ComboFix 13-06-25.01 - alex 26/06/2013   9.44.09.1.4 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.39.1040.18.3018.2122 [GMT 2:00]
Eseguito da: c:\documents and settings\alex\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\alex\Dati applicazioni\tce_acuthin.exe
c:\documents and settings\alex\Menu Avvio\Internet Explorer.lnk
c:\programmi\WinRAR\Leggimi.Txt
c:\programmi\WinRAR\Leggimi_1a.Txt
c:\programmi\WinRAR\Licenza.Txt
c:\programmi\WinRAR\NoteTecniche.Txt
c:\programmi\WinRAR\Ordin.htm
c:\programmi\WinRAR\Ordina.htm
c:\programmi\WinRAR\SorgUnRAR.Txt
.
.
(((((((((((((((((((((((((   Files Creati Da 2013-05-26 al 2013-06-26  )))))))))))))))))))))))))))))))))))
.
.
2013-06-26 07:40 . 2013-06-26 07:40	29904	----a-w-	c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{A08C43C6-50D1-4F5F-9C60-F7EF8F07DAF4}\MpKsl5d1f5f37.sys
2013-06-26 06:57 . 2013-06-12 04:18	7068072	----a-w-	c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{A08C43C6-50D1-4F5F-9C60-F7EF8F07DAF4}\mpengine.dll
2013-06-25 10:11 . 2013-06-25 10:11	--------	d-----w-	c:\documents and settings\alex\Dati applicazioni\LavasoftStatistics
2013-06-25 10:11 . 2013-06-25 10:11	--------	d-----w-	c:\documents and settings\All Users\Dati applicazioni\Ad-Aware Antivirus
2013-06-25 10:03 . 2013-06-25 10:03	--------	d-----w-	c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2013-06-25 10:03 . 2013-06-25 10:11	--------	d-----w-	c:\programmi\Ad-Aware Antivirus
2013-06-25 10:03 . 2013-06-25 10:03	--------	d-----w-	c:\documents and settings\alex\Impostazioni locali\Dati applicazioni\adawarebp
2013-06-25 10:03 . 2013-06-25 10:03	--------	d-----w-	c:\documents and settings\All Users\Dati applicazioni\Downloaded Installations
2013-06-25 10:03 . 2013-06-25 10:03	--------	d-----w-	c:\documents and settings\All Users\Dati applicazioni\blekko toolbars
2013-06-25 10:03 . 2013-06-25 10:03	--------	d-----w-	c:\documents and settings\All Users\Dati applicazioni\Ad-Aware Browsing Protection
2013-06-25 10:03 . 2013-06-25 10:03	--------	d-----w-	c:\programmi\adawaretb
2013-06-25 10:03 . 2013-06-25 10:03	--------	d-----w-	c:\documents and settings\alex\Dati applicazioni\adawaretb
2013-06-25 10:03 . 2013-06-25 10:03	--------	d-----w-	c:\programmi\Toolbar Cleaner
2013-06-25 10:01 . 2013-06-25 10:01	44424	----a-w-	c:\windows\system32\sbbd.exe
2013-06-25 10:01 . 2013-06-25 10:01	13560	----a-w-	c:\windows\system32\drivers\gfibto.sys
2013-06-25 10:01 . 2013-06-26 07:42	--------	d-----w-	c:\documents and settings\alex\Dati applicazioni\Ad-Aware Antivirus
2013-06-25 06:46 . 2008-04-13 09:45	26368	-c--a-w-	c:\windows\system32\dllcache\usbstor.sys
2013-06-24 07:07 . 2013-06-12 04:18	7068072	----a-w-	c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-18 14:54 . 2013-06-18 14:54	--------	d-----w-	c:\documents and settings\LocalService\Menu Avvio
2013-06-17 16:26 . 2013-06-17 16:26	--------	d-----w-	C:\$GISFFPdownload$
2013-06-11 17:38 . 2013-06-11 17:38	--------	d-----w-	C:\ConTeTs
2013-06-05 17:03 . 2013-06-05 17:03	--------	d-----w-	c:\windows\system32\ABCpdf6
2013-06-05 17:03 . 2013-06-05 17:03	--------	d-----w-	c:\programmi\WebSupergoo
2013-06-05 16:54 . 2013-06-05 16:54	--------	d-----w-	c:\windows\system32\Extensions
2013-06-05 16:54 . 2013-06-05 16:54	--------	d-----w-	c:\windows\system32\searchplugins
2013-06-05 16:53 . 2013-06-05 16:53	--------	d-----w-	c:\documents and settings\alex\Dati applicazioni\Zip Opener Packages
2013-06-05 16:53 . 2013-06-05 16:53	69632	----a-r-	c:\documents and settings\alex\Dati applicazioni\Microsoft\Installer\{89505A66-35F0-4401-B3AD-D077051F8698}\ARPPRODUCTICON.exe
2013-06-05 16:53 . 2013-06-05 16:53	49152	----a-r-	c:\documents and settings\alex\Dati applicazioni\Microsoft\Installer\{89505A66-35F0-4401-B3AD-D077051F8698}\UNINST_Uninstall_Q_336D8C9DB2424DE5BC518E574B25652F.exe
2013-06-05 16:53 . 2013-06-05 16:53	--------	d-----w-	c:\documents and settings\alex\Impostazioni locali\Dati applicazioni\Downloaded Installations
2013-06-05 16:52 . 2013-06-05 16:52	--------	d-----w-	c:\documents and settings\All Users\Dati applicazioni\Babylon
2013-06-05 16:52 . 2013-06-05 16:52	--------	d-----w-	c:\documents and settings\alex\Dati applicazioni\Babylon
2013-06-05 16:52 . 2013-06-05 16:52	--------	d-----w-	c:\documents and settings\alex\Dati applicazioni\DSite
2013-06-05 16:52 . 2013-06-05 17:01	--------	d-----w-	c:\documents and settings\All Users\Dati applicazioni\Tarma Installer
2013-05-29 16:50 . 2013-05-29 16:50	--------	d-----w-	c:\windows\Sun
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 09:29 . 2013-05-03 08:12	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 09:29 . 2013-05-03 08:12	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-05-17 16:15 . 2013-04-23 09:16	357888	----a-w-	c:\windows\system32\gisadmin.exe
2013-05-07 22:27 . 2004-08-19 12:00	920064	----a-w-	c:\windows\system32\wininet.dll
2013-05-07 22:27 . 2004-08-19 12:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2013-05-07 22:27 . 2004-08-19 12:00	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2013-05-07 21:53 . 2004-08-19 12:00	385024	----a-w-	c:\windows\system32\html.iec
2013-05-03 05:39 . 2004-08-19 15:34	2032128	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-05-03 05:39 . 2004-08-19 12:00	2153472	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-05-02 15:28 . 2013-04-23 09:58	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-04-23 10:00 . 2013-04-23 10:00	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-04-23 10:00 . 2013-04-23 10:00	144896	----a-w-	c:\windows\system32\javacpl.cpl
2013-04-23 10:00 . 2013-04-23 10:00	866720	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-04-23 10:00 . 2013-04-23 09:47	788896	----a-w-	c:\windows\system32\deployJava1.dll
2013-04-12 14:00 . 2004-08-19 12:00	1876352	----a-w-	c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\documents and settings\alex\Dati applicazioni\uTorrent\uTorrent.exe" [2013-05-10 1044560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\programmi\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"RTHDCPL"="RTHDCPL.EXE" [2010-11-04 19580520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-18 142360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-18 176152]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-18 145944]
"MSC"="c:\programmi\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Dati applicazioni\Ad-Aware Browsing Protection\adawarebp.exe" [2013-05-15 554408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
c:\documents and settings\alex\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 3.4.1.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Ranocchi - Avvio Automatico GIS.lnk - c:\gidesk\Gis\System\GiDeskStart\GiDeskStart.exe [2013-5-24 27648]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\alex\\Dati applicazioni\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Programmi\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Gestione remota Windows 
.
R1 MpKsl5d1f5f37;MpKsl5d1f5f37;c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{A08C43C6-50D1-4F5F-9C60-F7EF8F07DAF4}\MpKsl5d1f5f37.sys [26/06/2013 9.40.59 29904]
R2 Ad-Aware Service;Ad-Aware Service;c:\programmi\Ad-Aware Antivirus\AdAwareService.exe [13/06/2013 2.27.38 1236336]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [22/04/2013 17.48.54 87712]
R2 TeamViewer8;TeamViewer 8;c:\programmi\TeamViewer\Version8\TeamViewer_Service.exe [06/05/2013 11.36.52 4150112]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\programmi\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [22/04/2013 17.51.34 2656280]
R3 IntcDAud;Audio schermo Intel(R);c:\windows\system32\drivers\IntcDAud.sys [22/04/2013 17.50.05 260864]
R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [22/04/2013 17.51.32 41088]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [25/06/2013 12.01.14 13560]
S2 SBAMSvc;Ad-Aware;c:\programmi\Ad-Aware Antivirus\SBAMSvc.exe [20/09/2012 5.39.12 3677000]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22/04/2013 17.45.43 1691480]
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - AD-AWARE_SERVICE
*NewlyCreated* - MPKSL5D1F5F37
*NewlyCreated* - SBAMSVC
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-06-26 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~1\AD-AWA~1\AdAwareLauncher.exe [2013-06-13 00:27]
.
2013-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-03 09:29]
.
2013-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2013-05-06 15:29]
.
2013-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2013-05-06 15:29]
.
2013-06-25 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\programmi\Microsoft Security Client\MpCmdRun.exe [2013-01-27 09:11]
.
2013-06-25 c:\windows\Tasks\User_Feed_Synchronization-{94280300-FF18-49EF-B21E-E309B7B2ECD5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
TCP: Interfaces\{526E315D-97F3-489F-B791-B830DFB315FD}: NameServer = 192.168.2.2,8.8.8.8
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
URLSearchHooks-{6c97a91e-4524-4019-86af-2aa2d567bf5c} - (no file)
HKLM-Run-SunJavaUpdateSched - c:\programmi\Java\jre7\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-26 09:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ... 
.
scansione entrate autostart nascoste ... 
.
Scansione files nascosti ... 
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Ora fine scansione: 2013-06-26  09:49:08
ComboFix-quarantined-files.txt  2013-06-26 07:48
.
Pre-Run: 472.857.423.872 byte disponibili
Post-Run: 473.196.023.808 byte disponibili
.
- - End Of File - - CDD45909FB4C3BC82BFE1B6B5C0709BB
828E02D5C4A4FBE53441EE9DBEE51F43