ComboFix 09-01-19.05 - EddyFede 2009-01-20 14.06.31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.1023.607 [GMT 1:00]
Eseguito da: c:\documents and settings\EddyFede\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
* Creato nuovo punto di ripristino
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programmi\gPhotoShow Toolbar\v3.2.0.0\gPhotoShow_Toolbar.dll
c:\windows\system32\AutoRun.inf
c:\windows\system32\csrcs.exe
L:\autorun.inf
.
((((((((((((((((((((((((( Files Creati Da 2008-12-20 al 2009-01-20 )))))))))))))))))))))))))))))))))))
.
2009-01-20 13:10 . 2009-01-18 16:51 <DIR> d--h----- c:\documents and settings\Administrator\Risorse di stampa
2009-01-20 13:10 . 2009-01-18 16:51 <DIR> d--h----- c:\documents and settings\Administrator\Risorse di rete
2009-01-20 13:10 . 2009-01-18 16:51 <DIR> d-------- c:\documents and settings\Administrator\Preferiti
2009-01-20 13:10 . 2009-01-18 16:00 <DIR> d--h----- c:\documents and settings\Administrator\Modelli
2009-01-20 13:10 . 2009-01-18 16:51 <DIR> dr------- c:\documents and settings\Administrator\Menu Avvio
2009-01-20 13:10 . 2009-01-20 14:07 <DIR> d--h----- c:\documents and settings\Administrator\Impostazioni locali
2009-01-20 13:10 . 2009-01-18 16:51 <DIR> d-------- c:\documents and settings\Administrator\Documenti
2009-01-20 13:10 . 2009-01-18 16:51 <DIR> dr-h----- c:\documents and settings\Administrator\Dati applicazioni
2009-01-20 13:10 . 2009-01-20 13:10 <DIR> d-------- c:\documents and settings\Administrator
2009-01-20 13:04 . 2009-01-20 10:44 66,048 --a------ C:\mbr.exe
2009-01-20 12:58 . 2009-01-20 12:58 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Office Genuine Advantage
2009-01-20 11:30 . 2009-01-20 11:30 6,616 --a------ C:\hlvthhm.exe
2009-01-20 11:30 . 2009-01-20 11:30 0 --a------ C:\pvbjtljq.exe
2009-01-20 11:29 . 2009-01-20 11:29 16,901 --a------ C:\wpthn.exe
2009-01-20 11:28 . 2009-01-20 11:28 9,728 --a------ c:\windows\system32\sd4.exe
2009-01-19 14:24 . 2009-01-19 14:24 <DIR> d--h----- c:\programmi\InstallShield Installation Information
2009-01-19 14:24 . 2009-01-19 14:24 <DIR> d-------- c:\programmi\File comuni\InstallShield
2009-01-18 22:17 . 2009-01-20 10:23 <DIR> d--h----- C:\$AVG8.VAULT$
2009-01-18 19:21 . 2009-01-18 22:14 <DIR> d-------- c:\windows\system32\Lang
2009-01-18 19:21 . 2009-01-18 19:21 64 --a------ c:\windows\RTHDCPL_DB.dbt
2009-01-18 18:51 . 2009-01-18 18:56 664 --a------ c:\windows\system32\d3d9caps.dat
2009-01-18 18:47 . 2009-01-18 18:47 <DIR> d-------- c:\programmi\Sun
2009-01-18 18:47 . 2009-01-18 18:47 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-18 18:47 . 2009-01-18 18:47 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-18 18:46 . 2009-01-18 18:47 <DIR> d-------- c:\programmi\Java
2009-01-18 18:44 . 2009-01-19 14:24 <DIR> d-------- C:\pnp
2009-01-18 18:44 . 2008-04-13 20:19 146,048 --a------ c:\windows\system32\drivers\portcls.sys
2009-01-18 18:44 . 2008-04-13 20:19 146,048 --a--c--- c:\windows\system32\dllcache\portcls.sys
2009-01-18 18:44 . 2008-04-13 19:45 60,160 --a------ c:\windows\system32\drivers\drmk.sys
2009-01-18 18:44 . 2008-04-13 19:45 60,160 --a--c--- c:\windows\system32\dllcache\drmk.sys
2009-01-18 18:44 . 2009-01-18 18:44 0 -rahs---- C:\khq
2009-01-18 18:24 . 2009-01-18 18:24 <DIR> d-------- c:\programmi\CDBurnerXP
2009-01-18 18:24 . 2009-01-18 18:24 <DIR> d-------- c:\documents and settings\EddyFede\Dati applicazioni\Canneverbe_Limited
2009-01-18 18:22 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-01-18 18:20 . 2009-01-18 18:22 <DIR> d-------- c:\windows\system32\XPSViewer
2009-01-18 18:20 . 2009-01-18 18:20 <DIR> d-------- c:\programmi\Reference Assemblies
2009-01-18 18:20 . 2009-01-18 18:20 <DIR> d-------- c:\programmi\MSBuild
2009-01-18 18:20 . 2009-01-18 18:20 218 --a------ c:\windows\system32\spupdsvc.inf
2009-01-18 18:19 . 2009-01-18 18:20 <DIR> d-------- C:\9cc5b775a9ea79d8a158c8d5a5
2009-01-18 18:19 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-01-18 18:19 . 2008-07-06 13:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-01-18 18:19 . 2008-07-06 11:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-01-18 18:19 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-01-18 18:19 . 2008-07-06 13:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-01-18 18:19 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-01-18 18:19 . 2008-07-06 13:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-01-18 18:06 . 2009-01-18 18:06 <DIR> d-------- c:\windows\system32\it
2009-01-18 18:06 . 2009-01-18 18:06 <DIR> d-------- c:\windows\system32\bits
2009-01-18 18:06 . 2009-01-18 18:06 <DIR> d-------- c:\windows\l2schemas
2009-01-18 18:03 . 2009-01-18 18:06 <DIR> d-------- c:\windows\ServicePackFiles
2009-01-18 17:35 . 2004-08-03 22:29 1,897,408 --------- c:\windows\system32\drivers\nv4_mini.sys
2009-01-18 17:30 . 2009-01-18 17:30 <DIR> d-------- c:\programmi\MSXML 6.0
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-19 13:04 --------- d-----w c:\documents and settings\EddyFede\Dati applicazioni\Skype
2009-01-18 15:56 --------- d-----w c:\programmi\NOS
2009-01-18 15:56 --------- d-----w c:\programmi\Avira
2009-01-18 15:56 --------- d-----w c:\documents and settings\All Users.WINDOWS\Dati applicazioni\NOS
2009-01-18 15:56 --------- d-----w c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Avira
2009-01-18 15:49 --------- d-----w c:\programmi\MSECache
2009-01-18 15:49 --------- d-----w c:\programmi\File comuni\Adobe
2009-01-18 15:46 --------- d-----w c:\programmi\Microsoft Works
2009-01-18 15:46 --------- d-----w c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Microsoft Help
2009-01-18 15:39 --------- d-----w c:\documents and settings\EddyFede\Dati applicazioni\AVGTOOLBAR
2009-01-18 15:36 --------- d-----w c:\documents and settings\EddyFede\Dati applicazioni\DAEMON Tools Lite
2009-01-18 15:33 --------- d-----w c:\documents and settings\EddyFede\Dati applicazioni\DAEMON Tools Pro
2009-01-18 15:33 --------- d-----w c:\documents and settings\EddyFede\Dati applicazioni\DAEMON Tools
2009-01-18 15:33 --------- d-----w c:\documents and settings\All Users.WINDOWS\Dati applicazioni\DAEMON Tools Lite
2009-01-18 15:32 --------- d-----w c:\programmi\DAEMON Tools Lite
2009-01-18 15:30 --------- d-----w c:\documents and settings\EddyFede\Dati applicazioni\vlc
2009-01-18 15:28 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-01-18 15:28 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-18 15:28 12,552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-01-18 15:28 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-18 15:28 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2009-01-18 15:28 --------- d-----w c:\programmi\VideoLAN
2009-01-18 15:26 --------- d-----w c:\programmi\eMule AdunanzA
2009-01-18 15:26 --------- d-----w c:\documents and settings\EddyFede\Dati applicazioni\eMule AdunanzA
2009-01-18 15:25 --------- d-----w c:\documents and settings\All Users.WINDOWS\Dati applicazioni\avg8
2009-01-18 15:19 231,193 ----a-w c:\windows\gPhotoShow_Toolbar_Uninstaller_5093.exe
2009-01-18 15:19 --------- d-----w c:\programmi\WallpaperSS
2009-01-18 15:19 --------- d-----w c:\programmi\Skype
2009-01-18 15:19 --------- d-----w c:\programmi\gPhotoShow Toolbar
2009-01-18 15:19 --------- d-----w c:\programmi\File comuni\Skype
2009-01-18 15:19 --------- d-----w c:\documents and settings\EddyFede\Dati applicazioni\WallpaperSS
2009-01-18 15:19 --------- d-----w c:\documents and settings\All Users.WINDOWS\Dati applicazioni\Skype
2009-01-18 15:14 --------- d-----w c:\programmi\AVG
2009-01-18 15:05 --------- d-----w c:\programmi\microsoft frontpage
2009-01-18 15:03 --------- d-----w c:\programmi\Servizi in linea
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"WallpaperSS"="c:\programmi\WallpaperSS\WallpaperSS.exe" [2007-03-12 430080]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-18 1601304]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-01-18 136600]
"SoundMan"="SOUNDMAN.EXE" [2005-06-21 c:\windows\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2005-06-29 c:\windows\ALCWZRD.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-18 16:28 10520 c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-01-18 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-18 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-18 107272]
R4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-18 903960]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-18 298264]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
HKLM-Explorer_Run-csrcs - c:\windows\system32\csrcs.exe
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.enelenergia.it/FF - ProfilePath - c:\documents and settings\EddyFede\Dati applicazioni\Mozilla\Firefox\Profiles\vwbh6vhx.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.it.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-01-20 14:07:51
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(620)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2009-01-20 14.08.46
ComboFix-quarantined-files.txt 2009-01-20 13:08:44
Pre-Run: 190.142.111.744 byte disponibili
Post-Run: 190,192,152,576 byte disponibili
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
179 --- E O F --- 2009-01-19 13:20:02
Esegui 
![[B)]](http://www.megalab.it/forum/images/smilies/bash.gif "Martellate")
![[^]](http://www.megalab.it/forum/images/smilies/Oh-yea.gif "Approvazione")