ComboFix 09-03-25.04 - daniele 2009-03-26 21:03:23.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.510.372 [GMT 1:00]
Eseguito da: c:\documents and settings\daniele\Desktop\d.g.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)
.
((((((((((((((((((((((((( Files Creati Da 2009-02-26 al 2009-03-26 )))))))))))))))))))))))))))))))))))
.
2009-03-26 20:25 . 2009-03-26 20:34 <DIR> d-------- C:\ComboFix
2009-03-26 17:31 . 2009-03-26 17:31 101,287 --a------ c:\windows\system32\drivers\klin.dat
2009-03-26 17:31 . 2009-03-26 17:31 89,601 --a------ c:\windows\system32\drivers\klick.dat
2009-03-26 16:29 . 2009-03-24 20:44 <DIR> d--h----- c:\documents and settings\Administrator\Risorse di stampa
2009-03-26 16:29 . 2009-03-24 20:44 <DIR> d--h----- c:\documents and settings\Administrator\Risorse di rete
2009-03-26 16:29 . 2009-03-24 20:44 <DIR> d-------- c:\documents and settings\Administrator\Preferiti
2009-03-26 16:29 . 2009-03-24 20:10 <DIR> d--h----- c:\documents and settings\Administrator\Modelli
2009-03-26 16:29 . 2009-03-24 20:44 <DIR> dr------- c:\documents and settings\Administrator\Menu Avvio
2009-03-26 16:29 . 2009-03-26 21:04 <DIR> d--h----- c:\documents and settings\Administrator\Impostazioni locali
2009-03-26 16:29 . 2009-03-24 20:44 <DIR> d-------- c:\documents and settings\Administrator\Documenti
2009-03-26 16:29 . 2009-03-24 20:44 <DIR> dr-h----- c:\documents and settings\Administrator\Dati applicazioni
2009-03-26 16:29 . 2009-03-26 16:30 <DIR> d-------- c:\documents and settings\Administrator
2009-03-26 15:59 . 2009-03-26 15:59 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2009-03-26 15:59 . 2009-03-26 20:28 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2009-03-26 15:59 . 2009-03-26 20:38 131,104 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-03-26 15:59 . 2009-03-26 20:38 1,528 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-03-26 15:59 . 2009-03-26 20:38 32 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-03-26 15:59 . 2009-03-26 20:38 32 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-03-26 14:48 . 2009-03-26 15:17 <DIR> d-------- c:\programmi\Google
2009-03-26 08:15 . 2009-03-26 08:15 <DIR> d-------- c:\programmi\Trend Micro
2009-03-25 23:11 . 2004-08-19 15:39 21,504 --a------ c:\windows\system32\hidserv.dll
2009-03-25 23:11 . 2004-08-19 15:39 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2009-03-25 22:46 . 2009-03-25 22:46 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\ESET
2009-03-25 19:51 . 2009-03-25 19:51 <DIR> d-------- c:\programmi\CCleaner
2009-03-25 19:30 . 2009-03-25 19:32 <DIR> d-------- c:\programmi\uTorrent
2009-03-25 19:30 . 2009-03-25 19:52 <DIR> d-------- c:\documents and settings\daniele\Dati applicazioni\uTorrent
2009-03-25 19:01 . 2009-03-25 19:01 22 --a------ c:\windows\system32\ati64hlp.stb
2009-03-25 18:59 . 2009-03-25 19:00 <DIR> d--h----- c:\programmi\InstallShield Installation Information
2009-03-25 18:59 . 2009-03-25 18:59 <DIR> d-------- c:\programmi\File comuni\InstallShield
2009-03-25 18:59 . 2009-03-25 19:00 <DIR> d-------- c:\programmi\ATI Technologies
2009-03-25 18:30 . 2009-03-25 18:30 <DIR> d-------- c:\windows\Sun
2009-03-25 18:30 . 2009-03-25 18:55 664 --a------ c:\windows\system32\d3d9caps.dat
2009-03-25 18:29 . 2009-03-25 18:29 <DIR> d-------- c:\programmi\Java
2009-03-25 18:29 . 2009-03-25 18:29 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-25 18:29 . 2009-03-25 18:29 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-25 13:45 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-03-25 13:45 . 2004-08-03 23:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2009-03-25 07:52 . 2009-03-25 07:52 <DIR> d-------- c:\windows\system32\it-it
2009-03-25 07:52 . 2008-12-20 23:30 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-03-25 07:52 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-03-25 07:52 . 2007-03-08 06:11 1,032,192 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-25 07:52 . 2008-12-20 23:30 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-03-25 07:52 . 2008-12-20 23:30 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-25 07:52 . 2008-12-20 23:30 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-03-25 07:52 . 2008-12-20 23:30 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-03-25 07:52 . 2008-12-20 23:30 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-25 07:52 . 2008-12-19 10:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2009-03-24 21:19 . 2009-03-24 22:10 <DIR> d-------- c:\windows\system32\CatRoot_bak
2009-03-24 21:07 . 2008-06-14 18:59 272,768 --------- c:\windows\system32\drivers\bthport.sys
2009-03-24 21:07 . 2008-06-14 18:59 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-24 19:15 --------- d-----w c:\programmi\microsoft frontpage
2009-03-24 19:13 --------- d-----w c:\programmi\Servizi in linea
2009-02-09 14:56 1,846,272 ----a-w c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-03-26_14.10.47,33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2009-03-24 19:19:12 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-26 16:28:09 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-03-24 19:19:12 32,768 ----a-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
+ 2009-03-26 16:28:09 32,768 ----a-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
- 2009-03-24 19:19:12 32,768 ----a-w c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-26 16:28:09 32,768 ----a-w c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-26 13:08:34 241,664 ----a-w c:\windows\system32\config\systemprofile\ntuser.dat
+ 2008-07-21 17:34:36 121,872 ----a-w c:\windows\system32\drivers\kl1.sys
+ 2008-01-29 17:29:38 32,784 ----a-w c:\windows\system32\drivers\klbg.sys
+ 2009-03-26 14:59:33 213,008 ----a-w c:\windows\system32\drivers\klif.sys
+ 2008-04-30 17:06:48 24,592 ----a-w c:\windows\system32\drivers\klim5.sys
+ 2008-07-29 19:20:00 24,774 ----a-w c:\windows\system32\drivers\klopp.dat
+ 2008-07-29 19:21:42 218,376 ----a-w c:\windows\system32\klogon.dll
+ 2009-03-26 18:37:23 8,960 ----a-w c:\windows\system32\Restore\rstrlog.dat
+ 2009-03-26 19:55:51 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_758.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-26 39408]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
S2 AntiVirUpgradeService;Avira Upgrade Service;"c:\docume~1\daniele\IMPOST~1\Temp\AVSETUP_49cb3270\basic\avupgsvc.exe" /TEMPSTART:""c:\docume~1\daniele\IMPOST~1\Temp\AVSETUP_49cb3270\basic\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE"
c:\docume~1\daniele\IMPOST~1\Temp\AVSETUP_49cb3270\basic\avupgsvc.exe
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.google.it/.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-03-26 21:04:18
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2009-03-26 21:05:06
ComboFix-quarantined-files.txt 2009-03-26 20:05:04
ComboFix2.txt 2009-03-26 14:15:58
ComboFix3.txt 2009-03-26 13:11:19
Pre-Run: 155,856,367,616 byte disponibili
Post-Run: 155,847,483,392 byte disponibili
123 --- E O F --- 2009-03-25 14:51:23