13592]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12/07/2010 10.18.45 47360]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [26/03/2012 23.23.28 25088]
S4 bepldr6PixelPlanetService;PixelPlanet easyPDF SDK 6 Loader;c:\programmi\File comuni\BCL Technologies\PixelPlanet6\bepldr.exe [05/10/2009 18.04.12 172032]
S4 gupdate1c9b9e112ab0db0;Google Update Service (gupdate1c9b9e112ab0db0);c:\programmi\Google\Update\GoogleUpdate.exe [10/04/2009 15.34.28 133104]
S4 TeamViewer7;TeamViewer 7;c:\programmi\TeamViewer\Version7\TeamViewer_Service.exe [26/03/2012 23.23.27 2886528]
S4 YTBackup;Yosemite Backup;c:\programmi\Yosemite\Yosemite Backup\v8.10-sp3a\win\x86\ytwinsdr.exe [02/12/2007 19.28.17 188416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-31 18:49	1642448	----a-w-	c:\programmi\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-04-08 c:\windows\Tasks\1-Click Maintenance.job
- c:\programmi\TuneUp Utilities 2008\OneClick.exe [2007-12-21 13:17]
.
2013-04-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 17:57]
.
2013-04-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2013-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-10 13:34]
.
2013-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-10 13:34]
.
2013-04-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
2013-04-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3066020028-1826277225-4034825517-1005.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40]
.
2013-04-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3066020028-1826277225-4034825517-1005.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{2655641F-43C8-4544-8DAE-A28356CBFC25}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{454B2BAF-668B-45FB-AC58-D02785F626CD}: NameServer = 212.216.112.112,192.168.1.1
DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} - hxxp://www.partserver.com/partserver/viewer/cnsweb3d/cnsweb3d.cab
DPF: {1F831FA9-42FC-11D4-95A6-0080AD30DCE1} - file://c:\programmi\AutoCAD LT 2000i Ita\InstFred.ocx
FF - ProfilePath - c:\documents and settings\Giorgio\Application Data\Mozilla\Firefox\Profiles\ns4t9sb7.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-10 07:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ... 
.
scansione entrate autostart nascoste ... 
.
Scansione files nascosti ... 
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(908)
c:\programmi\file comuni\logitech\bluetooth\LBTWlgn.dll
c:\programmi\file comuni\logitech\bluetooth\LBTServ.dll
.
Ora fine scansione: 2013-04-10  07:32:21
ComboFix-quarantined-files.txt  2013-04-10 05:32
ComboFix2.txt  2013-04-09 21:17
ComboFix3.txt  2011-02-14 19:36
ComboFix4.txt  2010-03-18 09:25
.
Pre-Run: 31.390.212.096 byte disponibili
Post-Run: 31.373.049.856 byte disponibili
.
- - End Of File - - E10CB153FAEC60846206D9B9735612F6