|
| |||||||
 |
 |
| | Thread Tools |
|
#1
23. Giugno 2009, 10:38
| |||
| |||
| Infetti da malware MultiPacked.Multi.Generic! Di recente ho scaricato un tema domanda. Durante l'installazione, Kaspersky richiesto un avviso dicendo computer è stato infettato da malware MultiPacked.Multi.Generic. Il mio Kaspersky smesso di lavorare e la mia è andata finestre tema-Sono bloccato con finestre classico. Aiuto per favore! |
|
#2
23. Giugno 2009, 11:25
| |||
| |||
| Infetti da malware MultiPacked.Multi.Generic! Prova a far di me uno dei registri è possibile da qui. http://www.computer-juice.com/forums...-posting-7476/
__________________  |
|
#3
24. Giugno 2009, 11:44
| |||
| |||
| Infetti da malware MultiPacked.Multi.Generic! Sembra il forum ha avuto un problema. Si prega di pubblicare questi DDS tronchi. Scarica dal DDS | QUI | o | QUI | o | QUI | e salvarlo sul desktop. Vista utenti fate clic destro su dds e selezionare Esegui come amministratore (verrà visualizzato un prompt di UAC, si prega di lasciarla) * XP Fare doppio clic su dds per eseguirlo. * Se il tuo antivirus o firewall di cercare di bloccare DDS si prega di consentire l'esecuzione. * Al termine si aprirà DDS due (2) log. 1) DDS.txt 2) Attach.txt * Salva entrambi i log sul desktop. * Si prega di copiare e incollare l'intero contenuto di entrambi i log nella prossima risposta. Nota: DDS ti Attach.txt per postare il log come allegato. Si prega di postare solo è come qualsiasi altro registro da copiare e incollare nella risposta.
__________________ |
|
#4
24. Giugno 2009, 13:55
| |||
| |||
| Infetti da malware MultiPacked.Multi.Generic! DDS (Ver_09-05-14,01) - NTFSx86 Gestito da mouse a 16:53:23.36 il mercoledì 06/24/2009 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1294 [GMT -4:00] AV: Kaspersky Internet Security * scansione on-access per disabili * (Aggiornato) (2C4D4BC6-0793-4956-A9F9-E252435469C0) FW: Kaspersky Internet Security * permesso * (2C4D4BC6-0793-4956-A9F9-E252435469C0) Processi in esecuzione ============== =============== C: \ WINDOWS \ system32 \ svchost-k DcomLaunch svchost.exe C: \ WINDOWS \ System32 \ svchost.exe-k netsvcs C: \ WINDOWS \ system32 \ svchost.exe-k WudfServiceGroup svchost.exe C: \ WINDOWS \ system32 \ spoolsv.exe C: \ Program Files \ Creative \ Shared Files \ CTAudSvc.exe C: \ WINDOWS \ Explorer.EXE C: \ WINDOWS \ system32 \ CTHELPER.EXE C: \ WINDOWS \ system32 \ CTXFIHLP.EXE C: \ Program Files \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe C: \ WINDOWS \ system32 \ RUNDLL32.EXE C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe C: \ Program Files \ iTunes \ iTunesHelper.exe C: \ WINDOWS \ SYSTEM32 \ CTXFISPI.EXE C: \ WINDOWS \ system32 \ ctfmon.exe C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe C: \ PROGRA ~ 1 \ micros ~ 4 \ rapimgr.exe svchost.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe C: \ Program Files \ Bonjour \ mDNSResponder.exe C: \ WINDOWS \ system32 \ nvsvc32.exe C: \ WINDOWS \ system32 \ PnkBstrA.exe C: \ WINDOWS \ System32 \ svchost.exe-k imgsvc C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Entertainment Center \ EAXLoadr.exe C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe C: \ Program Files \ iPod \ bin \ iPodService.exe C: \ WINDOWS \ System32 \ svchost.exe-k HTTPFilter C: \ Program Files \ Mozilla Firefox \ firefox.exe C: \ Program Files \ LimeWire \ LimeWire.exe C: \ Documents and Settings \ Mouse \ Desktop \ dds.com ============== Pseudo HJT Relazione =============== uStart Page = hxxp: / / google.com / uInternet Impostazioni, ProxyOverride = *. locali BHO: Adobe PDF Reader Link Helper: (06849e9f-c8d7-4d59-b87d-784b7d6be0b3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll BHO: Skype add-on (mastermind): (22bf413b-c6d2-4d91-82a9-a0f997ba588c) - C: \ Program Files \ Skype \ toolbars \ Internet Explorer \ SkypeIEPlugin.dll BHO: IEVkbdBHO classe: (59273ab4-e7d3-40f9-a1a8-6fa9cca1862c) - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ievkbd.dll BHO: Java (tm) Plug-In 2 SSV Helper: (dbc80044-a445-435b-bc74-9c25c1c588a9) - C: \ Program Files \ Java \ jre6 \ bin \ jp2ssv.dll BHO: JQSIEStartDetectorImpl classe: (e7e6f031-17ce-4c07-bc86-eabfe594f69c) - C: \ Program Files \ Java \ jre6 \ lib \ deploy \ jqs \ cioè \ jqs_plugin.dll TB: Veoh Browser Plug-in: (d0943516-5076-4020-a3b5-aefaf26ab263) - C: \ Program Files \ Veoh Networks \ Veoh \ Plugins \ reg \ VeohToolbar.dll EB: (32683183-48a0-441b-a342-7c2a440a9478) - Nessun file uRun: [ctfmon.exe] c: \ windows \ system32 \ ctfmon.exe uRun: [H / PC Connection Agent] "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c: \ windows \ system32 \ NvCpl.dll, NvStartup mRun: [CTHelper] CTHELPER.EXE mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [CTDVDDET] "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ dvdaudio \ CTDVDDET.EXE" mRun: [RCSystem] "C: \ Program Files \ Creative \ file condivisi \ modulo loader \ DLLML.exe" RCSystem *-Startup mRun: [AudioDrvEmulator] "C: \ Program Files \ Creative \ file condivisi \ modulo loader \ dllml.exe" -1 audiodrvemulator "C: \ Program Files \ Creative \ file condivisi \ modulo caricatore \ audio emulatore \ AudDrvEm.dll" mRun: [VolPanel] "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe" / r mRun: [NvMediaCenter] RUNDLL32.EXE c: \ windows \ system32 \ NvMcTray.dll, NvTaskbarInit mRun: [AVP] "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" mRun: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime mRun: [AppleSyncNotifier] C: \ Program Files \ Common Files \ apple \ mobile device support \ bin \ AppleSyncNotifier.exe mRun: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe" IE: Aggiungi ai Blocco Banner - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm IE: E & sporta in Microsoft Excel - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office10 \ EXCEL.EXE/3000 IE: (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe IE: (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe IE: (1F460357-8A94-4D71-9CA3-AA4ACF32ED8E) - (85E0B171-04FA-11D1-B7DA-00A0C90348D6) - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ SCIEPlgn.dll IE: (2EAF5BB1-070F-11D3-9307-00C04FAE2D4F) - (2EAF5BB0-070F-11D3-9307-00C04FAE2D4F) - c: \ progra ~ 1 \ micros ~ 4 \ INetRepl.dll IE: (2EAF5BB2-070F-11D3-9307-00C04FAE2D4F) - (2EAF5BB0-070F-11D3-9307-00C04FAE2D4F) - c: \ progra ~ 1 \ micros ~ 4 \ INetRepl.dll IE: (77BF5300-1474-4EC7-9980-D32B190E9B07) - (77BF5300-1474-4EC7-9980-D32B190E9B07) - C: \ Program Files \ Skype \ toolbars \ Internet Explorer \ SkypeIEPlugin.dll DPF: Microsoft XML Parser per Java - file: / / c: \ windows \ java \ classes \ xmldso.cab DPF: (17492023-C23A-453E-A040-C7C580BBF700) - hxxp: / / go.microsoft.com / fwlink /? Linkid = 39204 DPF: (45B69029-F3AB-4204-92DE-D5140C3E8E74) - hxxps: / / portal.apogentech.com / vdesk / terminale / InstallerControl.cab DPF: (463ED66E-431b-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll DPF: (57C76689-F052-487B-A19F-855AFDDF28EE) - hxxps: / / portal.apogentech.com/vdesk/terminal/f5InspectionHost.cab # version = 6030,2008,0904,1939 DPF: (8AD9C840-044E-11D1-B3E9-00805F499D93) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: (CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: (CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: (CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: (CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: (CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: (E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D) - hxxps: / / portal.apogentech.com/policy/download_binary.php/win32/f5syschk.cab # Version = 6030,2008,0904,1947 Handler: cdo - (CD00020A-8B95-11D1-82DB-00C04FB1625D) - C: \ Program Files \ Common Files \ Microsoft Shared \ Web Folders \ PKMCDO.DLL Handler: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - c: \ progra ~ 1 \ common ~ 1 \ Skype \ SKYPE4 ~ 1.DLL Comunica:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL Comunica: klogon - c: \ windows \ system32 \ klogon.dll AppInit_DLLs: c: \ progra ~ 1 \ kasper ~ 1 \ kasper ~ 1 \ mzvkbd.dll, c: \ progra ~ 1 \ kasper ~ 1 \ kasper ~ 1 \ adialhk.dll, c: \ progra ~ 1 \ kaspe r ~ 1 \ kasper ~ 1 \ kloehk.dll SSODL: WPDShServiceObj - (AAA288BA-9A4C-45B0-95D7-94D524869DB5) - c: \ windows \ system32 \ WPDShServiceObj.dll Seh: SABShellExecuteHook classe: (5ae067d3-9afb-48e0-853a-ebb7f4a000da) - C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath -- ============= SERVIZI / DRIVERS =============== R0 KL1; KL1; c: \ windows \ system32 \ drivers \ kl1.sys [2007-10-31 112144] R0 klbg; Kaspersky Lab Boot Guard Driver; c: \ windows \ system32 \ drivers \ klbg.sys [2008-1-29 33808] R1 klif; Kaspersky Lab Driver; c: \ windows \ system32 \ drivers \ klif.sys [2008-4-18 213520] R1 SASKUTIL; SASKUTIL; C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [2008-2-29 55024] R1 UGURU; UGURU; c: \ windows \ system32 \ drivers \ uGuru.sys [2008-5-12 14592] R2 avp; Kaspersky Internet Security; C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe-r -> C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe-r [? ] R2 Viewpoint Manager Service; Viewpoint Manager Service; C: \ Program Files \ vista \ comune \ ViewpointService.exe [2008-12-7 24652] R3 KLFLTDEV; Kaspersky Lab KLFltDev; c: \ windows \ system32 \ drivers \ klfltdev.sys [2008-3-13 26640] R3 klim5; Kaspersky Anti-Virus NDIS Filter; c: \ windows \ system32 \ drivers \ klim5.sys [2007-12-13 24592] R3 SASENUM; SASENUM; C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [2006-2-16 4096] S1 SASDIFSV; SASDIFSV; C: \ Program Files \ SUPERAntiSpyware \ SASDIFSV.SYS [2008-2-29 9968] S2 Cubase32; Cubase32; c: \ windows \ system32 \ drivers \ Cuba se32.sys [2009-4-5 11808] S3 IlvMoneyDRIVER53; IlvMoneyDRIVER53; c: \ windows \ sistema m32 \ drivers \ IlvMoney1215.sys [2008-8-21 30080] =============== Creato Ultimo 30 ================ 2009-06-17 13:58 <DIR> - d ----- C: \ Program Files \ LSoft Tecnologie 2009-06-13 12:32 <DIR> - d ----- C: \ Program Files \ iPod 2009-06-13 12:32 <DIR> - d ----- C: \ Program Files \ iTunes ==================== Find3M ==================== ============= FINISH: 16:54:12.42 =============== SALVO specificamente istruiti, NON POSTO Questo log. Se richiesto, CAP IT UP & allegalo DDS (Ver_09-05-14,01) Microsoft Windows XP Professional Boot Device: \ Device \ HarddiskVolume1 Installare Data: 5/12/2008 2:38:20 PM Sistema Uptime: 6/24/2009 12:33:35 PM (4 ore fa) Motherboard: http://www.abit.com.tw/ | | IP35 Pro (P35 + ICH9R) Processore: Intel (R) Pentium (R) 4 CPU 2.80GHz | Socket 775 | 3024/216mhz ==== Le partizioni del disco ========================= A: è rimovibile C: è fissato (NTFS) - 128 GiB totale, 60,146 GiB libera. D: è fisso (NTFS) - 69 GiB totale, 60,479 GiB libera. E: è CDROM (CDFS) F: è CDROM (CDFS) G: è fissato (NTFS) - 245 GiB totale 138,326 GiB libera. H: è CDROM () I: è CDROM () J: è CDROM () K: è CDROM () ==== Disabili Gestione periferiche oggetti ============= Class GUID: (4D36E972-E325-11CE-BFC1-08002BE10318) Descrizione: Realtek RTL8169/8110 Famiglia Gigabit Ethernet NIC Device ID: PCI \ VEN_10EC & DEV_8167 & SUBSYS_1083147B & REV_10 \ 4 & BB2 9FA6 & 0 & 00F0 Produttore: Realtek Semiconductor Corp. Nome: Realtek RTL8169/8110 Famiglia Gigabit Ethernet NIC # 3 PNP Device ID: PCI \ VEN_10EC & DEV_8167 & SUBSYS_1083147B & REV_10 \ 4 & BB2 9FA6 & 0 & 00F0 Servizio: RTL8023xp Class GUID: (4D36E972-E325-11CE-BFC1-08002BE10318) Descrizione: Ponte di MAC Miniport Device ID: root \ MS_BRIDGEMP \ 0000 Produttore: Microsoft Nome: Ponte di MAC Miniport PNP Device ID: root \ MS_BRIDGEMP \ 0000 Servizio: BridgeMP ==== Ripristino configurazione di sistema Punti =================== RP202: 3/26/2009 6:14:01 PM - Sistema di controllo RP203: 3/27/2009 9:06:08 PM - Sistema di controllo RP204: 3/30/2009 12:43:20 PM - Sistema di controllo RP205: 4/1/2009 5:11:23 PM - Sistema di controllo RP206: 4/3/2009 3:31:49 PM - Sistema di controllo RP207: 4/6/2009 11:30:33 AM - Sistema di controllo RP208: 4/8/2009 1:48:55 AM - Rimosso MapleStory GL. RP209: 4/8/2009 1:49:05 AM - Installato MapleStory. RP210: 4/8/2009 2:00:33 AM - Rimosso MapleStory. RP211: 4/8/2009 2:12:11 AM - Installato MapleStory. RP212: 4/9/2009 1:53:58 PM - Sistema di controllo RP213: 4/11/2009 6:22:36 AM - Sistema di controllo RP214: 4/14/2009 11:18:28 AM - Sistema di controllo RP215: 4/15/2009 5:50:23 PM - Software Distribution Service 3,0 RP216: 4/18/2009 1:32:37 AM - Sistema di controllo RP217: 4/21/2009 2:37:36 PM - Sistema di controllo RP218: 4/22/2009 5:07:27 PM - Sistema di controllo RP219: 4/24/2009 2:41:28 PM - Sistema di controllo RP220: 4/25/2009 10:07:27 PM - Sistema di controllo RP221: 4/28/2009 6:48:10 AM - installato Java (TM) 6 Update 13 RP222: 5/2/2009 7:23:06 PM - Sistema di controllo RP223: 5/3/2009 11:36:18 PM - Sistema di controllo RP224: 5/5/2009 2:29:10 PM - Sistema di controllo RP225: 5/6/2009 8:29:33 PM - Sistema di controllo RP226: 5/7/2009 3:00:17 AM - Software Distribution Service 3,0 RP227: 5/7/2009 11:16:03 AM - WgaNotify installato Windows XP. RP228: 5/9/2009 11:12:42 AM - Sistema di controllo RP229: 5/10/2009 5:10:12 PM - Sistema di controllo RP230: 5/11/2009 9:02:07 PM - Sistema di controllo RP231: 5/13/2009 12:26:07 AM - Software Distribution Service 3,0 RP232: 5/14/2009 2:28:00 PM - Rimosso ZU-ONLINE RP233: 5/15/2009 2:47:49 PM - Sistema di controllo RP234: 5/17/2009 1:28:31 AM - Sistema di controllo RP235: 5/17/2009 4:58:00 PM - LG installato il driver USB Modem RP236: 5/19/2009 11:34:48 AM - Sistema di controllo RP237: 5/20/2009 12:47:48 PM - Sistema di controllo RP238: 5/23/2009 10:08:08 AM - Sistema di controllo RP239: 6/1/2009 10:03:10 AM - Sistema di controllo RP240: 6/2/2009 10:03:30 AM - Sistema di controllo RP241: 6/3/2009 11:47:56 AM - Sistema di controllo RP242: 6/5/2009 11:10:53 PM - Sistema di controllo RP243: 6/7/2009 2:46:24 PM - Sistema di controllo RP244: 6/9/2009 11:32:41 AM - Sistema di controllo RP245: 6/10/2009 5:52:30 PM - Sistema di controllo RP246: 6/10/2009 11:00:09 PM - Software Distribution Service 3,0 RP247: 6/12/2009 12:14:34 PM - Sistema di controllo RP248: 6/13/2009 1:12:33 PM - Sistema di controllo RP249: 6/14/2009 9:20:14 PM - Sistema di controllo RP250: 6/15/2009 9:53:46 PM - Sistema di controllo RP251: 6/17/2009 12:27:01 AM - Sistema di controllo RP252: 6/21/2009 7:28:06 PM - Sistema di controllo RP253: 6/22/2009 8:08:50 PM - Sistema di controllo RP254: 6/23/2009 2:54:41 PM - Rimosso Garmin City Navigator Nord America NT 2009 Update RP255: 6/23/2009 2:58:20 PM - Rimosso palmOne RP256: 6/24/2009 3:58:18 PM - Sistema di controllo ==== Programmi installati ====================== ==== Visualizzatore eventi passati Settimana Messaggi Da ======== ==== Fine del file =========================== |
|
#5
24. Giugno 2009, 14:05
| |||
| |||
| Infetti da malware MultiPacked.Multi.Generic! Scarica ComboFix © by SUBS da uno dei link qui sotto. Assicurarsi superiore a salvare la Desktop. Link # 1 Link # 2 ** Nota: E 'importante che si è salvato direttamente sul tuo desktop NON eseguirlo ancora! Nota: le istruzioni qui di seguito sono stati creati appositamente per questo utente. Se non siete l'utente, NON seguire queste istruzioni in quanto potrebbero danneggiare il funzionamento del sistema Elimina i file / cartelle, come segue: 1. Vai a Inizio > Correre > Tipo Notepad.exe e fare clic su OK per aprire il Blocco note. Esso dovere essere il Blocco note, non Wordpad. 2. Copia il testo nella casella qui sotto il codice evidenziando tutto il testo e premendo Ctrl + C Codice: Killall:: DDS:: uInternet Impostazioni, ProxyOverride = *. locali EB: (32683183-48a0-441b-a342-7c2a440a9478) - File n. IE: (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe DPF: (463ED66E-431b-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll Driver:: Viewpoint Manager Service cartella: C: \ Program Files \ punto di vista 4. Quindi, fare clic su File > Salvare 5. Nome del file CFScript.txt - Salva il file sul tuo desktop 6. Quindi, trascinare il CFScript (tenere premuto il tasto sinistro del mouse mentre si trascina il file) e rilasciarlo (rilasciare il tasto sinistro del mouse) in ComboFix.exe come potete vedere nella schermata qui sotto. Importante: Eseguire questa attentamente le istruzioni!  ComboFix inizierà a eseguire, basta seguire le istruzioni. Dopo il reboot (nel caso in cui si chiede di riavviare), che produrrà un log per voi. Post che log (Combofix.txt) nella prossima risposta. Nota: Non clic ComboFix della finestra, mentre è in esecuzione. Questo può causare il sistema per congelare
__________________ |
|
#6
25. Giugno 2009, 08:45
| |||
| |||
| Infetti da malware MultiPacked.Multi.Generic! ComboFix 09-06-23.01 - Mouse 06/24/2009 17:18.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1452 [GMT -4:00] Running da: c: \ Documents and Settings \ Mouse \ Desktop \ ComboFix.exe Interruttori di comando utilizzati:: C: \ Documents and settings \ Mouse \ Desktop \ CFScript.txt AV: Kaspersky Internet Security * scansione on-access per disabili * (Aggiornato) (2C4D4BC6-0793-4956-A9F9-E252435469C0) FW: Kaspersky Internet Security * permesso * (2C4D4BC6-0793-4956-A9F9-E252435469C0) . Altri ((((((((((((((((((((((((((((((((((((((( Deletions ))))))))) )))))))))))))))))))))))))))))))))))))))) . C: \ Program Files \ punto di vista c: \ recycler \ S-1-5-21-1957994488-1801674531-1177238915-1004 c: \ recycler \ S-1-5-21-789336058-2025429265-1644491937-1003 c: \ windows \ system32 \ drivers \ kl1.sys C: \ Program Files \ Messenger \ msmsgs.exe C: \ Program Files \ vista \ Common \ ViewpointService.exe C: \ Program Files \ vista \ Common \ VistaBoot.sdll C: \ Program Files \ vista \ Viewpoint Media Player \ AxMetaStream.dll C: \ Program Files \ vista \ Viewpoint Media Player \ ClassIDs.ini C: \ Program Files \ vista \ Viewpoint Media Player \ ComponentMgr.dll C: \ Program Files \ vista \ Viewpoint Media Player \ MetaStreamID.ini C: \ Program Files \ vista \ Viewpoint Media Player \ MtsAxInstaller.exe C: \ Program Files \ vista \ Viewpoint Media Player \ NewComponents \ AOLUserShell.dll C: \ Program Files \ vista \ Viewpoint Media Player \ NewComponents \ Cursors.dll C: \ Program Files \ vista \ Viewpoint Media Player \ NewComponents \ JpegReader.dll C: \ Program Files \ vista \ Viewpoint Media Player \ NewComponents \ Mts3Reader.dll C: \ Program Files \ vista \ Viewpoint Media Player \ NewComponents \ SceneComponent.dll C: \ Program Files \ vista \ Viewpoint Media Player \ NewComponents \ SreeDMMX.dll C: \ Program Files \ vista \ Viewpoint Media Player \ NewComponents \ SWFView.dll C: \ Program Files \ vista \ Viewpoint Media Player \ NewComponents \ VETScriptInterpreter.dll C: \ Program Files \ vista \ Viewpoint Media Player \ NewComponents \ VMPSpeech.dll C: \ Program Files \ vista \ Viewpoint Media Player \ NewComponents \ VMPVideo2.dll C: \ Program Files \ vista \ Viewpoint Media Player \ npViewpoint.dll C: \ Program Files \ vista \ Viewpoint Media Player \ npViewpoint.xpt c: \ recycler \ S-1-5-21-1957994488-1801674531-1177238915-1004 \ desktop.ini c: \ recycler \ S-1-5-21-1957994488-1801674531-1177238915-1004 \ INFO2 c: \ recycler \ S-1-5-21-789336058-2025429265-1644491937-1003 \ desktop.ini c: \ recycler \ S-1-5-21-789336058-2025429265-1644491937-1003 \ INFO2 c: \ windows \ emMON.exe c: \ windows \ system32 \ Codecs \ 7zAES.dll c: \ windows \ system32 \ Codecs \ AES.dll c: \ windows \ system32 \ Codecs \ Branch.dll c: \ windows \ system32 \ Codecs \ BZip2.dll c: \ windows \ system32 \ Codecs \ Copy.dll c: \ windows \ system32 \ Codecs \ Deflate.dll c: \ windows \ system32 \ Codecs \ LZMA.dll c: \ windows \ system32 \ Codecs \ PPMd.dll c: \ windows \ system32 \ Codecs \ Rar29.dll c: \ windows \ system32 \ Codecs \ Swap.dll c: \ windows \ system32 \ drivers \ ctoss2k.sys c: \ windows \ system32 \ formati \ 7z.dll . ((((((((((((((((((((((((((((((((((((((( Driver / Servizi )))))))) ))))))))))))))))))))))))))))))))))))))))) . ------- \ Legacy_ILVMONEYDRIVER53 ------- \ Legacy_VIEWPOINT_MANAGER_SERVICE ------- \ Service_IlvMoneyDRIVER53 ------- \ Service_Viewpoint Manager Service ------- \ Legacy_ossrv ------- \ Service_ossrv ((((((((((((((((((((((((( I file creati dal 2009/05/24 al 2009/06/24 ))))))))))) )))))))))))))))))))) . 2009-06-23 18:47. 2009-06-24 16:37 117760 ---- aw-c: \ Documents and Settings \ Mouse \ Dati applicazioni \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009-06-17 17:58. 2009-06-17 18:10 d -------- ----- w-C: \ Program Files \ LSoft Tecnologie 2009-06-13 16:32. 2009-06-13 16:32 d -------- ----- w-C: \ Program Files \ iPod 2009-06-13 16:32. 2009-06-13 16:32 d -------- ----- w-C: \ Program Files \ iTunes 2009-06-13 16:28. 2009-06-13 16:29 d -------- ----- w-C: \ Program Files \ QuickTime 2009-06-13 16:23. 2009-06-13 16:23 75048 ---- aw-c: \ Documents and Settings \ All Users \ Dati applicazioni \ Apple Computer \ Installer Cache \ iTunes 8.2.0.23 \ SetupAdmin.exe 2009-06-10 23:14. 2001-08-18 02:36 462848-c - aw-c: \ windows \ system32 \ dllcache \ a3dapi.dll 2009-06-10 23:14. 2001-08-18 02:36 462848 ---- aw-c: \ windows \ system32 \ a3dapi.dll 2009-06-10 23:13. 2009-06-11 07:20 d -------- ----- w-C: \ Descent3 2009-06-10 23:13. 2009-06-10 23:13 d -------- ----- w-C: \ Giochi 2009-06-10 20:13. 2009-05-07 15:32 345600-c ---- w-c: \ windows \ system32 \ dllcache \ Localspl.dll 2009-06-10 20:13. 2009-04-15 14:51 585216-c ---- w-c: \ windows \ system32 \ dllcache \ Rpcrt4.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Relazione )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009-06-24 23:25. 2008-05-16 03:35 d -------- ----- w-c: \ Documents and Settings \ All Users \ Dati applicazioni \ Kaspersky Lab 2009-06-24 21:26. 2008-05-16 03:35 761888 - sha-w-c: \ windows \ system32 \ drivers \ fidbox2.dat 2009-06-24 21:26. 2008-05-16 03:35 64388 - sha-w-c: \ windows \ system32 \ drivers \ fidbox.idx 2009-06-24 21:26. 2008-05-16 03:35 4571424 - sha-w-c: \ windows \ system32 \ drivers \ fidbox.dat 2009-06-24 21:26. 2008-05-16 03:35 29696 - sha-w-c: \ windows \ system32 \ drivers \ fidbox2.idx 2009-06-24 21:09. 2008-05-17 00:25 d -------- ----- w-c: \ Documents and Settings \ Mouse \ Dati applicazioni \ LimeWire 2009-06-24 16:37. 2008-05-19 02:02 d -------- ----- w-C: \ Program Files \ SUPERAntiSpyware 2009-06-23 19:00. 2008-10-16 02:40 d -------- ----- w-C: \ Program Files \ Pando Networks 2009-06-23 18:59. 2008-11-29 18:36 d -------- ----- w-C: \ Program Files \ palmOne 2009-06-21 23:00. 2009-02-09 03:50 138184 ---- aw-c: \ windows \ system32 \ drivers \ PnkBstrK.sys 2009-06-21 23:00. 2009-02-09 03:50 183112 ---- aw-c: \ windows \ system32 \ PnkBstrB.exe 2009-06-18 22:35. 2008-06-17 15:40 d -------- ----- w-C: \ Program Files \ Diablo II 2009-06-18 22:31. 2008-06-02 00:09 -------- d --- aw-c: \ Documents and Settings \ All Users \ Dati applicazioni \ TEMP 2009-06-17 22:51. 2008-05-15 04:41 d -------- ----- w-c: \ Documents and Settings \ Mouse \ Dati applicazioni \ uTorrent 2009-06-13 16:32. 2008-08-19 04:10 d -------- ----- w-C: \ Program Files \ Common Files \ Apple 2009-05-20 16:16. 2008-05-16 03:36 94643 ---- aw-c: \ windows \ system32 \ drivers \ klick.dat 2009-05-20 16:16. 2008-05-16 03:36 105395 ---- aw-c: \ windows \ system32 \ drivers \ klin.dat 2009-05-17 20:58. 2009-05-17 20:58 d -------- ----- w-C: \ Program Files \ LG Electronics 2009-05-17 20:58. 2008-05-12 09:20 -------- d - h - w-C: \ Program Files \ InstallShield Installation Information 2009-05-17 20:57. 2008-05-12 09:20 d -------- ----- w-C: \ Program Files \ Common Files \ InstallShield 2009-05-07 15:32. 2003-03-31 12:00 345600 ---- aw-c: \ windows \ system32 \ Localspl.dll 2009-04-29 04:46. 2003-03-31 12:00 666624 ---- aw-c: \ windows \ system32 \ wininet.dll 2009-04-29 04:46. 2008-05-16 21:18 81920 ------ w-c: \ windows \ system32 \ ieencode.dll 2009-04-28 10:48. 2008-05-17 00:24 d -------- ----- w-C: \ Program Files \ Java 2009-04-28 10:47. 2009-04-28 10:47 152576 ---- aw-c: \ Documents and Settings \ Mouse \ Dati applicazioni \ domenica \ Java \ jre1.6.0_13 \ lzma.dll 2009-04-26 01:13. 2009-04-26 00:43 d -------- ----- w-c: \ Documents and Settings \ Mouse \ Dati applicazioni \ Move Networks 2009-04-17 12:26. 2003-03-31 12:00 1847168 ---- aw-c: \ windows \ system32 \ win32k.sys 2009-04-15 14:51. 2003-03-31 12:00 585216 ---- aw-c: \ windows \ system32 \ Rpcrt4.dll 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- ar-c: \ Documents and Settings \ Mouse \ Dati applicazioni \ Microsoft \ Installer \ (B5F7ED63-4BE6-E4D5-94F0-F06A2CCC5374) \ MapleStory.exe1_B5F7ED63E4D54BE694F0 F06A2CCC5374.exe 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- ar-c: \ Documents and Settings \ Mouse \ Dati applicazioni \ Microsoft \ Installer \ (B5F7ED63-4BE6-E4D5-94F0-F06A2CCC5374) \ MapleStory.exe_B5F7ED63E4D54BE694F0F 06A2CCC5374_1.exe 2009-04-08 06:13. 2009-04-08 06:13 10134 ---- ar-c: \ Documents and Settings \ Mouse \ Dati applicazioni \ Microsoft \ Installer \ (B5F7ED63-4BE6-E4D5-94F0-F06A2CCC5374) \ ARPPRODUCTICON.exe 2009-04-05 23:39. 2008-05-16 02:24 23032 ---- aw-c: \ Documents and Settings \ Mouse \ Impostazioni locali \ Dati applicazioni \ GDIPFONTCACHEV1.DAT 2009-04-05 23:27. 2009-04-05 23:28 5433520 ---- aw-c: \ windows \ system32 \ SpoonUninstall.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Nota * vuoto voci & legit default voci non vengono visualizzate REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "ctfmon.exe" = "c: \ windows \ system32 \ ctfmon.exe" [2008-04-14 15360] "H / PC Connection Agent" = "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2008-05-03 13529088] "CTDVDDET" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE" [2003-06-18 45056] "RCSystem" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "AudioDrvEmulator" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "VolPanel" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe" [2006-07-28 122880] "NvMediaCenter" = "c: \ windows \ system32 \ NvMcTray. Dll" [2008-05-03 86016] "AVP" = "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" [2009-02-05 201992] "QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2009-05-26 413696] "AppleSyncNotifier" = "C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleSyncNotifier.exe" [2009-05-14 177472] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-06-05 292136] "CTHelper" = "CTHELPER.EXE" - c: \ windows \ system32 \ CtHelper.exe [2008-02-21 19456] "CTxfiHlp" = "CTXFIHLP.EXE" - c: \ windows \ system32 \ Ctxfihlp.exe [2008-02-21 19968] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2009-01-01 77824] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon] 2009-01-01 04:29 356352 ---- aw-C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ SafeBoot \ Minimal \ Wdf01000.sys] @ = "Driver" [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Avvio ^ Programmi ^ ^ avvio Adobe Gamma Loader.lnk] path = C: \ Documents and Settings \ All Users \ Menu Avvio \ Programmi \ Esecuzione automatica \ Adobe Gamma Loader.lnk backup = C: \ Windows \ pss \ Adobe Gamma Loader.lnkCommon avvio [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Avvio ^ Programmi ^ ^ avvio HOTSYNCSHORTCUTNAME.lnk] path = C: \ Documents and Settings \ All Users \ Menu Avvio \ Programmi \ Esecuzione automatica \ HOTSYNCSHORTCUTNAME.lnk backup = C: \ Windows \ pss \ n HOTSYNCSHORTCUTNAME.lnkCommo avvio [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Avvio ^ Programmi ^ ^ avvio Microsoft Office.lnk] path = C: \ Documents and Settings \ All Users \ Menu Avvio \ Programmi \ Esecuzione automatica \ Microsoft Office.lnk backup = C: \ Windows \ pss \ Microsoft Office.lnkCommon avvio [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ servizi] "StyleXPService" = 2 (0x2) "PLFlash DeviceIoControl Service" = 2 (0x2) "NMIndexingService" = 3 (0x3) "Nero BackItUp Scheduler 3" = 2 (0x2) "MDM" = 2 (0x2) "ZuneNetworkSvc" = 3 (0x3) "WMPNetworkSvc" = 3 (0x3) "npkcmsvc" = 2 (0x2) "JavaQuickStarterService" = 2 (0x2) "IDriverT" = 3 (0x3) "iPod Service" = 3 (0x3) "idsvc" = 3 (0x3) "Adobe LM Service" = 3 (0x3) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center] "AntiVirusOverride" = dword: 00000001 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitoring \ KasperskyAntiVirus] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile] "EnableFirewall" = 0 (0x0) [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ system32 \ \ sessmgr.exe" = "c: \ \ Program Files \ \ uTorrent \ \ uTorrent.exe" = "c: \ \ Program Files \ \ Veoh Networks \ Veoh \ \ VeohClient.exe" = "c: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "c: \ \ Program Files \ \ Sierra \ \ FEAR \ \ FEAR.exe" = "c: \ \ Program Files \ \ Xfire \ \ xfire.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx9.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx10.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Launcher.exe" = "c: \ \ Documents and Settings \ \ All Users \ \ Dati applicazioni \ \ Kaspersky Lab Setup Files \ \ Kaspersky Internet Security 2009 \ \ Italian \ \ setup.exe" = "C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync RAPI Manager "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" = C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Connection Manager "C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Application "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "c: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" = "c: \ \ Program Files \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" = "c: \ \ Program Files \ \ AIM6 \ \ aim6.exe" = "c: \ \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" = "c: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List] "6112: TCP" = 6112: TCP: Diablo 2 "26675: TCP" = 26675: TCP: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Service "58398: TCP" = 58398: TCP: Pando Media Booster "58398: UDP" = 58398: UDP: Pando Media Booster R0 klbg; Kaspersky Lab Boot Guard Driver; c: \ windows \ system32 \ drivers \ klbg.sys [1/29/2008 6:29 PM 33808] R1 SASDIFSV; SASDIFSV; C: \ Program Files \ SUPERAntiSpyware \ SASDIFSV.SYS [2/29/2008 4:03 PM 9968] R1 SASKUTIL; SASKUTIL; C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [2/29/2008 4:03 PM 55024] R1 UGURU; UGURU; c: \ windows \ system32 \ drivers \ uGuru.sys [5/12/2008 5:23 AM 14592] R3 KLFLTDEV; Kaspersky Lab KLFltDev; c: \ windows \ system32 \ drivers \ klfltdev.sys [3/13/2008 7:02 PM 26640] R3 klim5; Kaspersky Anti-Virus NDIS Filter; c: \ windows \ system32 \ drivers \ klim5.sys [12/13/2007 1:28 PM 24592] S2 Cubase32; Cubase32; c: \ windows \ system32 \ drivers \ Cuba se32.sys [4/5/2009 7:02 PM 11808] S3 SASENUM; SASENUM; C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [2/16/2006 4:51 PM 4096] --- Altri Servizi / Driver In memoria --- * * NewlyCreated - SASDIFSV . Indice dell ' "Operazioni pianificate' cartella 2009/06/13 c: \ windows \ Tasks \ AppleSoftwareUpdate.job - C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2008-07-30 17:34] 2009/06/24 c: \ windows \ Tasks \ Malwarebytes' Anti-Malware.job - C: \ progra ~ 1 \ MALWAR ~ 1 \ mbam.exe [2008-05-19 00:52] . - - - - ORFANI REMOVED - - - -- SafeBoot-AVG Anti-Spyware Driver SafeBoot-AVG Anti-Spyware Guard . ------- ------- Supplementari Scan . uStart Page = hxxp: / / google.com / IE: Aggiungi ai Blocco Banner - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm IE: E & sporta in Microsoft Excel - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office10 \ EXCEL.EXE/3000 DPF: Microsoft XML Parser per Java - file: / / c: \ windows \ Java \ Classes \ xmldso.cab DPF: (463ED66E-431b-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll FF - ProfilePath -- . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit / stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-24 19:25 5/1/2600 Windows Service Pack 3 NTFS scansione processi nascosti ... scansione entrate autostart nascoste ... scansione di file nascosti ... scansione completata con successo i file nascosti: 0 ************************************************** ************************ . --------------------- --------------------- LOCKED chiavi di registro [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "cd042efbbd7f7af1647644e76e06692b" = hex: 2e, E8, e1, 00, EB, 16,2 b, de, ff, 66,8 f, 81, d1, 34, d2, D9, c8, 28,51, af, b0, 29, a3, 98, A9, C3, a8, 8 bis, 5e, d3, 39,87, e2, 63,26, f1, 3f, C8, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98 A-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "bca643cdc5c2726b20d2ecedcc62c59b" = hex: 71,3 b, 04,66, 8b, 46,0 d, 96, C2, C2, dc, e4, A8, 65,45,2 e, 71,3 b, 04,66,8 b, 46,0 d, 96,21,7 c, aa, e9, a8, 42, 2f, c4, 6, 9 quater, d6, 61, AF, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "2c81e34222e8052573023a60d06dd016" = hex: 25, DA, CE, 7e, 55,20, c9, 26, EB, A7, df, 4d, 25, c2, 62,83,25, DA, CE, 7e, 55,20, c9, 26, a3, F2, 65, ed, 80,3 e, e4, f6, ff, 7c, 85, e0, 43, d4, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CC D-F60F-4708-AD98-D0152D08C8B9) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "2582ae41fb52324423be06337561aa48" = hex: 3e, 1e, 9e, e0, 57,5 a, 93,61, f2, a1, b4, 61,82, bb, ab, d5, 3e, 1e, 9e, e0, 57,5 a, 93,61,6 f, 0e, 5c, AE, CE, 4f, e7, 8d, 86,8 c, 21,01, da, 91, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F 9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "caaeda5fd7a9ed7697d9686d4b818472" = hex: cd, 44, cd, b9, A6, 33,6 c, cd, 91, d7, 7a, 29,97, C7, 40,4 b, cd, 44, cd, b9, A6, 33,6 c, cd, 49,19,95,11,6 f, ac, 43,68, f5, 1d, 4d, 73, a8, 13, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E 8-7A56-4fb1-843B-3E52D94DB145) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "a4a1bcf2cc2b8bc3716b74b2b4522f5d" = hex: df, 20,58,62, 78,6 b, cf, c8, 7e, 4a, d5, 24,8 d, 3 bis, 49, c4, b0, 18, ed, A7, 3f, 8d, 37, A4, 29, b5, 53,9 a, d3, 4a, 02,51, df, 20,58,62,78,6 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "4d370831d2c43cd13623e232fed27b7b" = hex: 31,77, e1, ba, b1, f8, 68,02,09, d4, 0b, f3, 53, bc, 62,26,31,77, e1, ba, b1, f8, 68,02,77, c3, de, c6, 98,79, 54,2 c, fb, A7, 78, e6, 12,2 f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654C A-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "1d68fe701cdea33e477eb204b76f993d" = hex: 01,3 a, 48, fc, E8, 04,4 uno, f1, df, 00, d5, 43, ff, f8, 0f, f3, 83,6 c, 56,8 b, a0, 85,96, AB, d5, 19,39,90, DA, 30, 2a, 05,01,3 a, 48, fc, E8, 04, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "1fac81b91d8e3c5aa4b0a51804d844a3" = hex: f6, 0f, 4e, 58, 98,5 b, 89, c9, 6 bis, bis, f8, c4, 82, 1 bis, 7f, d8, 51, FA, 6e, 91,28,9 e, 14, cc, 82, ac, 7a, 83, EB, 90, 81, c6, f6, 0f, 4e, 58,98,5 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE 5-B0E2-4288-8073-C02FF9619B6F) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "f5f62a6129303efb32fbe080bb27835b" = hex: 3d, ce, e bis, 26, 2d, 45, aa, 78,0 b, ba, 41,78,8 a, c9, 90,04, b1, cd, 45,5 a, a8, c4, f8, b9, 6b, c6, a2, 44,8 d, 59, A6, f5, 3d, ce, e bis, 26,2 d, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "fd4e2e1a3940b94dceb5a6a021f2e3c6" = hex: 2a, b7, cc, b5, b9, 7f, 41, e7, 5d, 45,06,19,5 e, 30,20, e6, e3, 0e, 66, d5, ter, quater, 2f, 6b, e1, 69,31, AC, dd, ba, 7f, 02,2 a, b7, cc, b5, b9, 7f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "8a8aec57dd6508a385616fbc86791ec2" = hex: f bis, bis, 66,7 f, d4, 3b, 6b, 70, a5, 97,0 a, 6e, 8 bis, cf, 52,73, FA, EA, 66,7 f, d4, 3b, 6b, 70,30,24, e bis, 79, A1, 7b, 08,64,6 c, 43,2 d, 1e, AA, 22, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Installer \ UserData \ LocalSystem \ Componen ts \-h € | YYYY ¤ • € | ù • A ~ *] "AB141C35E9F4BF344B9FC010BB17F68A" = "" . --------------------- DLLs Loaded Sotto i processi in esecuzione --------------------- - - - - - - -> 'Winlogon.exe' (1028) C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL c: \ windows \ system32 \ klogon.dll - - - - - - -> 'Explorer.exe' (3748) c: \ windows \ system32 \ WPDShServiceObj.dll c: \ windows \ system32 \ PortableDeviceTypes.dll c: \ windows \ system32 \ PortableDeviceApi.dll . ------------------------ Altri processi in esecuzione ----------------------- -- . C: \ Program Files \ Creative \ Shared Files \ CTAudSvc.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Bonjour \ mDNSResponder.exe c: \ windows \ system32 \ nvsvc32.exe c: \ windows \ system32 \ PnkBstrA.exe c: \ windows \ system32 \ rundll32.exe c: \ progra ~ 1 \ micros ~ 4 \ rapimgr.exe C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Entertainment Center \ EAXLoadr.exe C: \ Program Files \ iPod \ bin \ iPodService.exe c: \ windows \ system32 \ wscntfy.exe c: \ windows \ system32 \ CTxfispi.exe . ************************************************** ************************ . Completamento orario: 2009-06-24 19:29 - macchina è stato riavviato ComboFix-quarantena-files.txt 2009-06-24 23:29 ComboFix2.txt 2008-05-20 17:05 Pre-Run: 65511231488 bytes libero Post-Run: 67799437312 bytes libero WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe [boot loader] timeout = 2 default = multi (0) disk (0) rdisk (1) partition (1) \ WINDOW S [operating systems] c: \ cmdcons \ BOOTSECT.DAT = "Microsoft Windows Recovery Console" / cmdcons multi (0) disk (0) rdisk (1) partition (1) \ WINDOWS = "Micro soft Windows XP Professional" / noexecute = OptIn / fastdetect multi (0) disk (0) rdisk (0) partition (1) \ WINDOWS = "Micro soft Windows XP Professional" / fastdetect / noexecute = OptIn Corrente di default = 3 = 3 = 1 Impossibile LastKnownGood Imposta = 4 = 1,2,3,4 335 --- EOF --- 2009-06-11 03:03 |
|
#7
25. Giugno 2009, 09:58
| |||
| |||
| Infetti da malware MultiPacked.Multi.Generic! Elimina i file / cartelle, come segue: 1. Vai a Inizio > Correre > Tipo Notepad.exe e fare clic su OK per aprire il Blocco note. Esso dovere essere il Blocco note, non Wordpad. 2. Copia il testo nella casella qui sotto il codice evidenziando tutto il testo e premendo Ctrl + C Codice: Killall:: RegLock:: [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98 A-A94F-4a5c-A67C - D8D3582C741C) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CC D-F60F-4708-AD98 - D0152D08C8B9) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F 9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E 8-7A56-4fb1-843B - 3E52D94DB145) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654C A-EB84-4df9-915B - 37E957082D6D) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE 5-B0E2-4288-8073 - C02FF9619B6F) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D - 1411304BCD84) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Installer \ UserData \ LocalSystem \ Componen ts \-h € | YYYY ¤ • € | ù • A ~ *] 4. Quindi, fare clic su File > Salvare 5. Nome del file CFScript.txt - Salva il file sul tuo desktop 6. Quindi, trascinare il CFScript (tenere premuto il tasto sinistro del mouse mentre si trascina il file) e rilasciarlo (rilasciare il tasto sinistro del mouse) in ComboFix.exe come potete vedere nella schermata qui sotto. Importante: Eseguire questa attentamente le istruzioni! ComboFix inizierà a eseguire, basta seguire le istruzioni. Dopo il reboot (nel caso in cui si chiede di riavviare), che produrrà un log per voi. Post che log (Combofix.txt) nella prossima risposta. Nota: Non clic ComboFix della finestra, mentre è in esecuzione. Questo può causare il sistema per congelare ---------- Inoltre vorrei sapere come il computer è ora in esecuzione. .
__________________ |
|
#8
25. Giugno 2009, 16:17
| |||
| |||
| Infetti da malware MultiPacked.Multi.Generic! ComboFix 09-06-23.01 - Mouse 06/25/2009 19:04.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1597 [GMT -4:00] Running da: c: \ Documents and Settings \ Mouse \ Desktop \ ComboFix.exe Interruttori di comando utilizzati:: C: \ Documents and settings \ Mouse \ Desktop \ CFScript.txt AV: Kaspersky Internet Security * scansione on-access per disabili * (Aggiornato) (2C4D4BC6-0793-4956-A9F9-E252435469C0) FW: Kaspersky Internet Security disabili * * (2C4D4BC6-0793-4956-A9F9-E252435469C0) . Altri ((((((((((((((((((((((((((((((((((((((( Deletions ))))))))) )))))))))))))))))))))))))))))))))))))))) . c: \ windows \ system32 \ drivers \ kl1.sys . ((((((((((((((((((((((((( I file creati dal 2009/05/25 al 2009/06/25 ))))))))))) )))))))))))))))))))) . 2009-06-24 23:28. 2009-06-24 23:28 -------- dc ---- w-c: \ windows \ system32 \ dllcache \ cache 2009-06-23 18:47. 2009-06-24 16:37 117760 ---- aw-c: \ Documents and Settings \ Mouse \ Dati applicazioni \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009-06-17 17:58. 2009-06-17 18:10 d -------- ----- w-C: \ Program Files \ LSoft Tecnologie 2009-06-13 16:32. 2009-06-13 16:32 d -------- ----- w-C: \ Program Files \ iPod 2009-06-13 16:32. 2009-06-13 16:32 d -------- ----- w-C: \ Program Files \ iTunes 2009-06-13 16:28. 2009-06-13 16:29 d -------- ----- w-C: \ Program Files \ QuickTime 2009-06-13 16:23. 2009-06-13 16:23 75048 ---- aw-c: \ Documents and Settings \ All Users \ Dati applicazioni \ Apple Computer \ Installer Cache \ iTunes 8.2.0.23 \ SetupAdmin.exe 2009-06-10 23:14. 2001-08-18 02:36 462848-c - aw-c: \ windows \ system32 \ dllcache \ a3dapi.dll 2009-06-10 23:14. 2001-08-18 02:36 462848 ---- aw-c: \ windows \ system32 \ a3dapi.dll 2009-06-10 23:13. 2009-06-11 07:20 d -------- ----- w-C: \ Descent3 2009-06-10 23:13. 2009-06-10 23:13 d -------- ----- w-C: \ Giochi 2009-06-10 20:13. 2009-05-07 15:32 345600-c ---- w-c: \ windows \ system32 \ dllcache \ Localspl.dll 2009-06-10 20:13. 2009-04-15 14:51 585216-c ---- w-c: \ windows \ system32 \ dllcache \ Rpcrt4.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Relazione )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009-06-25 23:11. 2008-05-16 03:35 d -------- ----- w-c: \ Documents and Settings \ All Users \ Dati applicazioni \ Kaspersky Lab 2009-06-25 23:09. 2008-05-16 03:35 761888 - sha-w-c: \ windows \ system32 \ drivers \ fidbox2.dat 2009-06-25 23:09. 2008-05-16 03:35 64388 - sha-w-c: \ windows \ system32 \ drivers \ fidbox.idx 2009-06-25 23:09. 2008-05-16 03:35 4571424 - sha-w-c: \ windows \ system32 \ drivers \ fidbox.dat 2009-06-25 23:09. 2008-05-16 03:35 29696 - sha-w-c: \ windows \ system32 \ drivers \ fidbox2.idx 2009-06-24 23:59. 2008-01-29 22:29 33808 ---- aw-c: \ windows \ system32 \ drivers \ klbg.sys 2009-06-24 23:59. 2009-02-05 00:58 33808 ---- aw-c: \ Documents and Settings \ All Users \ Dati applicazioni \ Kaspersky Lab \ AVP8 \ Dati \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ klbg.sys 2009-06-24 23:59. 2008-05-16 03:36 94643 ---- aw-c: \ windows \ system32 \ drivers \ klick.dat 2009-06-24 23:59. 2008-05-16 03:36 105395 ---- aw-c: \ windows \ system32 \ drivers \ klin.dat 2009-06-24 23:59. 2008-07-17 23:08 213520 ---- aw-c: \ Documents and Settings \ All Users \ Dati applicazioni \ Kaspersky Lab \ AVP8 \ Dati \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ XP \ klif.sys 2009-06-24 23:59. 2008-07-17 23:08 861448 ---- aw-c: \ Documents and Settings \ All Users \ Dati applicazioni \ Kaspersky Lab \ AVP8 \ Dati \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ updater.dll 2009-06-24 21:09. 2008-05-17 00:25 d -------- ----- w-c: \ Documents and Settings \ Mouse \ Dati applicazioni \ LimeWire 2009-06-24 16:37. 2008-05-19 02:02 d -------- ----- w-C: \ Program Files \ SUPERAntiSpyware 2009-06-23 19:00. 2008-10-16 02:40 d -------- ----- w-C: \ Program Files \ Pando Networks 2009-06-23 18:59. 2008-11-29 18:36 d -------- ----- w-C: \ Program Files \ palmOne 2009-06-21 23:00. 2009-02-09 03:50 138184 ---- aw-c: \ windows \ system32 \ drivers \ PnkBstrK.sys 2009-06-21 23:00. 2009-02-09 03:50 183112 ---- aw-c: \ windows \ system32 \ PnkBstrB.exe 2009-06-18 22:35. 2008-06-17 15:40 d -------- ----- w-C: \ Program Files \ Diablo II 2009-06-18 22:31. 2008-06-02 00:09 -------- d --- aw-c: \ Documents and Settings \ All Users \ Dati applicazioni \ TEMP 2009-06-17 22:51. 2008-05-15 04:41 d -------- ----- w-c: \ Documents and Settings \ Mouse \ Dati applicazioni \ uTorrent 2009-06-13 16:32. 2008-08-19 04:10 d -------- ----- w-C: \ Program Files \ Common Files \ Apple 2009-05-17 20:58. 2009-05-17 20:58 d -------- ----- w-C: \ Program Files \ LG Electronics 2009-05-17 20:58. 2008-05-12 09:20 -------- d - h - w-C: \ Program Files \ InstallShield Installation Information 2009-05-17 20:57. 2008-05-12 09:20 d -------- ----- w-C: \ Program Files \ Common Files \ InstallShield 2009-05-07 15:32. 2003-03-31 12:00 345600 ---- aw-c: \ windows \ system32 \ Localspl.dll 2009-04-29 04:46. 2003-03-31 12:00 666624 ---- aw-c: \ windows \ system32 \ wininet.dll 2009-04-29 04:46. 2008-05-16 21:18 81920 ------ w-c: \ windows \ system32 \ ieencode.dll 2009-04-28 10:48. 2008-05-17 00:24 d -------- ----- w-C: \ Program Files \ Java 2009-04-28 10:47. 2009-04-28 10:47 152576 ---- aw-c: \ Documents and Settings \ Mouse \ Dati applicazioni \ domenica \ Java \ jre1.6.0_13 \ lzma.dll 2009-04-17 12:26. 2003-03-31 12:00 1847168 ---- aw-c: \ windows \ system32 \ win32k.sys 2009-04-15 14:51. 2003-03-31 12:00 585216 ---- aw-c: \ windows \ system32 \ Rpcrt4.dll 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- ar-c: \ Documents and Settings \ Mouse \ Dati applicazioni \ Microsoft \ Installer \ (B5F7ED63-4BE6-E4D5-94F0-F06A2CCC5374) \ MapleStory.exe1_B5F7ED63E4D54BE694F0 F06A2CCC5374.exe 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- ar-c: \ Documents and Settings \ Mouse \ Dati applicazioni \ Microsoft \ Installer \ (B5F7ED63-4BE6-E4D5-94F0-F06A2CCC5374) \ MapleStory.exe_B5F7ED63E4D54BE694F0F 06A2CCC5374_1.exe 2009-04-08 06:13. 2009-04-08 06:13 10134 ---- ar-c: \ Documents and Settings \ Mouse \ Dati applicazioni \ Microsoft \ Installer \ (B5F7ED63-4BE6-E4D5-94F0-F06A2CCC5374) \ ARPPRODUCTICON.exe 2009-04-05 23:39. 2008-05-16 02:24 23032 ---- aw-c: \ Documents and Settings \ Mouse \ Impostazioni locali \ Dati applicazioni \ GDIPFONTCACHEV1.DAT 2009-04-05 23:27. 2009-04-05 23:28 5433520 ---- aw-c: \ windows \ system32 \ SpoonUninstall.exe . ((((((((((((((((((((((((((((( SnapShot@2009-06-24_23.25.37 )))))))))))) ))))))))))))))))))))))))))))) . + 2008-03-26 00:07. 2008-03-26 00:07 24592 c: \ windows \ system32 \ drivers \ klim5.sys - 2007-12-13 17:28. 2008-03-26 00:07 24592 c: \ windows \ system32 \ drivers \ klim5.sys + 2009-06-24 23:28. 2008-10-16 19:09 51224 c: \ windows \ system32 \ dllcache \ cache \ Wuauclt.exe + 2009-06-24 23:28. 2008-04-14 00:12 82432 c: \ windows \ system32 \ dllcache \ cache \ ws2_32.dll + 2009-06-24 23:28. 2008-04-14 00:12 26112 c: \ windows \ system32 \ dllcache \ cache \ userinit.exe + 2009-06-24 23:28. 2008-04-14 00:12 14336 c: \ windows \ system32 \ dllcache \ cache \ svchost.exe + 2009-06-24 23:28. 2008-04-14 00:12 57856 c: \ windows \ system32 \ dllcache \ cache \ spoolsv.exe + 2009-06-24 23:28. 2008-04-14 00:12 17408 c: \ windows \ system32 \ dllcache \ cache \ powrprof.dll + 2009-06-24 23:28. 2008-04-14 00:12 13312 c: \ windows \ system32 \ dllcache \ cache \ lsass.exe + 2009-06-24 23:28. 2008-04-13 18:39 24576 c: \ windows \ system32 \ dllcache \ cache \ Kbdclass.sys + 2009-06-24 23:28. 2008-04-13 18:53 36608 c: \ windows \ system32 \ dllcache \ cache \ ip6fw.sys + 2009-06-24 23:28. 2008-04-14 00:12 15360 c: \ windows \ system32 \ dllcache \ cache \ ctfmon.exe - 2008-04-18 17:53. 2009-02-05 00:58 213520 c: \ windows \ system32 \ drivers \ klif.sys + 2008-04-18 17:53. 2009-06-24 23:59 213520 c: \ windows \ system32 \ drivers \ klif.sys + 2009-06-24 23:28. 2008-04-14 00:12 507904 c: \ windows \ system32 \ dllcache \ cache \ winlogon.exe + 2009-06-24 23:28. 2009-04-29 04:46 666624 c: \ windows \ system32 \ dllcache \ cache \ wininet.dll + 2009-06-24 23:28. 2008-04-14 00:12 578560 c: \ windows \ system32 \ dllcache \ cache \ user32.dll + 2009-06-24 23:28. 2008-04-14 00:12 295424 c: \ windows \ system32 \ dllcache \ cache \ Termsrv.dll + 2009-06-24 23:28. 2008-06-20 11:51 361600 c: \ windows \ system32 \ dllcache \ cache \ tcpip.sys + 2009-06-24 23:28. 2009-02-06 11:11 110592 c: \ windows \ system32 \ dllcache \ cache \ services.exe + 2009-06-24 23:28. 2008-04-13 19:20 182656 c: \ windows \ system32 \ dllcache \ cache \ ndis.sys + 2009-06-24 23:28. 2009-03-21 14:06 989696 c: \ windows \ system32 \ dllcache \ cache \ kernel32.dll + 2009-06-24 23:28. 2008-04-14 00:11 110080 c: \ windows \ system32 \ dllcache \ cache \ imm32.dll + 2009-06-24 23:28. 2008-04-14 00:11 167936 c: \ windows \ system32 \ dllcache \ cache \ appmgmts.dll + 2009-06-24 23:28. 2008-04-14 00:12 1614848 C: \ Windows \ system32 \ dllcache \ cache \ sfcfiles.dll + 2009-06-24 23:28. 2009-02-06 11:06 2145280 C: \ Windows \ system32 \ dllcache \ cache \ ntoskrnl.exe + 2009-06-24 23:28. 2009-02-06 10:32 2023936 C: \ Windows \ system32 \ dllcache \ cache \ ntkrnlpa.exe + 2009-06-24 23:28. 2008-04-14 00:12 1033728 C: \ Windows \ system32 \ dllcache \ cache \ explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Nota * vuoto voci & legit default voci non vengono visualizzate REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "ctfmon.exe" = "c: \ windows \ system32 \ ctfmon.exe" [2008-04-14 15360] "H / PC Connection Agent" = "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2008-05-03 13529088] "CTDVDDET" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE" [2003-06-18 45056] "RCSystem" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "AudioDrvEmulator" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "VolPanel" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe" [2006-07-28 122880] "NvMediaCenter" = "c: \ windows \ system32 \ NvMcTray. Dll" [2008-05-03 86016] "AVP" = "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" [2009-02-05 201992] "QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2009-05-26 413696] "AppleSyncNotifier" = "C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleSyncNotifier.exe" [2009-05-14 177472] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-06-05 292136] "CTHelper" = "CTHELPER.EXE" - c: \ windows \ system32 \ CtHelper.exe [2008-02-21 19456] "CTxfiHlp" = "CTXFIHLP.EXE" - c: \ windows \ system32 \ Ctxfihlp.exe [2008-02-21 19968] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2009-01-01 77824] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon] 2009-01-01 04:29 356352 ---- aw-C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ SafeBoot \ Minimal \ Wdf01000.sys] @ = "Driver" [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Avvio ^ Programmi ^ ^ avvio Adobe Gamma Loader.lnk] path = C: \ Documents and Settings \ All Users \ Menu Avvio \ Programmi \ Esecuzione automatica \ Adobe Gamma Loader.lnk backup = C: \ Windows \ pss \ Adobe Gamma Loader.lnkCommon avvio [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Avvio ^ Programmi ^ ^ avvio HOTSYNCSHORTCUTNAME.lnk] path = C: \ Documents and Settings \ All Users \ Menu Avvio \ Programmi \ Esecuzione automatica \ HOTSYNCSHORTCUTNAME.lnk backup = C: \ Windows \ pss \ n HOTSYNCSHORTCUTNAME.lnkCommo avvio [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Avvio ^ Programmi ^ ^ avvio Microsoft Office.lnk] path = C: \ Documents and Settings \ All Users \ Menu Avvio \ Programmi \ Esecuzione automatica \ Microsoft Office.lnk backup = C: \ Windows \ pss \ Microsoft Office.lnkCommon avvio [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ servizi] "StyleXPService" = 2 (0x2) "PLFlash DeviceIoControl Service" = 2 (0x2) "NMIndexingService" = 3 (0x3) "Nero BackItUp Scheduler 3" = 2 (0x2) "MDM" = 2 (0x2) "ZuneNetworkSvc" = 3 (0x3) "WMPNetworkSvc" = 3 (0x3) "npkcmsvc" = 2 (0x2) "JavaQuickStarterService" = 2 (0x2) "IDriverT" = 3 (0x3) "iPod Service" = 3 (0x3) "idsvc" = 3 (0x3) "Adobe LM Service" = 3 (0x3) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center] "AntiVirusOverride" = dword: 00000001 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitoring \ KasperskyAntiVirus] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile] "EnableFirewall" = 0 (0x0) [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ system32 \ \ sessmgr.exe" = "c: \ \ Program Files \ \ uTorrent \ \ uTorrent.exe" = "c: \ \ Program Files \ \ Veoh Networks \ Veoh \ \ VeohClient.exe" = "c: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "c: \ \ Program Files \ \ Sierra \ \ FEAR \ \ FEAR.exe" = "c: \ \ Program Files \ \ Xfire \ \ xfire.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx9.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx10.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Launcher.exe" = "c: \ \ Documents and Settings \ \ All Users \ \ Dati applicazioni \ \ Kaspersky Lab Setup Files \ \ Kaspersky Internet Security 2009 \ \ Italian \ \ setup.exe" = "C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync RAPI Manager "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" = C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Connection Manager "C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Application "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "c: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" = "c: \ \ Program Files \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" = "c: \ \ Program Files \ \ AIM6 \ \ aim6.exe" = "c: \ \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" = "c: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List] "6112: TCP" = 6112: TCP: Diablo 2 "26675: TCP" = 26675: TCP: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Service "58398: TCP" = 58398: TCP: Pando Media Booster "58398: UDP" = 58398: UDP: Pando Media Booster R0 klbg; Kaspersky Lab Boot Guard Driver; c: \ windows \ system32 \ drivers \ klbg.sys [1/29/2008 6:29 PM 33808] R1 SASDIFSV; SASDIFSV; C: \ Program Files \ SUPERAntiSpyware \ SASDIFSV.SYS [2/29/2008 4:03 PM 9968] R1 SASKUTIL; SASKUTIL; C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [2/29/2008 4:03 PM 55024] R1 UGURU; UGURU; c: \ windows \ system32 \ drivers \ uGuru.sys [5/12/2008 5:23 AM 14592] R3 KLFLTDEV; Kaspersky Lab KLFltDev; c: \ windows \ system32 \ drivers \ klfltdev.sys [3/13/2008 7:02 PM 26640] R3 klim5; Kaspersky Anti-Virus NDIS Filter; c: \ windows \ system32 \ drivers \ klim5.sys [3/25/2008 8:07 PM 24592] S2 Cubase32; Cubase32; c: \ windows \ system32 \ drivers \ Cuba se32.sys [4/5/2009 7:02 PM 11808] S3 SASENUM; SASENUM; C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [2/16/2006 4:51 PM 4096] . Indice dell ' "Operazioni pianificate' cartella 2009/06/13 c: \ windows \ Tasks \ AppleSoftwareUpdate.job - C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2008-07-30 17:34] 2009/06/25 c: \ windows \ Tasks \ Malwarebytes' Anti-Malware.job - C: \ progra ~ 1 \ MALWAR ~ 1 \ mbam.exe [2008-05-19 00:52] . . ------- ------- Supplementari Scan . uStart Page = hxxp: / / google.com / IE: Aggiungi ai Blocco Banner - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm IE: E & sporta in Microsoft Excel - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office10 \ EXCEL.EXE/3000 DPF: Microsoft XML Parser per Java - file: / / c: \ windows \ Java \ Classes \ xmldso.cab DPF: (463ED66E-431b-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll FF - ProfilePath -- . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit / stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-25 19:11 5/1/2600 Windows Service Pack 3 NTFS scansione processi nascosti ... scansione entrate autostart nascoste ... scansione di file nascosti ... scansione completata con successo i file nascosti: 0 ************************************************** ************************ . --------------------- --------------------- LOCKED chiavi di registro [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "cd042efbbd7f7af1647644e76e06692b" = hex: 2e, E8, e1, 00, EB, 16,2 b, de, ff, 66,8 f, 81, d1, 34, d2, D9, c8, 28,51, af, b0, 29, a3, 98, A9, C3, a8, 8 bis, 5e, d3, 39,87, e2, 63,26, f1, 3f, C8, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98 A-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "bca643cdc5c2726b20d2ecedcc62c59b" = hex: 71,3 b, 04,66, 8b, 46,0 d, 96, C2, C2, dc, e4, A8, 65,45,2 e, 71,3 b, 04,66,8 b, 46,0 d, 96,21,7 c, aa, e9, a8, 42, 2f, c4, 6, 9 quater, d6, 61, AF, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "2c81e34222e8052573023a60d06dd016" = hex: 25, DA, CE, 7e, 55,20, c9, 26, EB, A7, df, 4d, 25, c2, 62,83,25, DA, CE, 7e, 55,20, c9, 26, a3, F2, 65, ed, 80,3 e, e4, f6, ff, 7c, 85, e0, 43, d4, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CC D-F60F-4708-AD98-D0152D08C8B9) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "2582ae41fb52324423be06337561aa48" = hex: 3e, 1e, 9e, e0, 57,5 a, 93,61, f2, a1, b4, 61,82, bb, ab, d5, 3e, 1e, 9e, e0, 57,5 a, 93,61,6 f, 0e, 5c, AE, CE, 4f, e7, 8d, 86,8 c, 21,01, da, 91, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F 9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "caaeda5fd7a9ed7697d9686d4b818472" = hex: cd, 44, cd, b9, A6, 33,6 c, cd, 91, d7, 7a, 29,97, C7, 40,4 b, cd, 44, cd, b9, A6, 33,6 c, cd, 49,19,95,11,6 f, ac, 43,68, f5, 1d, 4d, 73, a8, 13, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E 8-7A56-4fb1-843B-3E52D94DB145) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "a4a1bcf2cc2b8bc3716b74b2b4522f5d" = hex: df, 20,58,62, 78,6 b, cf, c8, 7e, 4a, d5, 24,8 d, 3 bis, 49, c4, b0, 18, ed, A7, 3f, 8d, 37, A4, 29, b5, 53,9 a, d3, 4a, 02,51, df, 20,58,62,78,6 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "4d370831d2c43cd13623e232fed27b7b" = hex: 31,77, e1, ba, b1, f8, 68,02,09, d4, 0b, f3, 53, bc, 62,26,31,77, e1, ba, b1, f8, 68,02,77, c3, de, c6, 98,79, 54,2 c, fb, A7, 78, e6, 12,2 f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654C A-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "1d68fe701cdea33e477eb204b76f993d" = hex: 01,3 a, 48, fc, E8, 04,4 uno, f1, df, 00, d5, 43, ff, f8, 0f, f3, 83,6 c, 56,8 b, a0, 85,96, AB, d5, 19,39,90, DA, 30, 2a, 05,01,3 a, 48, fc, E8, 04, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "1fac81b91d8e3c5aa4b0a51804d844a3" = hex: f6, 0f, 4e, 58, 98,5 b, 89, c9, 6 bis, bis, f8, c4, 82, 1 bis, 7f, d8, 51, FA, 6e, 91,28,9 e, 14, cc, 82, ac, 7a, 83, EB, 90, 81, c6, f6, 0f, 4e, 58,98,5 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE 5-B0E2-4288-8073-C02FF9619B6F) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "f5f62a6129303efb32fbe080bb27835b" = hex: 3d, ce, e bis, 26, 2d, 45, aa, 78,0 b, ba, 41,78,8 a, c9, 90,04, b1, cd, 45,5 a, a8, c4, f8, b9, 6b, c6, a2, 44,8 d, 59, A6, f5, 3d, ce, e bis, 26,2 d, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "fd4e2e1a3940b94dceb5a6a021f2e3c6" = hex: 2a, b7, cc, b5, b9, 7f, 41, e7, 5d, 45,06,19,5 e, 30,20, e6, e3, 0e, 66, d5, ter, quater, 2f, 6b, e1, 69,31, AC, dd, ba, 7f, 02,2 a, b7, cc, b5, b9, 7f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "8a8aec57dd6508a385616fbc86791ec2" = hex: f bis, bis, 66,7 f, d4, 3b, 6b, 70, a5, 97,0 a, 6e, 8 bis, cf, 52,73, FA, EA, 66,7 f, d4, 3b, 6b, 70,30,24, e bis, 79, A1, 7b, 08,64,6 c, 43,2 d, 1e, AA, 22, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Installer \ UserData \ LocalSystem \ Componen ts \-h € | YYYY ¤ • € | ù • A ~ *] "AB141C35E9F4BF344B9FC010BB17F68A" = "" . --------------------- DLLs Loaded Sotto i processi in esecuzione --------------------- - - - - - - -> 'Winlogon.exe' (1028) C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL c: \ windows \ system32 \ klogon.dll - - - - - - -> 'Explorer.exe' (212) c: \ windows \ system32 \ WPDShServiceObj.dll c: \ windows \ system32 \ PortableDeviceTypes.dll c: \ windows \ system32 \ PortableDeviceApi.dll . ------------------------ Altri processi in esecuzione ----------------------- -- . C: \ Program Files \ Creative \ Shared Files \ CTAudSvc.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Bonjour \ mDNSResponder.exe c: \ windows \ system32 \ nvsvc32.exe c: \ windows \ system32 \ PnkBstrA.exe c: \ windows \ system32 \ rundll32.exe C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Entertainment Center \ EAXLoadr.exe c: \ progra ~ 1 \ micros ~ 4 \ rapimgr.exe C: \ Program Files \ iPod \ bin \ iPodService.exe c: \ windows \ system32 \ CTxfispi.exe c: \ windows \ system32 \ wscntfy.exe . ************************************************** ************************ . Completamento orario: 2009-06-25 19:14 - macchina è stato riavviato ComboFix-quarantena-files.txt 2009-06-25 23:14 ComboFix2.txt 2009-06-24 23:29 ComboFix3.txt 2008-05-20 17:05 Pre-Run: 67819319296 bytes libero Post-Run: 67883995136 bytes libero Corrente di default = 3 = 3 = 1 Impossibile LastKnownGood Imposta = 4 = 1,2,3,4 310 --- EOF --- 2009-06-11 03:03 |
|
#9
25. Giugno 2009, 18:13
| |||
| |||
| Infetti da malware MultiPacked.Multi.Generic! Scusa ho trascurato qualcosa. Elimina i file / cartelle, come segue: 1. Vai a Inizio > Correre > Tipo Notepad.exe e fare clic su OK per aprire il Blocco note. Esso dovere essere il Blocco note, non Wordpad. 2. Copia il testo nella casella qui sotto il codice evidenziando tutto il testo e premendo Ctrl + C Codice: Killall:: RegLock:: [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98A-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373FB-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CCD-F60F-4708-AD98-D0152D08C8B9) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E8-7A56-4fb1-843B-3E52D94DB145) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654CA-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE5-B0E2-4288-8073-C02FF9619B6F) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (F8F02ADD-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Installer \ UserData \ LocalSystem \ Components \-h € | YYYY ¤ • € | ù • A ~ *] 4. Quindi, fare clic su File > Salvare 5. Nome del file CFScript.txt - Salva il file sul tuo desktop 6. Quindi, trascinare il CFScript (tenere premuto il tasto sinistro del mouse mentre si trascina il file) e rilasciarlo (rilasciare il tasto sinistro del mouse) in ComboFix.exe come potete vedere nella schermata qui sotto. Importante: Eseguire questa attentamente le istruzioni! ComboFix inizierà a eseguire, basta seguire le istruzioni. Dopo il reboot (nel caso in cui si chiede di riavviare), che produrrà un log per voi. Post che log (Combofix.txt) nella prossima risposta. Nota: Non clic ComboFix della finestra, mentre è in esecuzione. Questo può causare il sistema per congelare ---------- Inoltre vorrei sapere come il computer è ora in esecuzione. .
__________________ |
|
#10
26. Giugno 2009, 00:59
| |||
| |||
| Infetti da malware MultiPacked.Multi.Generic! ComboFix 09-06-23.01 - Mouse 06/26/2009 3:47.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1564 [GMT -4:00] Running da: c: \ Documents and Settings \ Mouse \ Desktop \ ComboFix.exe Interruttori di comando utilizzati:: C: \ Documents and settings \ Mouse \ Desktop \ CFScript.txt AV: Kaspersky Internet Security * scansione on-access per disabili * (Aggiornato) (2C4D4BC6-0793-4956-A9F9-E252435469C0) FW: Kaspersky Internet Security disabili * * (2C4D4BC6-0793-4956-A9F9-E252435469C0) . Altri ((((((((((((((((((((((((((((((((((((((( Deletions ))))))))) )))))))))))))))))))))))))))))))))))))))) . c: \ windows \ system32 \ drivers \ kl1.sys . ((((((((((((((((((((((((( I file creati dal 2009/05/26 al 2009/06/26 ))))))))))) )))))))))))))))))))) . 2009-06-24 23:28. 2009-06-24 23:28 -------- dc ---- w-c: \ windows \ system32 \ dllcache \ cache 2009-06-23 18:47. 2009-06-24 16:37 117760 ---- aw-c: \ Documents and Settings \ Mouse \ Dati applicazioni \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009-06-17 17:58. 2009-06-17 18:10 d -------- ----- w-C: \ Program Files \ LSoft Tecnologie 2009-06-13 16:32. 2009-06-13 16:32 d -------- ----- w-C: \ Program Files \ iPod 2009-06-13 16:32. 2009-06-13 16:32 d -------- ----- w-C: \ Program Files \ iTunes 2009-06-13 16:28. 2009-06-13 16:29 d -------- ----- w-C: \ Program Files \ QuickTime 2009-06-13 16:23. 2009-06-13 16:23 75048 ---- aw-c: \ Documents and Settings \ All Users \ Dati applicazioni \ Apple Computer \ Installer Cache \ iTunes 8.2.0.23 \ SetupAdmin.exe 2009-06-10 23:14. 2001-08-18 02:36 462848-c - aw-c: \ windows \ system32 \ dllcache \ a3dapi.dll 2009-06-10 23:14. 2001-08-18 02:36 462848 ---- aw-c: \ windows \ system32 \ a3dapi.dll 2009-06-10 23:13. 2009-06-11 07:20 d -------- ----- w-C: \ Descent3 2009-06-10 23:13. 2009-06-10 23:13 d -------- ----- w-C: \ Giochi 2009-06-10 20:13. 2009-05-07 15:32 345600-c ---- w-c: \ windows \ system32 \ dllcache \ Localspl.dll 2009-06-10 20:13. 2009-04-15 14:51 585216-c ---- w-c: \ windows \ system32 \ dllcache \ Rpcrt4.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Relazione )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009-06-26 07:54. 2008-05-16 03:35 d -------- ----- w-c: \ Documents and Settings \ All Users \ Dati applicazioni \ Kaspersky Lab 2009-06-26 07:52. 2008-05-16 03:35 761888 - sha-w-c: \ windows \ system32 \ drivers \ fidbox2.dat 2009-06-26 07:52. 2008-05-16 03:35 64388 - sha-w-c: \ windows \ system32 \ drivers \ fidbox.idx 2009-06-26 07:52. 2008-05-16 03:35 4571424 - sha-w-c: \ windows \ system32 \ drivers \ fidbox.dat 2009-06-26 07:52. 2008-05-16 03:35 29696 - sha-w-c: \ windows \ system32 \ drivers \ fidbox2.idx 2009-06-25 23:24. 2008-01-29 22:29 33808 ---- aw-c: \ windows \ system32 \ drivers \ klbg.sys 2009-06-25 23:24. 2008-05-16 03:36 94643 ---- aw-c: \ windows \ system32 \ drivers \ klick.dat 2009-06-25 23:24. 2008-05-16 03:36 105395 ---- aw-c: \ windows \ system32 \ drivers \ klin.dat 2009-06-25 23:24. 2009-02-05 00:58 33808 ---- aw-c: \ Documents and Settings \ All Users \ Dati applicazioni \ Kaspersky Lab \ AVP8 \ Dati \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ klbg.sys 2009-06-25 23:24. 2008-07-17 23:08 213520 ---- aw-c: \ Documents and Settings \ All Users \ Dati applicazioni \ Kaspersky Lab \ AVP8 \ Dati \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ XP \ klif.sys 2009-06-25 23:24. 2008-07-17 23:08 861448 ---- aw-c: \ Documents and Settings \ All Users \ Dati applicazioni \ Kaspersky Lab \ AVP8 \ Dati \ Updater \ Temporary Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ updater.dll 2009-06-24 21:09. 2008-05-17 00:25 d -------- ----- w-c: \ Documents and Settings \ Mouse \ Dati applicazioni \ LimeWire 2009-06-24 16:37. 2008-05-19 02:02 d -------- ----- w-C: \ Program Files \ SUPERAntiSpyware 2009-06-23 19:00. 2008-10-16 02:40 d -------- ----- w-C: \ Program Files \ Pando Networks 2009-06-23 18:59. 2008-11-29 18:36 d -------- ----- w-C: \ Program Files \ palmOne 2009-06-21 23:00. 2009-02-09 03:50 138184 ---- aw-c: \ windows \ system32 \ drivers \ PnkBstrK.sys 2009-06-21 23:00. 2009-02-09 03:50 183112 ---- aw-c: \ windows \ system32 \ PnkBstrB.exe 2009-06-18 22:35. 2008-06-17 15:40 d -------- ----- w-C: \ Program Files \ Diablo II 2009-06-18 22:31. 2008-06-02 00:09 -------- d --- aw-c: \ Documents and Settings \ All Users \ Dati applicazioni \ TEMP 2009-06-17 22:51. 2008-05-15 04:41 d -------- ----- w-c: \ Documents and Settings \ Mouse \ Dati applicazioni \ uTorrent 2009-06-13 16:32. 2008-08-19 04:10 d -------- ----- w-C: \ Program Files \ Common Files \ Apple 2009-05-17 20:58. 2009-05-17 20:58 d -------- ----- w-C: \ Program Files \ LG Electronics 2009-05-17 20:58. 2008-05-12 09:20 -------- d - h - w-C: \ Program Files \ InstallShield Installation Information 2009-05-17 20:57. 2008-05-12 09:20 d -------- ----- w-C: \ Program Files \ Common Files \ InstallShield 2009-05-07 15:32. 2003-03-31 12:00 345600 ---- aw-c: \ windows \ system32 \ Localspl.dll 2009-04-29 04:46. 2003-03-31 12:00 666624 ---- aw-c: \ windows \ system32 \ wininet.dll 2009-04-29 04:46. 2008-05-16 21:18 81920 ------ w-c: \ windows \ system32 \ ieencode.dll 2009-04-28 10:48. 2008-05-17 00:24 d -------- ----- w-C: \ Program Files \ Java 2009-04-28 10:47. 2009-04-28 10:47 152576 ---- aw-c: \ Documents and Settings \ Mouse \ Dati applicazioni \ domenica \ Java \ jre1.6.0_13 \ lzma.dll 2009-04-17 12:26. 2003-03-31 12:00 1847168 ---- aw-c: \ windows \ system32 \ win32k.sys 2009-04-15 14:51. 2003-03-31 12:00 585216 ---- aw-c: \ windows \ system32 \ Rpcrt4.dll 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- ar-c: \ Documents and Settings \ Mouse \ Dati applicazioni \ Microsoft \ Installer \ (B5F7ED63-4BE6-E4D5-94F0-F06A2CCC5374) \ MapleStory.exe1_B5F7ED63E4D54BE694F0 F06A2CCC5374.exe 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- ar-c: \ Documents and Settings \ Mouse \ Dati applicazioni \ Microsoft \ Installer \ (B5F7ED63-4BE6-E4D5-94F0-F06A2CCC5374) \ MapleStory.exe_B5F7ED63E4D54BE694F0F 06A2CCC5374_1.exe 2009-04-08 06:13. 2009-04-08 06:13 10134 ---- ar-c: \ Documents and Settings \ Mouse \ Dati applicazioni \ Microsoft \ Installer \ (B5F7ED63-4BE6-E4D5-94F0-F06A2CCC5374) \ ARPPRODUCTICON.exe 2009-04-05 23:39. 2008-05-16 02:24 23032 ---- aw-c: \ Documents and Settings \ Mouse \ Impostazioni locali \ Dati applicazioni \ GDIPFONTCACHEV1.DAT 2009-04-05 23:27. 2009-04-05 23:28 5433520 ---- aw-c: \ windows \ system32 \ SpoonUninstall.exe . ((((((((((((((((((((((((((((( SnapShot@2009-06-24_23.25.37 )))))))))))) ))))))))))))))))))))))))))))) . + 2008-03-26 00:07. 2008-03-26 00:07 24592 c: \ windows \ system32 \ drivers \ klim5.sys - 2007-12-13 17:28. 2008-03-26 00:07 24592 c: \ windows \ system32 \ drivers \ klim5.sys + 2009-06-24 23:28. 2008-10-16 19:09 51224 c: \ windows \ system32 \ dllcache \ cache \ Wuauclt.exe + 2009-06-24 23:28. 2008-04-14 00:12 82432 c: \ windows \ system32 \ dllcache \ cache \ ws2_32.dll + 2009-06-24 23:28. 2008-04-14 00:12 26112 c: \ windows \ system32 \ dllcache \ cache \ userinit.exe + 2009-06-24 23:28. 2008-04-14 00:12 14336 c: \ windows \ system32 \ dllcache \ cache \ svchost.exe + 2009-06-24 23:28. 2008-04-14 00:12 57856 c: \ windows \ system32 \ dllcache \ cache \ spoolsv.exe + 2009-06-24 23:28. 2008-04-14 00:12 17408 c: \ windows \ system32 \ dllcache \ cache \ powrprof.dll + 2009-06-24 23:28. 2008-04-14 00:12 13312 c: \ windows \ system32 \ dllcache \ cache \ lsass.exe + 2009-06-24 23:28. 2008-04-13 18:39 24576 c: \ windows \ system32 \ dllcache \ cache \ Kbdclass.sys + 2009-06-24 23:28. 2008-04-13 18:53 36608 c: \ windows \ system32 \ dllcache \ cache \ ip6fw.sys + 2009-06-24 23:28. 2008-04-14 00:12 15360 c: \ windows \ system32 \ dllcache \ cache \ ctfmon.exe - 2008-04-18 17:53. 2009-02-05 00:58 213520 c: \ windows \ system32 \ drivers \ klif.sys + 2008-04-18 17:53. 2009-06-25 23:24 213520 c: \ windows \ system32 \ drivers \ klif.sys + 2009-06-24 23:28. 2008-04-14 00:12 507904 c: \ windows \ system32 \ dllcache \ cache \ winlogon.exe + 2009-06-24 23:28. 2009-04-29 04:46 666624 c: \ windows \ system32 \ dllcache \ cache \ wininet.dll + 2009-06-24 23:28. 2008-04-14 00:12 578560 c: \ windows \ system32 \ dllcache \ cache \ user32.dll + 2009-06-24 23:28. 2008-04-14 00:12 295424 c: \ windows \ system32 \ dllcache \ cache \ Termsrv.dll + 2009-06-24 23:28. 2008-06-20 11:51 361600 c: \ windows \ system32 \ dllcache \ cache \ tcpip.sys + 2009-06-24 23:28. 2009-02-06 11:11 110592 c: \ windows \ system32 \ dllcache \ cache \ services.exe + 2009-06-24 23:28. 2008-04-13 19:20 182656 c: \ windows \ system32 \ dllcache \ cache \ ndis.sys + 2009-06-24 23:28. 2009-03-21 14:06 989696 c: \ windows \ system32 \ dllcache \ cache \ kernel32.dll + 2009-06-24 23:28. 2008-04-14 00:11 110080 c: \ windows \ system32 \ dllcache \ cache \ imm32.dll + 2009-06-24 23:28. 2008-04-14 00:11 167936 c: \ windows \ system32 \ dllcache \ cache \ appmgmts.dll + 2009-06-24 23:28. 2008-04-14 00:12 1614848 C: \ Windows \ system32 \ dllcache \ cache \ sfcfiles.dll + 2009-06-24 23:28. 2009-02-06 11:06 2145280 C: \ Windows \ system32 \ dllcache \ cache \ ntoskrnl.exe + 2009-06-24 23:28. 2009-02-06 10:32 2023936 C: \ Windows \ system32 \ dllcache \ cache \ ntkrnlpa.exe + 2009-06-24 23:28. 2008-04-14 00:12 1033728 C: \ Windows \ system32 \ dllcache \ cache \ explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Nota * vuoto voci & legit default voci non vengono visualizzate REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "ctfmon.exe" = "c: \ windows \ system32 \ ctfmon.exe" [2008-04-14 15360] "H / PC Connection Agent" = "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2008-05-03 13529088] "CTDVDDET" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE" [2003-06-18 45056] "RCSystem" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "AudioDrvEmulator" = "C: \ Program Files \ Creative \ Shared Files \ Module Loader \ DLLML.exe" [2005-11-04 49152] "VolPanel" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volume Panel \ VolPanlu.exe" [2006-07-28 122880] "NvMediaCenter" = "c: \ windows \ system32 \ NvMcTray. Dll" [2008-05-03 86016] "AVP" = "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" [2009-02-05 201992] "QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2009-05-26 413696] "AppleSyncNotifier" = "C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleSyncNotifier.exe" [2009-05-14 177472] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-06-05 292136] "CTHelper" = "CTHELPER.EXE" - c: \ windows \ system32 \ CtHelper.exe [2008-02-21 19456] "CTxfiHlp" = "CTXFIHLP.EXE" - c: \ windows \ system32 \ Ctxfihlp.exe [2008-02-21 19968] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2009-01-01 77824] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon] 2009-01-01 04:29 356352 ---- aw-C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ SafeBoot \ Minimal \ Wdf01000.sys] @ = "Driver" [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Avvio ^ Programmi ^ ^ avvio Adobe Gamma Loader.lnk] path = C: \ Documents and Settings \ All Users \ Menu Avvio \ Programmi \ Esecuzione automatica \ Adobe Gamma Loader.lnk backup = C: \ Windows \ pss \ Adobe Gamma Loader.lnkCommon avvio [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Avvio ^ Programmi ^ ^ avvio HOTSYNCSHORTCUTNAME.lnk] path = C: \ Documents and Settings \ All Users \ Menu Avvio \ Programmi \ Esecuzione automatica \ HOTSYNCSHORTCUTNAME.lnk backup = C: \ Windows \ pss \ n HOTSYNCSHORTCUTNAME.lnkCommo avvio [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ All Users ^ Menu Avvio ^ Programmi ^ ^ avvio Microsoft Office.lnk] path = C: \ Documents and Settings \ All Users \ Menu Avvio \ Programmi \ Esecuzione automatica \ Microsoft Office.lnk backup = C: \ Windows \ pss \ Microsoft Office.lnkCommon avvio [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Shared Tools \ msconfig \ servizi] "StyleXPService" = 2 (0x2) "PLFlash DeviceIoControl Service" = 2 (0x2) "NMIndexingService" = 3 (0x3) "Nero BackItUp Scheduler 3" = 2 (0x2) "MDM" = 2 (0x2) "ZuneNetworkSvc" = 3 (0x3) "WMPNetworkSvc" = 3 (0x3) "npkcmsvc" = 2 (0x2) "JavaQuickStarterService" = 2 (0x2) "IDriverT" = 3 (0x3) "iPod Service" = 3 (0x3) "idsvc" = 3 (0x3) "Adobe LM Service" = 3 (0x3) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center] "AntiVirusOverride" = dword: 00000001 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitoring \ KasperskyAntiVirus] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile] "EnableFirewall" = 0 (0x0) [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List] "% windir% \ \ system32 \ \ sessmgr.exe" = "c: \ \ Program Files \ \ uTorrent \ \ uTorrent.exe" = "c: \ \ Program Files \ \ Veoh Networks \ Veoh \ \ VeohClient.exe" = "c: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "c: \ \ Program Files \ \ Sierra \ \ FEAR \ \ FEAR.exe" = "c: \ \ Program Files \ \ Xfire \ \ xfire.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx9.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Dx10.exe" = "c: \ \ Program Files \ \ Ubisoft \ \ Assassin's Creed \ \ AssassinsCreed_Launcher.exe" = "c: \ \ Documents and Settings \ \ All Users \ \ Dati applicazioni \ \ Kaspersky Lab Setup Files \ \ Kaspersky Internet Security 2009 \ \ Italian \ \ setup.exe" = "C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync RAPI Manager "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" = C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Connection Manager "C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Application "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "c: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" = "c: \ \ Program Files \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" = "c: \ \ Program Files \ \ AIM6 \ \ aim6.exe" = "c: \ \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" = "c: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List] "6112: TCP" = 6112: TCP: Diablo 2 "26675: TCP" = 26675: TCP: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Service "58398: TCP" = 58398: TCP: Pando Media Booster "58398: UDP" = 58398: UDP: Pando Media Booster R0 klbg; Kaspersky Lab Boot Guard Driver; c: \ windows \ system32 \ drivers \ klbg.sys [1/29/2008 6:29 PM 33808] R1 SASDIFSV; SASDIFSV; C: \ Program Files \ SUPERAntiSpyware \ SASDIFSV.SYS [2/29/2008 4:03 PM 9968] R1 SASKUTIL; SASKUTIL; C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [2/29/2008 4:03 PM 55024] R1 UGURU; UGURU; c: \ windows \ system32 \ drivers \ uGuru.sys [5/12/2008 5:23 AM 14592] R3 KLFLTDEV; Kaspersky Lab KLFltDev; c: \ windows \ system32 \ drivers \ klfltdev.sys [3/13/2008 7:02 PM 26640] R3 klim5; Kaspersky Anti-Virus NDIS Filter; c: \ windows \ system32 \ drivers \ klim5.sys [3/25/2008 8:07 PM 24592] S2 Cubase32; Cubase32; c: \ windows \ system32 \ drivers \ Cuba se32.sys [4/5/2009 7:02 PM 11808] S3 SASENUM; SASENUM; C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [2/16/2006 4:51 PM 4096] . Indice dell ' "Operazioni pianificate' cartella 2009/06/13 c: \ windows \ Tasks \ AppleSoftwareUpdate.job - C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2008-07-30 17:34] 2009/06/26 c: \ windows \ Tasks \ Malwarebytes' Anti-Malware.job - C: \ progra ~ 1 \ MALWAR ~ 1 \ mbam.exe [2008-05-19 00:52] . . ------- ------- Supplementari Scan . uStart Page = hxxp: / / google.com / IE: Aggiungi ai Blocco Banner - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm IE: E & sporta in Microsoft Excel - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office10 \ EXCEL.EXE/3000 DPF: Microsoft XML Parser per Java - file: / / c: \ windows \ Java \ Classes \ xmldso.cab DPF: (463ED66E-431b-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll FF - ProfilePath -- . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit / stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-26 03:54 5/1/2600 Windows Service Pack 3 NTFS scansione processi nascosti ... scansione entrate autostart nascoste ... scansione di file nascosti ... scansione completata con successo i file nascosti: 0 ************************************************** ************************ . --------------------- --------------------- LOCKED chiavi di registro [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "cd042efbbd7f7af1647644e76e06692b" = hex: 2e, E8, e1, 00, EB, 16,2 b, de, ff, 66,8 f, 81, d1, 34, d2, D9, c8, 28,51, af, b0, 29, a3, 98, A9, C3, a8, 8 bis, 5e, d3, 39,87, e2, 63,26, f1, 3f, C8, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98 A-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "bca643cdc5c2726b20d2ecedcc62c59b" = hex: 71,3 b, 04,66, 8b, 46,0 d, 96, C2, C2, dc, e4, A8, 65,45,2 e, 71,3 b, 04,66,8 b, 46,0 d, 96,21,7 c, aa, e9, a8, 42, 2f, c4, 6, 9 quater, d6, 61, AF, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "2c81e34222e8052573023a60d06dd016" = hex: 25, DA, CE, 7e, 55,20, c9, 26, EB, A7, df, 4d, 25, c2, 62,83,25, DA, CE, 7e, 55,20, c9, 26, a3, F2, 65, ed, 80,3 e, e4, f6, ff, 7c, 85, e0, 43, d4, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CC D-F60F-4708-AD98-D0152D08C8B9) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "2582ae41fb52324423be06337561aa48" = hex: 3e, 1e, 9e, e0, 57,5 a, 93,61, f2, a1, b4, 61,82, bb, ab, d5, 3e, 1e, 9e, e0, 57,5 a, 93,61,6 f, 0e, 5c, AE, CE, 4f, e7, 8d, 86,8 c, 21,01, da, 91, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F 9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "caaeda5fd7a9ed7697d9686d4b818472" = hex: cd, 44, cd, b9, A6, 33,6 c, cd, 91, d7, 7a, 29,97, C7, 40,4 b, cd, 44, cd, b9, A6, 33,6 c, cd, 49,19,95,11,6 f, ac, 43,68, f5, 1d, 4d, 73, a8, 13, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E 8-7A56-4fb1-843B-3E52D94DB145) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "a4a1bcf2cc2b8bc3716b74b2b4522f5d" = hex: df, 20,58,62, 78,6 b, cf, c8, 7e, 4a, d5, 24,8 d, 3 bis, 49, c4, b0, 18, ed, A7, 3f, 8d, 37, A4, 29, b5, 53,9 a, d3, 4a, 02,51, df, 20,58,62,78,6 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "4d370831d2c43cd13623e232fed27b7b" = hex: 31,77, e1, ba, b1, f8, 68,02,09, d4, 0b, f3, 53, bc, 62,26,31,77, e1, ba, b1, f8, 68,02,77, c3, de, c6, 98,79, 54,2 c, fb, A7, 78, e6, 12,2 f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654C A-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "1d68fe701cdea33e477eb204b76f993d" = hex: 01,3 a, 48, fc, E8, 04,4 uno, f1, df, 00, d5, 43, ff, f8, 0f, f3, 83,6 c, 56,8 b, a0, 85,96, AB, d5, 19,39,90, DA, 30, 2a, 05,01,3 a, 48, fc, E8, 04, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "1fac81b91d8e3c5aa4b0a51804d844a3" = hex: f6, 0f, 4e, 58, 98,5 b, 89, c9, 6 bis, bis, f8, c4, 82, 1 bis, 7f, d8, 51, FA, 6e, 91,28,9 e, 14, cc, 82, ac, 7a, 83, EB, 90, 81, c6, f6, 0f, 4e, 58,98,5 b, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE 5-B0E2-4288-8073-C02FF9619B6F) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "f5f62a6129303efb32fbe080bb27835b" = hex: 3d, ce, e bis, 26, 2d, 45, aa, 78,0 b, ba, 41,78,8 a, c9, 90,04, b1, cd, 45,5 a, a8, c4, f8, b9, 6b, c6, a2, 44,8 d, 59, A6, f5, 3d, ce, e bis, 26,2 d, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "fd4e2e1a3940b94dceb5a6a021f2e3c6" = hex: 2a, b7, cc, b5, b9, 7f, 41, e7, 5d, 45,06,19,5 e, 30,20, e6, e3, 0e, 66, d5, ter, quater, 2f, 6b, e1, 69,31, AC, dd, ba, 7f, 02,2 a, b7, cc, b5, b9, 7f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "c: \ \ WINDOWS \ \ system32 \ \ Ole32.dll" "8a8aec57dd6508a385616fbc86791ec2" = hex: f bis, bis, 66,7 f, d4, 3b, 6b, 70, a5, 97,0 a, 6e, 8 bis, cf, 52,73, FA, EA, 66,7 f, d4, 3b, 6b, 70,30,24, e bis, 79, A1, 7b, 08,64,6 c, 43,2 d, 1e, AA, 22, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Installer \ UserData \ LocalSystem \ Componen ts \-h € | YYYY ¤ • € | ù • A ~ *] "AB141C35E9F4BF344B9FC010BB17F68A" = "" . --------------------- DLLs Loaded Sotto i processi in esecuzione --------------------- - - - - - - -> 'Winlogon.exe' (672) C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL c: \ windows \ system32 \ klogon.dll - - - - - - -> 'Explorer.exe' (288) c: \ windows \ system32 \ WPDShServiceObj.dll c: \ windows \ system32 \ PortableDeviceTypes.dll c: \ windows \ system32 \ PortableDeviceApi.dll . ------------------------ Altri processi in esecuzione ----------------------- -- . C: \ Program Files \ Creative \ Shared Files \ CTAudSvc.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Bonjour \ mDNSResponder.exe c: \ windows \ system32 \ nvsvc32.exe c: \ windows \ system32 \ PnkBstrA.exe c: \ windows \ system32 \ rundll32.exe C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Entertainment Center \ EAXLoadr.exe c: \ progra ~ 1 \ micros ~ 4 \ rapimgr.exe C: \ Program Files \ iPod \ bin \ iPodService.exe c: \ windows \ system32 \ wscntfy.exe c: \ windows \ system32 \ CTxfispi.exe . ************************************************** ************************ . Completamento orario: 2009-06-26 3:57 - macchina è stato riavviato ComboFix-quarantena-files.txt 2009-06-26 07:57 ComboFix2.txt 2009-06-25 23:14 ComboFix3.txt 2009-06-24 23:29 ComboFix4.txt 2008-05-20 17:05 Pre-Run: 67824807936 bytes libero Post-Run: 67888648192 bytes libero Corrente di default = 3 = 3 = 1 Impossibile LastKnownGood Imposta = 4 = 1,2,3,4 311 --- EOF --- 2009-06-11 03:03 |
