ComboFix 09-01-17.02 - Codu 2009-01-17 22.13.38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.511.183 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Codu\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated)
FW: Kaspersky Internet Security *disabled*
* Creato nuovo punto di ripristino
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Codu\Impostazioni locali\Dati applicazioni\eukqqws.dat
C:\Documents and Settings\Codu\Impostazioni locali\Dati applicazioni\eukqqws.exe
C:\Documents and Settings\Codu\Impostazioni locali\Dati applicazioni\eukqqws_nav.dat
C:\Documents and Settings\Codu\Impostazioni locali\Dati applicazioni\eukqqws_navps.dat
.
((((((((((((((((((((((((( Files Creati Da 2008-12-17 al 2009-01-17 )))))))))))))))))))))))))))))))))))
.
2009-01-17 13:57 . 2009-01-17 14:14 <DIR> d-------- C:\Programmi\eMule
2009-01-17 13:53 . 2009-01-17 13:54 <DIR> d-------- C:\Programmi\eMule Acceleration Patch
2009-01-17 12:55 . 2009-01-17 12:57 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2009-01-17 12:55 . 2009-01-17 12:55 <DIR> d-------- C:\Programmi\Reference Assemblies
2009-01-17 12:55 . 2009-01-17 12:55 <DIR> d-------- C:\Programmi\MSBuild
2009-01-17 12:54 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2009-01-17 02:53 . 2009-01-17 02:53 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2009-01-17 02:53 . 2009-01-17 02:53 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2009-01-17 02:52 . 2009-01-17 02:52 <DIR> d-------- C:\Programmi\Kaspersky Lab
2009-01-17 02:52 . 2009-01-17 22:19 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2009-01-17 02:52 . 2009-01-17 22:19 942,624 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2009-01-17 02:52 . 2009-01-17 22:16 262,176 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2009-01-17 02:52 . 2009-01-17 22:19 9,520 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2009-01-17 02:52 . 2009-01-17 22:16 3,024 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2009-01-17 02:51 . 2009-01-17 02:51 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2009-01-16 01:29 . 2009-01-17 14:11 <DIR> d-------- C:\Programmi\Kaspersky Internet Security Patch
2009-01-15 17:27 . 2009-01-15 17:27 <DIR> d-------- C:\Programmi\SCSI
2009-01-15 13:30 . 2009-01-15 13:30 <DIR> d-------- C:\Programmi\Ubisoft
2009-01-15 13:30 . 2009-01-15 13:38 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\POPWWPROFILES
2009-01-14 17:26 . 2009-01-14 17:26 <DIR> d-------- C:\Programmi\SystemRequirementsLab
2009-01-12 18:37 . 2009-01-12 18:37 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Messenger Plus!
2009-01-12 14:07 . 2009-01-12 14:07 <DIR> d-------- C:\Programmi\Messenger Plus! Live
2009-01-11 18:56 . 2008-03-17 11:03 101,376 -ra------ C:\WINDOWS\system32\drivers\ewusbmdm.sys
2009-01-11 18:55 . 2009-01-11 18:55 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\InstallShield
2009-01-11 18:54 . 2009-01-11 18:54 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Vodafone
2009-01-09 19:49 . 2009-01-17 19:49 <DIR> d-------- C:\Documents and Settings\Codu\Tracing
2009-01-09 19:48 . 2009-01-09 19:48 <DIR> d-------- C:\Programmi\Microsoft
2009-01-09 19:47 . 2009-01-09 19:47 <DIR> d-------- C:\Programmi\Windows Live SkyDrive
2009-01-09 19:41 . 2009-01-09 19:41 <DIR> d-------- C:\Programmi\File comuni\Windows Live
2009-01-06 13:06 . 2009-01-06 13:06 900,015 --a------ C:\WINDOWS\system32\TmpA2177468
2009-01-06 12:59 . 2009-01-06 12:59 <DIR> d-------- C:\Programmi\Total Uninstall 5
2009-01-06 12:59 . 2009-01-06 12:59 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Martau
2008-12-22 13:53 . 2008-12-22 13:55 <DIR> d-------- C:\Programmi\Opera
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-16 19:16 --------- d-----w C:\Documents and Settings\Codu\Dati applicazioni\uTorrent
2009-01-16 17:36 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2009-01-16 17:32 --------- d-----w C:\Programmi\Avast4
2009-01-16 14:43 --------- d-----w C:\Programmi\mIRC 6.31
2009-01-16 14:33 --------- d-----w C:\Programmi\GestioneAcquario
2009-01-15 12:30 --------- d--h--w C:\Programmi\InstallShield Installation Information
2009-01-15 00:25 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2009-01-14 12:30 --------- d-----w C:\Programmi\SERA - Die CD
2009-01-14 11:43 271,360 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2009-01-14 11:43 18,048 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2009-01-11 17:54 --------- d-----w C:\Programmi\File comuni\InstallShield
2009-01-09 18:48 --------- d-----w C:\Programmi\Windows Live
2009-01-08 18:39 --------- d-----w C:\Documents and Settings\Codu\Dati applicazioni\SendSpace Wizard
2008-12-27 02:38 --------- d-----w C:\Programmi\Glary Utilities
2008-12-22 13:00 --------- d-----w C:\Documents and Settings\Codu\Dati applicazioni\Apple Computer
2008-12-11 10:57 333,952 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-12-10 14:51 --------- d-----w C:\Programmi\File comuni\HappySoft
2008-12-10 14:51 --------- d-----w C:\Programmi\Borland
2008-12-06 17:26 --------- d-----w C:\Programmi\Microsoft Silverlight
2008-11-27 19:17 --------- d-----w C:\Programmi\AdBidy
2008-11-24 14:21 --------- d-----w C:\Documents and Settings\Codu\Dati applicazioni\Publish Providers
2008-11-24 14:19 --------- d-----w C:\Programmi\VstPlugins
2008-11-24 14:18 --------- d-----w C:\Programmi\Sound Forge 7.0
2008-11-24 14:12 --------- d-----w C:\Programmi\Sound Forge 9.0
2008-11-22 11:23 --------- d-----w C:\Programmi\SendSpace Wizard
2008-11-21 11:59 --------- d-----w C:\Programmi\Syncrosoft
2008-11-20 16:19 --------- d-----w C:\Programmi\QuickTime
2008-11-20 16:18 --------- d-----w C:\Programmi\File comuni\Apple
2008-11-20 16:18 --------- d-----w C:\Programmi\Apple Software Update
2008-11-20 16:18 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2008-11-20 16:18 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple
2008-09-18 08:15 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008091820080919\index.dat
.
------- Sigcheck -------
2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-04-27 14:25 361344 8e036eec565910417ea020ce0962aa24 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 12:51 361600 cbeebeb899e31ef52b962cb31fc8ca5c C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 18:14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22 7700480]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 11:22 86016]
"SpeedTouch USB Diagnostics"="C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 05:59 878080]
"EPSON Stylus C66 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE" [2003-11-26 19:00 99840]
"AVP"="C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-11-11 19:59 206088]
"nwiz"="nwiz.exe" [2006-10-22 11:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 577536 C:\WINDOWS\soundman.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 18:14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-04-27 14:23 123904 C:\WINDOWS\system32\advpack.dll]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"msacm.ac3filter"= ac3filter.acm
"msacm.divxa32"= divxa32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BITS"=2 (0x2)
"ImapiService"=3 (0x3)
"Eventlog"=2 (0x2)
"mnmsrvc"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 17:29:38 32784]
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\asapi.sys [2008-09-19 12:26:49 11264]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\drivers\cledx.sys [2008-09-19 14:22:20 33792]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\drivers\klfltdev.sys [2008-03-13 18:02:46 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\drivers\klim5.sys [2008-04-30 17:06:48 24592]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df1b167c-e008-11dd-8808-0090d0c7706f}]
\Shell\AutoRun\command - G:\setup_vmc_lite.exe /checkApplicationPresence
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df1b167d-e008-11dd-8808-0090d0c7706f}]
\Shell\AutoRun\command - G:\setup_vmc_lite.exe /checkApplicationPresence
.
Contenuto della cartella 'Scheduled Tasks'
2008-12-27 C:\WINDOWS\Tasks\GlaryInitialize.job
- C:\Programmi\Glary Utilities\initialize.exe [2008-03-25 21:44]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://google.it/IE: Aggiungi al banner Blocco pubblicità - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Download by easyMule - C:\Programmi\easyMule\IE2EM.htm
TCP: {BEF161E7-1B10-43BD-98B1-97946E96928B} = 193.12.150.2 212.247.152.2
FF - ProfilePath - C:\Documents and Settings\Codu\Dati applicazioni\Mozilla\Firefox\Profiles\qon1qqky.default\
FF - prefs.js: browser.search.selectedEngine - YopMail
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.it/ig.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-01-17 22:18:51
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-606747145-484061587-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
@Denied: (Full) (Administrators)
@Denied: (Full) (S-1-5-21-606747145-484061587-1177238915-1003)
@Denied: (Full) (RestrictedCode)
@Denied: (Full) (LocalSystem)
"View"=hex:2c,00,00,00,00,00,00,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,
ff,ff,ff,ff,ff,ff,2c,00,00,00,3a,00,00,00,2c,03,00,00,4c,02,00,00,d8,00,00,\
"FindFlags"=dword:0000000e
"LastKey"=""
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'explorer.exe'(7312)
C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll
C:\WINDOWS\system32\ieframe.dll
C:\WINDOWS\system32\wpdshserviceobj.dll
C:\WINDOWS\system32\portabledevicetypes.dll
C:\WINDOWS\system32\portabledeviceapi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
.
**************************************************************************
.
Ora fine scansione: 2009-01-17 22:24:03 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-01-17 21:22:46