|
| |||||||
| Inregistrare | Site-ul Spy | Lista de stat | Doneaza | Căuta | Posturi de azi | Marchează forumurile citite | Forum Regulamentul |
 |
 |
| | Thread Tools |
|
#1
23 iunie 2009, 10:38
| |||
| |||
| Infectate cu MultiPacked.Multi.Generic Malware! Am descarcat recent o temă aplicare. După instalare, Kaspersky a determinat o alertă spune computerul este infectat cu malware MultiPacked.Multi.Generic. Kaspersky oprit mea de lucru şi-mi ferestre temă este plecat-am ramas cu Windows clasic. Ajutor va rog! |
|
#2
23 iunie 2009, 11:25
| |||
| |||
| Infectate cu MultiPacked.Multi.Generic Malware! Încercaţi să-mi orice achiziţie de la jurnalele de a putea de aici. http://www.computer-juice.com/forums...-posting-7476/
__________________  |
|
#3
24 iunie 2009, 11:44
| |||
| |||
| Infectate cu MultiPacked.Multi.Generic Malware! Se pare ca a avut un forum glitch. Vă rugăm să posta aceste DDS jurnalele. Descarca DDS de la | Aici | sau | Aici | sau | Aici | şi salvaţi-l pe desktop. Vista utilizatori click dreapta pe DDS şi selectaţi Executare ca administrator (veţi primi o UAC prompt, vă rugăm să îi permită) * XP users Faceţi dublu clic pe DDS să îl rulaţi. * Dacă antivirus sau firewall, încercaţi să blocaţi DDS atunci vă rugăm să îi permită să ruleze. * După ce aţi terminat DDS va deschide două (2) jurnalele. 1) DDS.txt 2) Attach.txt * Salvaţi ambele jurnalele de pe desktop. * Vă rugăm să copiaţi şi să inseraţi întregul conţinut al ambele jurnalele la următoarea replică. Notă: DDS va instrui te pentru a posta Attach.txt jurnal ca o ataşare. Vă rugăm să-l doar post pe care l-aţi orice alt jurnal de copiaţi şi lipiţi-o în răspunsul.
__________________ |
|
#4
24 iunie 2009, 13:55
| |||
| |||
| Infectate cu MultiPacked.Multi.Generic Malware! DDS (Ver_09-05 - 14.01) - NTFSx86 Fugi de la Mouse 16:53:23.36 pe miercuri 06.24.2009 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1294 [GMT -4:00] AV: Kaspersky Internet Security * acces on-scanare cu handicap * (Actualizat) (2C4D4BC6-0793-4956-A9F9-E252435469C0) FW: Kaspersky Internet Security activat * * (2C4D4BC6-0793-4956-A9F9-E252435469C0) ============== Running Processes =============== C: \ Windows \ system32 \ Svchost-k DcomLaunch svchost.exe C: \ Windows \ system32 \ svchost.exe-k netsvcs C: \ Windows \ system32 \ svchost.exe-k WudfServiceGroup svchost.exe C: \ Windows \ system32 \ Spoolsv.exe C: \ Program Files \ Creative \ Shared Files \ CTAudSvc.exe C: \ WINDOWS \ Explorer.exe C: \ Windows \ system32 \ CTHELPER.EXE C: \ Windows \ system32 \ CTXFIHLP.EXE C: \ Program Files \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE C: \ Program Files \ Creative \ Shared Files \ Modulul Loader \ DLLML.exe C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volumul Panel \ VolPanlu.exe C: \ Windows \ system32 \ RUNDLL32.EXE C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe C: \ Program Files \ iTunes \ iTunesHelper.exe C: \ Windows \ system32 \ CTXFISPI.EXE C: \ Windows \ system32 \ Ctfmon.exe C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe C: \ PROGRA ~ 1 \ milionimi ~ 4 \ rapimgr.exe svchost.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe C: \ Program Files \ Bonjour \ mDNSResponder.exe C: \ Windows \ system32 \ nvsvc32.exe C: \ Windows \ system32 \ PnkBstrA.exe C: \ Windows \ system32 \ svchost.exe-k imgsvc C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Centru \ EAXLoadr.exe C: \ Program Files \ punct de vedere \ Common \ ViewpointService.exe C: \ Program Files \ iPod \ bin \ iPodService.exe C: \ Windows \ system32 \ svchost.exe-k HTTPFilter C: \ Program Files \ Mozilla Firefox \ firefox.exe C: \ Program Files \ LimeWire \ LimeWire.exe C: \ Documents and Settings \ Mouse \ Desktop \ dds.com ============== Pseudo HJT Raport =============== uStart Page = hxxp: / / google.com / uInternet Setări, ProxyOverride = *. local BHO: Adobe PDF Reader Link Helper: (06849e9f-c8d7-4d59-b87d-784b7d6be0b3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll BHO: Skype add-on (cap): (22bf413b-c6d2-4d91-82a9-a0f997ba588c) - C: \ Program Files \ skype \ bare de instrumente \ Internet Explorer \ SkypeIEPlugin.dll BHO: IEVkbdBHO Clasa: (59273ab4-e7d3-40f9-a1a8-6fa9cca1862c) - C: \ Program Files \ Kaspersky laborator \ Kaspersky Internet Security 2009 \ ievkbd.dll BHO: Java (tm) Plug-in 2 SSV Helper: (dbc80044-a445-435b-bc74-9c25c1c588a9) - C: \ Program Files \ Java \ jre6 \ bin \ jp2ssv.dll BHO: JQSIEStartDetectorImpl Clasa: (e7e6f031-17ce-4c07-bc86-eabfe594f69c) - C: \ Program Files \ Java \ jre6 \ lib \ implica \ jqs \ ie \ jqs_plugin.dll TB: Veoh Browser Plug-in: (d0943516-5076-4020-a3b5-aefaf26ab263) - C: \ Program Files \ veoh reţele \ veoh \ plugin-uri \ reg \ VeohToolbar.dll EB: (32683183-48a0-441b-a342-7c2a440a9478) - Nu File uRun: [Ctfmon.exe] c: \ windows \ system32 \ Ctfmon.exe uRun: [H / PC Connection Agent] "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" mRun: [NvCplDaemon] RUNDLL32.EXE C: \ windows \ system32 \ NvCpl.dll, NvStartup mRun: [CTHelper] CTHELPER.EXE mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [CTDVDDET] "C: \ Program Files \ creativ \ Sound Blaster X-fi \ dvdaudio \ CTDVDDET.EXE" mRun: [RCSystem] "C: \ Program Files \ creativ \ fişierele partajate \ modul Incarcator \ DLLML.exe" RCSystem *-Startup mRun: [AudioDrvEmulator] "C: \ Program Files \ creativ \ fişierele partajate \ modul Incarcator \ dllml.exe" -1 audiodrvemulator "C: \ Program Files \ creativ \ fişierele partajate \ modul Incarcator \ audio emulator \ AudDrvEm.dll" mRun: [VolPanel] "C: \ Program Files \ creativ \ Sound Blaster X-fi \ volum Panel \ VolPanlu.exe" / r mRun: [NvMediaCenter] RUNDLL32.EXE C: \ windows \ system32 \ NvMcTray.dll, NvTaskbarInit mRun: [AVP] "C: \ Program Files \ Kaspersky laborator \ Kaspersky Internet Security 2009 \ avp.exe" mRun: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime mRun: [AppleSyncNotifier] C: \ Program Files \ Common Files \ Apple \ dispozitiv mobil sprijin \ bin \ AppleSyncNotifier.exe mRun: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe" IE: Adauga la Banner Ad Blocker - C: \ Program Files \ Kaspersky laborator \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm IE: E & xportaţi la Microsoft Excel - c: \ progra ~ 1 \ milionimi ~ 2 \ office10 \ EXCEL.EXE/3000 IE: (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network de diagnostic \ xpnetdiag.exe IE: (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe IE: (1F460357-8A94-4D71-9CA3-AA4ACF32ED8E) - (85E0B171-04FA-11D1-B7DA-00A0C90348D6) - C: \ Program Files \ Kaspersky laborator \ Kaspersky Internet Security 2009 \ SCIEPlgn.dll IE: (2EAF5BB1-070F-11D3-9307-00C04FAE2D4F) - (2EAF5BB0-070F-11D3-9307-00C04FAE2D4F) - c: \ progra ~ 1 \ milionimi ~ 4 \ INetRepl.dll IE: (2EAF5BB2-070F-11D3-9307-00C04FAE2D4F) - (2EAF5BB0-070F-11D3-9307-00C04FAE2D4F) - c: \ progra ~ 1 \ milionimi ~ 4 \ INetRepl.dll IE: (77BF5300-1474-4EC7-9980-D32B190E9B07) - (77BF5300-1474-4EC7-9980-D32B190E9B07) - C: \ Program Files \ skype \ bare de instrumente \ Internet Explorer \ SkypeIEPlugin.dll DPF: Microsoft XML Parser pentru Java - file: / / c: \ windows \ java \ Classes \ xmldso.cab DPF: (17492023-C23A-453E-A040-C7C580BBF700) - hxxp: / / go.microsoft.com / fwlink /? Linkid = 39204 DPF: (45B69029-F3AB-4204-92DE-D5140C3E8E74) - hxxps: / / portal.apogentech.com / vdesk / terminal / InstallerControl.cab DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll DPF: (57C76689-F052-487B-A19F-855AFDDF28EE) - hxxps: / / portal.apogentech.com/vdesk/terminal/f5InspectionHost.cab # version = 6030,2008,0904,1939 DPF: (8AD9C840-044E-11D1-B3E9-00805F499D93) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: (CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: (CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: (CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: (CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: (CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA) - hxxp: / / java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: (E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D) - hxxps: / / # portal.apogentech.com/policy/download_binary.php/win32/f5syschk.cab Version = 6030,2008,0904,1947 Handler: cdo - (CD00020A-8B95-11D1-82DB-00C04FB1625D) - C: \ Program Files \ Common Files \ Microsoft Shared \ web dosare \ PKMCDO.DLL Handler: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - c: \ progra ~ 1 \ comună ~ 1 \ skype \ SKYPE4 ~ 1.DLL Anunta:! SASWinLogon - C: \ Program Files \ superantispyware \ SASWINLO.DLL Anunta: klogon - c: \ windows \ system32 \ klogon.dll AppInit_DLLs: c: \ progra ~ 1 \ kasper ~ 1 \ kasper ~ 1 \ mzvkbd.dll, c: \ progra ~ 1 \ kasper ~ 1 \ kasper ~ 1 \ adialhk.dll, c: \ progra ~ 1 \ kaspe R ~ 1 \ kasper ~ 1 \ kloehk.dll SSODL: WPDShServiceObj - (AAA288BA-9A4C-45B0-95D7-94D524869DB5) - c: \ windows \ system32 \ WPDShServiceObj.dll SEH: SABShellExecuteHook Clasa: (5ae067d3-9afb-48e0-853a-ebb7f4a000da) - C: \ Program Files \ superantispyware \ SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath -- ============= SERVICII / DRIVERELOR =============== R0 kl1; Kl1; c: \ windows \ system32 \ drivers \ kl1.sys [2007-10-31 112144] R0 klbg; Kaspersky Lab Boot Garda Driver; c: \ windows \ system32 \ drivers \ klbg.sys [2008-1-29 33808] R1 klif; Kaspersky Lab Driver; c: \ windows \ system32 \ drivers \ klif.sys [2008-4-18 213520] R1 SASKUTIL; SASKUTIL; C: \ Program Files \ superantispyware \ SASKUTIL.SYS [2008-2-29 55024] R1 UGURU; UGURU; c: \ windows \ system32 \ drivers \ uGuru.sys [2008-5-12 14592] R2 avp; Kaspersky Internet Security; C: \ Program Files \ Kaspersky laborator \ Kaspersky Internet Security 2009 \ avp.exe-r -> C: \ Program Files \ Kaspersky laborator \ Kaspersky Internet Security 2009 \ avp.exe-r [? ] R2 punct de vedere Manager Service; punct de vedere Manager Service; C: \ Program Files \ punct de vedere \ comun \ ViewpointService.exe [2008-12-7 24652] R3 KLFLTDEV; Kaspersky Lab KLFltDev; c: \ windows \ system32 \ drivers \ klfltdev.sys [2008-3-13 26640] R3 klim5; Kaspersky Anti-Virus NDIS Filter; C: \ windows \ system32 \ drivers \ klim5.sys [2007-12-13 24592] R3 SASENUM; SASENUM; C: \ Program Files \ superantispyware \ SASENUM.SYS [2006-2-16 4096] S1 SASDIFSV; SASDIFSV; C: \ Program Files \ superantispyware \ SASDIFSV.SYS [2008-2-29 9968] S2 Cubase32; Cubase32; c: \ windows \ system32 \ drivers \ Cuba se32.sys [2009-4-5 11808] S3 IlvMoneyDRIVER53; IlvMoneyDRIVER53; c: \ windows \ syste m32 \ drivers \ IlvMoney1215.sys [2008-8-21 30080] =============== Creat Ultimele 30 de ================ 2009-06-17 13:58 <DIR> - d ----- C: \ Program Files \ LSoft Tehnologii 2009-06-13 12:32 <DIR> - d ----- C: \ Program Files \ iPod 2009-06-13 12:32 <DIR> - d ----- C: \ Program Files \ iTunes ==================== Find3M ==================== ============= FINISH: 16:54:12.42 =============== Cu excepţia cazurilor SPECIFIC instruiţi, NU POSTA PREZENTUL LOG. Dacă este solicitat, ZIP-l Ataşaţi & IT DDS (Ver_09-05 - 14.01) Microsoft Windows XP Professional Boot Device: \ Device \ HarddiskVolume1 Instalaţi Data: 5/12/2008 2:38:20 PM Sistemul de uptime: 6/24/2009 12:33:35 PM (4 ore acum) Plăci de bază: http://www.abit.com.tw/ | | IP35 PRO (P35 + ICH9R) Procesor: Intel (R) Pentium (R) 4 CPU 2.80GHz | Socket 775 | 3024/216mhz ==== Disk Partiţiile ========================= R: este Removable C: este fix (NTFS) - 128 scoabă total, 60.146 scoabă liberă. D: este fix (NTFS) - 69 scoabă total, 60.479 scoabă liberă. E: este CDROM (CDFS) F: este CDROM (CDFS) G: este fix (NTFS) - 245 scoabă total, 138.326 scoabă liberă. H: este CDROM-ul () I: este CDROM-ul () J: este CDROM-ul () K: este CDROM-ul () ==== Disabled Device Manager Elemente ============= Clasa GUID: (4D36E972-E325-11CE-BFC1-08002BE10318) Descriere: Realtek RTL8169/8110 Family Gigabit Ethernet NIC Device ID: PCI \ VEN_10EC & DEV_8167 & SUBSYS_1083147B & REV_10 \ 4 & BB2 9FA6 & 0 & 00F0 Producator: Realtek Semiconductor Corp Nume: Realtek RTL8169/8110 Family Gigabit Ethernet NIC # 3 PNP Device ID: PCI \ VEN_10EC & DEV_8167 & SUBSYS_1083147B & REV_10 \ 4 & BB2 9FA6 & 0 & 00F0 Service: RTL8023xp Clasa GUID: (4D36E972-E325-11CE-BFC1-08002BE10318) Descriere: MAC Bridge miniport Device ID: ROOT \ MS_BRIDGEMP \ 0000 Producator: Microsoft Nume: MAC Bridge miniport PNP Device ID: ROOT \ MS_BRIDGEMP \ 0000 Service: BridgeMP ==== Sistemul de puncte de restaurare =================== RP202: 3/26/2009 6:14:01 PM - Sistem de Checkpoint RP203: 3/27/2009 9:06:08 PM - Sistem de Checkpoint RP204: 3/30/2009 12:43:20 PM - Sistem de Checkpoint RP205: 4/1/2009 5:11:23 PM - Sistem de Checkpoint RP206: 4/3/2009 3:31:49 PM - Sistem de Checkpoint RP207: 4.6.2009 11:30:33 - Sistemul Checkpoint RP208: 4/8/2009 1:48:55 AM - Ştearsă MapleStory GL. RP209: 4/8/2009 1:49:05 AM - Installed MapleStory. RP210: 4/8/2009 2:00:33 AM - Ştearsă MapleStory. RP211: 4/8/2009 2:12:11 AM - Installed MapleStory. RP212: 4/9/2009 1:53:58 PM - Sistem de Checkpoint RP213: 4/11/2009 6:22:36 AM - Sistemul de Checkpoint RP214: 4/14/2009 11:18:28 AM - Sistemul de Checkpoint RP215: 4/15/2009 5:50:23 PM - Software Distribution Service 3.0 RP216: 4/18/2009 1:32:37 AM - Sistemul de Checkpoint RP217: 4/21/2009 2:37:36 PM - Sistem de Checkpoint RP218: 4/22/2009 5:07:27 PM - Sistem de Checkpoint RP219: 4/24/2009 2:41:28 PM - Sistem de Checkpoint RP220: 4/25/2009 10:07:27 PM - Sistem de Checkpoint RP221: 4/28/2009 6:48:10 AM - instalat Java (TM) 6 Update 13 RP222: 5/2/2009 7:23:06 PM - Sistem de Checkpoint RP223: 5/3/2009 11:36:18 PM - Sistem de Checkpoint RP224: 5/5/2009 2:29:10 - Sistemul Checkpoint RP225: 5/6/2009 8:29:33 PM - Sistem de Checkpoint RP226: 5/7/2009 3:00:17 AM - Software Distribution Service 3.0 RP227: 5.7.2009 11:16:03 - a instalat Windows XP WgaNotify. RP228: 5.9.2009 11:12:42 - Sistemul Checkpoint RP229: 5/10/2009 5:10:12 PM - Sistem de Checkpoint RP230: 5/11/2009 9:02:07 PM - Sistem de Checkpoint RP231: 5/13/2009 12:26:07 AM - Software Distribution Service 3.0 RP232: 5/14/2009 2:28:00 PM - Ştearsă ZU-ONLINE RP233: 5/15/2009 2:47:49 PM - Sistem de Checkpoint RP234: 5/17/2009 1:28:31 AM - Sistemul de Checkpoint RP235: 5/17/2009 4:58:00 PM - Installed LG USB Modem driver RP236: 5/19/2009 11:34:48 AM - Sistemul de Checkpoint RP237: 5/20/2009 12:47:48 PM - Sistem de Checkpoint RP238: 5/23/2009 10:08:08 AM - Sistemul de Checkpoint RP239: 6.1.2009 10:03:10 - Sistemul Checkpoint RP240: 6.2.2009 10:03:30 - Sistemul Checkpoint RP241: 6.3.2009 11:47:56 - Sistemul Checkpoint RP242: 6/5/2009 11:10:53 PM - Sistem de Checkpoint RP243: 6/7/2009 2:46:24 PM - Sistem de Checkpoint RP244: 6.9.2009 11:32:41 - Sistemul Checkpoint RP245: 6/10/2009 5:52:30 PM - Sistem de Checkpoint RP246: 6/10/2009 11:00:09 PM - Software Distribution Service 3.0 RP247: 6/12/2009 12:14:34 PM - Sistem de Checkpoint RP248: 6/13/2009 1:12:33 PM - Sistem de Checkpoint RP249: 6/14/2009 9:20:14 PM - Sistem de Checkpoint RP250: 6/15/2009 9:53:46 PM - Sistem de Checkpoint RP251: 6/17/2009 12:27:01 AM - Sistemul de Checkpoint RP252: 6/21/2009 7:28:06 PM - Sistem de Checkpoint RP253: 6/22/2009 8:08:50 PM - Sistem de Checkpoint RP254: 6/23/2009 2:54:41 PM - Ştearsă Garmin City Navigator North America NT 2009 Update RP255: 6/23/2009 2:58:20 PM - Ştearsă palmOne RP256: 6/24/2009 3:58:18 PM - Sistem de Checkpoint ==== Programe instalate ====================== ==== Event Viewer de mesaje de la Săptămâna trecută ======== ==== Sfârşit de fişier =========================== |
|
#5
24 iunie 2009, 14:05
| |||
| |||
| Infectate cu MultiPacked.Multi.Generic Malware! Descarca ComboFix © de sUBs de la unul din link-urile de mai jos. Asiguraţi-vă că aţi început să-l salvaţi în Spaţiul de lucru. Link # 1 Link # 2 ** Notă: Este important că este salvat direct pe Desktop NU rulaţi-l încă! Notă: instrucţiunile de mai jos au fost create special pentru acest utilizator. Dacă nu sunteţi acest utilizator, NU urmaţi aceste direcţii în care acestea ar putea deteriora funcţionarea sistemului dvs. Ştergeţi aceste fişiere / foldere, după cum urmează: 1. Du-te la Porni > Fugi > Tip Notepad.exe şi faceţi clic pe OK pentru a deschide Notepad. El / ea trebui fi Notepad, nu Wordpad. 2. Copia textul în caseta de mai jos codul de evidenţă tot textul şi apăsând Ctrl + C Cod: Killall:: DDS:: uInternet Setări, ProxyOverride = *. local EB: (32683183-48a0-441b-a342-7c2a440a9478) - Nu File IE: (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll Driver:: punct de vedere Manager Service Folder:: C: \ Program Files \ punct de vedere 4. Apoi, faceţi clic pe Dosar > Economisi 5. Nume de fişier CFScript.txt - Salvaţi fişierul pe spaţiul de lucru 6. Apoi, glisaţi CFScript (ţineţi butonul stânga al mouse-ului în timp ce fişierul de lungă durată) şi fixaţi-l (de eliberare din stânga mouse-ul) în ComboFix.exe după cum puteţi vedea în imaginea de mai jos. Important: Efectua această instrucţiune cu atenţie!  ComboFix vor începe să execute, urmaţi solicitările. După repornirea sistemului (în cazul în care le cere să reporniţi), aceasta va produce un jurnal pentru tine. Post că jurnal (Combofix.txt) în următoarea replică. Notă: Nu mouseclick ComboFix de fereastră în timp ce se execută. Care pot determina sistemul dvs. pentru a se congela
__________________ |
|
#6
25 iunie 2009, 08:45
| |||
| |||
| Infectate cu MultiPacked.Multi.Generic Malware! ComboFix 09-06-23.01 - Mouse 06/24/2009 17:18.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1452 [GMT -4:00] Rularea de la: C: \ Documents and Settings \ Mouse \ Desktop \ ComboFix.exe Command comutatoare utilizat:: c: \ Documents and Settings \ Mouse \ Desktop \ CFScript.txt AV: Kaspersky Internet Security * acces on-scanare cu handicap * (Actualizat) (2C4D4BC6-0793-4956-A9F9-E252435469C0) FW: Kaspersky Internet Security activat * * (2C4D4BC6-0793-4956-A9F9-E252435469C0) . Alte ((((((((((((((((((((((((((((((((((((((( ştergerile ))))))))) )))))))))))))))))))))))))))))))))))))))) . C: \ Program Files \ punct de vedere C: \ recycler \ S-1-5-21-1957994488-1801674531-1177238915-1004 C: \ recycler \ S-1-5-21-789336058-2025429265-1644491937-1003 c: \ windows \ system32 \ drivers \ kl1.sys C: \ Program Files \ Messenger \ msmsgs.exe C: \ Program Files \ punct de vedere \ Common \ ViewpointService.exe C: \ Program Files \ punct de vedere \ Common \ VistaBoot.sdll C: \ Program Files \ punct de vedere \ punct de vedere Media Player \ AxMetaStream.dll C: \ Program Files \ punct de vedere \ punct de vedere Media Player \ ClassIDs.ini C: \ Program Files \ punct de vedere \ punct de vedere Media Player \ ComponentMgr.dll C: \ Program Files \ punct de vedere \ punct de vedere Media Player \ MetaStreamID.ini C: \ Program Files \ punct de vedere \ punct de vedere Media Player \ MtsAxInstaller.exe C: \ Program Files \ punct de vedere \ punct de vedere Media Player \ NewComponents \ AOLUserShell.dll C: \ Program Files \ punct de vedere \ punct de vedere Media Player \ NewComponents \ Cursors.dll C: \ Program Files \ punct de vedere \ punct de vedere Media Player \ NewComponents \ JpegReader.dll C: \ Program Files \ punct de vedere \ punct de vedere Media Player \ NewComponents \ Mts3Reader.dll C: \ Program Files \ punct de vedere \ punct de vedere Media Player \ NewComponents \ SceneComponent.dll C: \ Program Files \ punct de vedere \ punct de vedere Media Player \ NewComponents \ SreeDMMX.dll C: \ Program Files \ punct de vedere \ punct de vedere Media Player \ NewComponents \ SWFView.dll C: \ Program Files \ punct de vedere \ punct de vedere Media Player \ NewComponents \ VETScriptInterpreter.dll C: \ Program Files \ punct de vedere \ punct de vedere Media Player \ NewComponents \ VMPSpeech.dll C: \ Program Files \ punct de vedere \ punct de vedere Media Player \ NewComponents \ VMPVideo2.dll C: \ Program Files \ punct de vedere \ punct de vedere Media Player \ npViewpoint.dll C: \ Program Files \ punct de vedere \ punct de vedere Media Player \ npViewpoint.xpt C: \ recycler \ S-1-5-21-1957994488-1801674531-1177238915-1004 \ Desktop.ini C: \ recycler \ S-1-5-21-1957994488-1801674531-1177238915-1004 \ INFO2 C: \ recycler \ S-1-5-21-789336058-2025429265-1644491937-1003 \ Desktop.ini C: \ recycler \ S-1-5-21-789336058-2025429265-1644491937-1003 \ INFO2 c: \ windows \ emMON.exe c: \ windows \ system32 \ Codecs \ 7zAES.dll c: \ windows \ system32 \ Codecs \ AES.dll c: \ windows \ system32 \ Codecs \ Branch.dll c: \ windows \ system32 \ Codecs \ BZip2.dll c: \ windows \ system32 \ Codecs \ Copy.dll c: \ windows \ system32 \ Codecs \ Deflate.dll c: \ windows \ system32 \ Codecs \ LZMA.dll c: \ windows \ system32 \ Codecs \ PPMd.dll c: \ windows \ system32 \ Codecs \ Rar29.dll c: \ windows \ system32 \ Codecs \ Swap.dll c: \ windows \ system32 \ drivers \ ctoss2k.sys c: \ windows \ system32 \ Formate \ 7z.dll . ((((((((((((((((((((((((((((((((((((((( Drivere / Servicii )))))))) ))))))))))))))))))))))))))))))))))))))))) . ------- \ Legacy_ILVMONEYDRIVER53 ------- \ Legacy_VIEWPOINT_MANAGER_SERVICE ------- \ Service_IlvMoneyDRIVER53 ------- \ Service_Viewpoint Manager Service ------- \ Legacy_ossrv ------- \ Service_ossrv ((((((((((((((((((((((((( Fişierele create de 2009-05-24 la 2009-06-24 ))))))))))) )))))))))))))))))))) . 2009-06-23 18:47. 2009-06-24 16:37 117760 ---- AW-C: \ Documents and Settings \ Mouse \ Application Data \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009-06-17 17:58. 2009-06-17 18:10 ----- -------- d-w C: \ Program Files \ LSoft Tehnologii 2009-06-13 16:32. 2009-06-13 16:32 ----- -------- d-w C: \ Program Files \ iPod 2009-06-13 16:32. 2009-06-13 16:32 ----- -------- d-w C: \ Program Files \ iTunes 2009-06-13 16:28. 2009-06-13 16:29 ----- -------- d-w C: \ Program Files \ QuickTime 2009-06-13 16:23. 2009-06-13 16:23 75048 ---- AW-C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer \ Installer Cache \ iTunes 8.2.0.23 \ SetupAdmin.exe 2009-06-10 23:14. 2001-08-18 02:36 462848-C - AW-c: \ windows \ system32 \ dllcache \ a3dapi.dll 2009-06-10 23:14. 2001-08-18 02:36 462848 ---- AW-c: \ windows \ system32 \ a3dapi.dll 2009-06-10 23:13. 2009-06-11 07:20 ----- -------- d-w C: \ Descent3 2009-06-10 23:13. 2009-06-10 23:13 ----- -------- d-w C: \ Jocuri 2009-06-10 20:13. 2009-05-07 15:32 345600-c ---- W-c: \ windows \ system32 \ dllcache \ localspl.dll 2009-06-10 20:13. 2009-04-15 14:51 585216-c ---- W-c: \ windows \ system32 \ dllcache \ Rpcrt4.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Raport )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009-06-24 23:25. 2008-05-16 03:35 ----- -------- d-w C: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab 2009-06-24 21:26. 2008-05-16 03:35 761888 - SHA-m-c: \ windows \ system32 \ drivers \ fidbox2.dat 2009-06-24 21:26. 2008-05-16 03:35 64388 - SHA-m-c: \ windows \ system32 \ drivers \ fidbox.idx 2009-06-24 21:26. 2008-05-16 03:35 4571424 - SHA-m-c: \ windows \ system32 \ drivers \ fidbox.dat 2009-06-24 21:26. 2008-05-16 03:35 29696 - SHA-m-c: \ windows \ system32 \ drivers \ fidbox2.idx 2009-06-24 21:09. 2008-05-17 00:25 ----- -------- d-w C: \ Documents and Settings \ Mouse \ Application Data \ LimeWire 2009-06-24 16:37. 2008-05-19 02:02 ----- -------- d-w C: \ Program Files \ SUPERAntiSpyware 2009-06-23 19:00. 2008-10-16 02:40 ----- -------- d-w C: \ Program Files \ Pando Networks 2009-06-23 18:59. 2008-11-29 18:36 ----- -------- d-w C: \ Program Files \ palmOne 2009-06-21 23:00. 2009-02-09 03:50 138184 ---- AW-c: \ windows \ system32 \ drivers \ PnkBstrK.sys 2009-06-21 23:00. 2009-02-09 03:50 183112 ---- AW-c: \ windows \ system32 \ PnkBstrB.exe 2009-06-18 22:35. 2008-06-17 15:40 ----- -------- d-w C: \ Program Files \ Diablo II 2009-06-18 22:31. 2008-06-02 00:09 -------- d --- AW-C: \ Documents and Settings \ All Users \ Application Data \ TEMP 2009-06-17 22:51. 2008-05-15 04:41 ----- -------- d-w C: \ Documents and Settings \ Mouse \ Application Data \ uTorrent 2009-06-13 16:32. 2008-08-19 04:10 ----- -------- d-w C: \ Program Files \ Common Files \ Apple 2009-05-20 16:16. 2008-05-16 03:36 94643 ---- AW-c: \ windows \ system32 \ drivers \ klick.dat 2009-05-20 16:16. 2008-05-16 03:36 105395 ---- AW-c: \ windows \ system32 \ drivers \ klin.dat 2009-05-17 20:58. 2009-05-17 20:58 ----- -------- d-w C: \ Program Files \ LG Electronics 2009-05-17 20:58. 2008-05-12 09:20 -------- d - h - C-C: \ Program Files \ InstallShield Installation Information 2009-05-17 20:57. 2008-05-12 09:20 ----- -------- d-w C: \ Program Files \ Common Files \ InstallShield 2009-05-07 15:32. 2003-03-31 12:00 345600 ---- AW-c: \ windows \ system32 \ localspl.dll 2009-04-29 04:46. 2003-03-31 12:00 666624 ---- AW-c: \ windows \ system32 \ Wininet.dll 2009-04-29 04:46. 2008-05-16 21:18 81920 ------ m-c: \ windows \ system32 \ ieencode.dll 2009-04-28 10:48. 2008-05-17 00:24 ----- -------- d-w C: \ Program Files \ Java 2009-04-28 10:47. 2009-04-28 10:47 152576 ---- AW-C: \ Documents and Settings \ Mouse \ Application Data \ duminică \ Java \ jre1.6.0_13 \ lzma.dll 2009-04-26 01:13. 2009-04-26 00:43 ----- -------- d-w C: \ Documents and Settings \ Mouse \ Application Data \ Move Networks 2009-04-17 12:26. 2003-03-31 12:00 1847168 ---- AW-c: \ windows \ system32 \ Win32k.sys 2009-04-15 14:51. 2003-03-31 12:00 585216 ---- AW-c: \ windows \ system32 \ Rpcrt4.dll 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- AR-C: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe1_B5F7ED63E4D54BE694F0 F06A2CCC5374.exe 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- AR-C: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe_B5F7ED63E4D54BE694F0F 06A2CCC5374_1.exe 2009-04-08 06:13. 2009-04-08 06:13 10134 ---- AR-C: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ ARPPRODUCTICON.exe 2009-04-05 23:39. 2008-05-16 02:24 23032 ---- AW-C: \ Documents and Settings \ Mouse \ Local Settings \ Application Data \ GDIPFONTCACHEV1.DAT 2009-04-05 23:27. 2009-04-05 23:28 5433520 ---- AW-c: \ windows \ system32 \ SpoonUninstall.exe . ((((((((((((((((((((((((((((((((((((( Reg Se incarca Puncte )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Nota * gol intrări & legit default intrări nu sunt afişate REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "Ctfmon.exe" = "c: \ windows \ system32 \ Ctfmon.exe" [2008-04-14 15360] "H / PC Connection Agent" = "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2008-05-03 13529088] "CTDVDDET" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE" [2003-06-18 45056] "RCSystem" = "C: \ Program Files \ Creative \ Shared Files \ Modulul Loader \ DLLML.exe" [2005-11-04 49152] "AudioDrvEmulator" = "C: \ Program Files \ Creative \ Shared Files \ Modulul Loader \ DLLML.exe" [2005-11-04 49152] "VolPanel" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volumul Panel \ VolPanlu.exe" [2006-07-28 122880] "NvMediaCenter" = "c: \ windows \ system32 \ NvMcTray. Dll" [2008-05-03 86016] "AVP" = "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" [2009-02-05 201992] "QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2009-05-26 413696] "AppleSyncNotifier" = "C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleSyncNotifier.exe" [2009-05-14 177472] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-06-05 292136] "CTHelper" = "CTHELPER.EXE" - c: \ windows \ system32 \ CtHelper.exe [2008-02-21 19456] "CTxfiHlp" = "CTXFIHLP.EXE" - c: \ windows \ system32 \ Ctxfihlp.exe [2008-02-21 19968] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ windows \ curr entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2009-01-01 77824] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ notifice \! SASWinLogon] 2009-01-01 04:29 356352 ---- AW-C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ SafeBoot \ Minimal \ Wdf01000.sys] @ = "Driver" [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ ^ Toate Utilizatorii Start Menu ^ Programs ^ Startup ^ Adobe Gamma Loader.lnk] path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Adobe Gamma Loader.lnk backup = c: \ windows \ pss \ Adobe Gamma Loader.lnkCommon Startup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ ^ Toate Utilizatorii Start Menu ^ Programs ^ Startup ^ HOTSYNCSHORTCUTNAME.lnk] path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ HOTSYNCSHORTCUTNAME.lnk backup = c: \ windows \ pss \ n HOTSYNCSHORTCUTNAME.lnkCommo Startup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ ^ Toate Utilizatorii Start Menu ^ Programs ^ Startup ^ Microsoft Office.lnk] path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Microsoft Office.lnk backup = c: \ windows \ pss \ Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ servicii] "StyleXPService" = 2 (0x2) "PLFlash DeviceIoControl Service" = 2 (0x2) "NMIndexingService" = 3 (0x3) "Nero BackItUp Scheduler 3" = 2 (0x2) "MDM" = 2 (0x2) "ZuneNetworkSvc" = 3 (0x3) "WMPNetworkSvc" = 3 (0x3) "npkcmsvc" = 2 (0x2) "JavaQuickStarterService" = 2 (0x2) "IDriverT" = 3 (0x3) "iPod Service" = 3 (0x3) "idsvc" = 3 (0x3) "Adobe LM Service" = 3 (0x3) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center] "AntiVirusOverride" = dword: 00000001 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitorizarea \ KasperskyAntiVirus] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile] "EnableFirewall" = 0 (0x0) [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ Lista] "% WINDIR% \ \ system32 \ \ sessmgr.exe" = "c: \ \ Program Files \ \ uTorrent \ \ uTorrent.exe" = "c: \ \ Program Files \ \ Veoh Networks \ \ Veoh \ \ VeohClient.exe" = "c: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "c: \ \ Program Files \ \ Sierra \ \ Frica \ \ FEAR.exe" = "c: \ \ Program Files \ \ Xfire \ \ xfire.exe" = "c: \ \ Program Files \ \ Ubisoft \ Assassin's Creed \ \ AssassinsCreed_Dx9.exe" = "c: \ \ Program Files \ \ Ubisoft \ Assassin's Creed \ \ AssassinsCreed_Dx10.exe" = "c: \ \ Program Files \ \ Ubisoft \ Assassin's Creed \ \ AssassinsCreed_Launcher.exe" = "c: \ \ Documents and Settings \ \ All Users \ \ Application Data \ \ Kaspersky Lab Setup Files \ \ Kaspersky Internet Security 2009 \ \ engleză \ \ setup.exe" = "C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync RAPI Manager "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" = C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Connection Manager "C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Application "% WINDIR% \ \ Reţeaua de diagnostic \ \ xpnetdiag.exe" = "c: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" = "c: \ \ Program Files \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" = "c: \ \ Program Files \ \ AIM6 \ \ aim6.exe" = "c: \ \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" = "c: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ Lista] "6112: TCP" = 6112: TCP: Diablo 2 "26675: TCP" = 26675: TCP: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Service "58398: TCP" = 58398: TCP: Pando Media Booster "58398: UDP" = 58398: UDP: Pando Media Booster R0 klbg; Kaspersky Lab Boot Garda Driver; c: \ windows \ system32 \ drivers \ klbg.sys [1.29.2008 6:29 33808] R1 SASDIFSV; SASDIFSV; C: \ Program Files \ SUPERAntiSpyware \ SASDIFSV.SYS [2.29.2008 4:03 9968] R1 SASKUTIL; SASKUTIL; C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [2.29.2008 4:03 55024] R1 UGURU; UGURU; c: \ windows \ system32 \ drivers \ uGuru.sys [5.12.2008 5:23 14592] R3 KLFLTDEV; Kaspersky Lab KLFltDev; c: \ windows \ system32 \ drivers \ klfltdev.sys [3.13.2008 7:02 26640] R3 klim5; Kaspersky Anti-Virus NDIS Filter; C: \ windows \ system32 \ drivers \ klim5.sys [12.13.2007 1:28 24592] S2 Cubase32; Cubase32; c: \ windows \ system32 \ drivers \ Cuba se32.sys [4/5/2009 7:02 PM 11808] S3 SASENUM; SASENUM; C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [2.16.2006 4:51 4096] --- Alte Servicii / Drivere în memoria --- * NewlyCreated * - SASDIFSV . Cuprins de la "Activităţi programate" dosar 2009-06-13 C: \ windows \ Tasks \ AppleSoftwareUpdate.job - C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2008-07-30 17:34] 2009-06-24 C: \ windows \ Tasks \ Malwarebytes' Anti-Malware.job - C: \ progra ~ 1 \ MALWAR ~ 1 \ mbam.exe [2008-05-19 00:52] . - - - - ORFANI ELIMINAT - - - -- SafeBoot-AVG Anti-Spyware Driver SafeBoot-AVG Anti-Spyware Guard . ------- Suplimentare Scan ------- . uStart Page = hxxp: / / google.com / IE: Adauga la Banner Ad Blocker - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm IE: E & xportaţi la Microsoft Excel - c: \ progra ~ 1 \ milionimi ~ 2 \ Office10 \ EXCEL.EXE/3000 DPF: Microsoft XML Parser pentru Java - file: / / c: \ windows \ Java \ Classes \ xmldso.cab DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll FF - ProfilePath -- . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit / stealth malware detector de Gmer, http://www.gmer.net Rootkit scan 2009-06-24 19:25 Windows 5.1.2600 Service Pack 3 NTFS scanare ascuns procese ... scanare ascuns autostart intrări ... scanare fişiere ascunse ... scanare sa finalizat cu succes fişiere ascunse: 0 ************************************************** ************************ . --------------------- Blocat chei din registri --------------------- [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b" = hex: 2e, E8, E1, 00, EB, 16,2 b, DE, ff, 66,8 f, 81, D1, 34, D2, D9, C8, 28,51, af, B0, 29, A3, 98, A9, C3, A8, 8a, 5e, D3, 39,87, E2, 63,26, F1, 3f, C8, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98 A-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b" = hex: 71,3 B, 04,66, 8b, 46,0 d, 96, C2, C2, DC, E4, A8, 65,45,2 E, 71,3 b, 04,66,8 B, 46,0 d, 96,21,7 c, aa, e9, A8, 42, 2f, C4, 6a, 9c, D6, 61, af, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "2c81e34222e8052573023a60d06dd016" = hex: 25, da, CE, 7e, 55,20, C9, 26, EB, A7, df, 4d, 25, C2, 62,83,25, da, CE, 7e, 55,20, C9, 26, a3, f2, 65, ed, 80,3 e, E4, F6, ff, 7c, 85, E0, 43, D4, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CC D-F60F-4708-AD98-D0152D08C8B9) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "2582ae41fb52324423be06337561aa48" = hex: 3e, 1e, 9e, E0, 57,5 a, 93,61, F2, A1, b4, 61,82, BB, AB, D5, 3e, 1e, 9e, E0, 57,5 A, 93,61,6 f, 0e, 5c, ae, CE, 4f, E7, 8d, 86,8 c, 21,01, fi, 91, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F 9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472" = hex: cd, 44, CD, B9, A6, 33,6 c, CD-uri, 91, D7, 7a, 29,97, C7, 40,4 b, CD-uri, 44, CD, B9, A6, 33,6 c, CD, 49,19,95,11,6 f, AC, 43,68, F5, 1d, 4d, 73, A8, 13, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E 8-7A56-4fb1-843B-3E52D94DB145) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d" = hex: df, 20,58,62, 78,6 b, a se vedea, C8, 7e, 4a, D5, 24,8 d, 3a, 49, C4, B0, 18, ed, A7, 3f, 8d, 37, A4, 29, B5, 53,9 A, D3, 4a, 02,51, df, 20,58,62,78,6 B, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b" = hex: 31,77, E1, ba, B1, F8, 68,02,09, D4, 0b, f3, 53, bc, 62,26,31,77, E1, ba, B1, F8, 68,02,77, C3, DE, C6, 98,79, 54,2 c, fb, A7, 78, E6, 12,2 f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654C A-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d" = hex: 01,3 A, 48, FC, E8, 04,4 A, F1, df, 00, D5, 43, FF, F8, 0f, f3, 83,6 c, 56,8 b, A0, 85,96, AB, D5, 19,39,90, da, 30, 2a, 05,01,3 A, 48, FC, E8, 04, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3" = hex: F6, 0f, 4e, 58, 98,5 B, 89, C9, 6a, / buc, F8, C4, 82, 1a, 7f, D8, 51, fa, 6e, 91,28,9 E, 14, cc, 82, AC, 7a, 83, EB, 90, 81, C6, F6, 0f, 4e, 58,98,5 B, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE 5-B0E2-4288-8073-C02FF9619B6F) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b" = hex: 3d, CE, / buc, 26, 2d, 45, aa, 78,0 b, ba, 41,78,8 A, c9, 90,04, B1, CD-uri, 45,5 A, A8, C4, F8, B9, 6b, C6, A2, 44,8 d, 59, A6, F5, 3d, CE, / buc, 26,2 d, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6" = hex: 2A, b7, cc, B5, B9, 7f, 41, E7, 5d, 45,06,19,5 e, 30,20, E6, E3, 0e, 66, D5, EB, BC, 2f, 6b, E1, 69,31, AC, dd, ba, 7f, 02,2 A, b7, cc, B5, B9, 7f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2" = hex: fa, / buc, 66,7 f, D4, 3b, 6b, 70, A5, 97,0 A, 6e, 8a, CF, 52,73, fa, / buc, 66,7 f, D4, 3b, 6b, 70,30,24, / buc, 79, A1, 7b, 08,64,6 c, 43,2 d, 1e, aa, 22, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Installer \ userdata \ LocalSystem \ Componen TS \ h-€ | aaaa ¤ • € | U • Un ~ *] "AB141C35E9F4BF344B9FC010BB17F68A" = "" . --------------------- DLLs Loaded Sub Running Processes --------------------- - - - - - - -> "Winlogon.exe" (1028) C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL c: \ windows \ system32 \ klogon.dll - - - - - - -> "Explorer.exe" (3748) c: \ windows \ system32 \ WPDShServiceObj.dll c: \ windows \ system32 \ PortableDeviceTypes.dll c: \ windows \ system32 \ PortableDeviceApi.dll . ------------------------ Other Running Processes ----------------------- -- . C: \ Program Files \ Creative \ Shared Files \ CTAudSvc.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Bonjour \ mDNSResponder.exe c: \ windows \ system32 \ nvsvc32.exe c: \ windows \ system32 \ PnkBstrA.exe c: \ windows \ system32 \ rundll32.exe c: \ progra ~ 1 \ milionimi ~ 4 \ rapimgr.exe C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Centru \ EAXLoadr.exe C: \ Program Files \ iPod \ bin \ iPodService.exe c: \ windows \ system32 \ wscntfy.exe c: \ windows \ system32 \ CTxfispi.exe . ************************************************** ************************ . Completion time: 2009-06-24 19:29 - masina a fost repornită ComboFix-carantină-files.txt 2009-06-24 23:29 ComboFix2.txt 2008-05-20 17:05 Pre-Run: 65511231488 bytes liber Post-Run: 67799437312 bytes liber WindowsXP-KB310994-SP2-Pro-boot-ENU.exe [boot loader] timeout = 2 default = multi (0) disk (0) rdisk (1) partition (1) \ WINDOW S [sisteme de operare] C: \ cmdcons \ BOOTSECT.DAT = "Microsoft Windows Recovery Console" / cmdcons multi (0) disk (0) rdisk (1) partition (1) \ WINDOWS = "Micro soft Windows XP Professional" / noexecute = OptIn / fastdetect multi (0) disk (0) rdisk (0) partition (1) \ WINDOWS = "Micro soft Windows XP Professional" / fastdetect / noexecute = OptIn Current = 3 default = 3 Eşuare = 1 LastKnownGood = 4 seturi = 1,2,3,4 335 --- EOF --- 2009-06-11 03:03 |
|
#7
25 iunie 2009, 09:58
| |||
| |||
| Infectate cu MultiPacked.Multi.Generic Malware! Ştergeţi aceste fişiere / foldere, după cum urmează: 1. Du-te la Porni > Fugi > Tip Notepad.exe şi faceţi clic pe OK pentru a deschide Notepad. El / ea trebui fi Notepad, nu Wordpad. 2. Copia textul în caseta de mai jos codul de evidenţă tot textul şi apăsând Ctrl + C Cod: Killall:: RegLock:: [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98 A-A94F-4a5c-A67C - D8D3582C741C) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CC D-F60F-4708-AD98 - D0152D08C8B9) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F 9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E 8-7A56-4fb1-843B - 3E52D94DB145) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654C A-EB84-4df9-915B - 37E957082D6D) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE 5-B0E2-4288-8073 - C02FF9619B6F) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D - 1411304BCD84) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Installer \ userdata \ LocalSystem \ Componen TS \ h-€ | aaaa ¤ • € | U • Un ~ *] 4. Apoi, faceţi clic pe Dosar > Economisi 5. Nume de fişier CFScript.txt - Salvaţi fişierul pe spaţiul de lucru 6. Apoi, glisaţi CFScript (ţineţi butonul stânga al mouse-ului în timp ce fişierul de lungă durată) şi fixaţi-l (de eliberare din stânga mouse-ul) în ComboFix.exe după cum puteţi vedea în imaginea de mai jos. Important: Efectua această instrucţiune cu atenţie! ComboFix vor începe să execute, urmaţi solicitările. După repornirea sistemului (în cazul în care le cere să reporniţi), aceasta va produce un jurnal pentru tine. Post că jurnal (Combofix.txt) în următoarea replică. Notă: Nu mouseclick ComboFix de fereastră în timp ce se execută. Care pot determina sistemul dvs. pentru a se congela ---------- De asemenea, lasă-mă să ştiu cum în care computerul execută acum. .
__________________ |
|
#8
25 iunie 2009, 16:17
| |||
| |||
| Infectate cu MultiPacked.Multi.Generic Malware! ComboFix 09-06-23.01 - Mouse 06/25/2009 19:04.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1597 [GMT -4:00] Rularea de la: C: \ Documents and Settings \ Mouse \ Desktop \ ComboFix.exe Command comutatoare utilizat:: c: \ Documents and Settings \ Mouse \ Desktop \ CFScript.txt AV: Kaspersky Internet Security * acces on-scanare cu handicap * (Actualizat) (2C4D4BC6-0793-4956-A9F9-E252435469C0) FW: Kaspersky Internet Security cu handicap * * (2C4D4BC6-0793-4956-A9F9-E252435469C0) . Alte ((((((((((((((((((((((((((((((((((((((( ştergerile ))))))))) )))))))))))))))))))))))))))))))))))))))) . c: \ windows \ system32 \ drivers \ kl1.sys . ((((((((((((((((((((((((( Fişierele create de 2009-05-25 la 2009-06-25 ))))))))))) )))))))))))))))))))) . 2009-06-24 23:28. 2009-06-24 23:28 dc -------- ---- W-c: \ windows \ system32 \ dllcache \ cache 2009-06-23 18:47. 2009-06-24 16:37 117760 ---- AW-C: \ Documents and Settings \ Mouse \ Application Data \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009-06-17 17:58. 2009-06-17 18:10 ----- -------- d-w C: \ Program Files \ LSoft Tehnologii 2009-06-13 16:32. 2009-06-13 16:32 ----- -------- d-w C: \ Program Files \ iPod 2009-06-13 16:32. 2009-06-13 16:32 ----- -------- d-w C: \ Program Files \ iTunes 2009-06-13 16:28. 2009-06-13 16:29 ----- -------- d-w C: \ Program Files \ QuickTime 2009-06-13 16:23. 2009-06-13 16:23 75048 ---- AW-C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer \ Installer Cache \ iTunes 8.2.0.23 \ SetupAdmin.exe 2009-06-10 23:14. 2001-08-18 02:36 462848-C - AW-c: \ windows \ system32 \ dllcache \ a3dapi.dll 2009-06-10 23:14. 2001-08-18 02:36 462848 ---- AW-c: \ windows \ system32 \ a3dapi.dll 2009-06-10 23:13. 2009-06-11 07:20 ----- -------- d-w C: \ Descent3 2009-06-10 23:13. 2009-06-10 23:13 ----- -------- d-w C: \ Jocuri 2009-06-10 20:13. 2009-05-07 15:32 345600-c ---- W-c: \ windows \ system32 \ dllcache \ localspl.dll 2009-06-10 20:13. 2009-04-15 14:51 585216-c ---- W-c: \ windows \ system32 \ dllcache \ Rpcrt4.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Raport )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009-06-25 23:11. 2008-05-16 03:35 ----- -------- d-w C: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab 2009-06-25 23:09. 2008-05-16 03:35 761888 - SHA-m-c: \ windows \ system32 \ drivers \ fidbox2.dat 2009-06-25 23:09. 2008-05-16 03:35 64388 - SHA-m-c: \ windows \ system32 \ drivers \ fidbox.idx 2009-06-25 23:09. 2008-05-16 03:35 4571424 - SHA-m-c: \ windows \ system32 \ drivers \ fidbox.dat 2009-06-25 23:09. 2008-05-16 03:35 29696 - SHA-m-c: \ windows \ system32 \ drivers \ fidbox2.idx 2009-06-24 23:59. 2008-01-29 22:29 33808 ---- AW-c: \ windows \ system32 \ drivers \ klbg.sys 2009-06-24 23:59. 2009-02-05 00:58 33808 ---- AW-C: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ temporare Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ klbg.sys 2009-06-24 23:59. 2008-05-16 03:36 94643 ---- AW-c: \ windows \ system32 \ drivers \ klick.dat 2009-06-24 23:59. 2008-05-16 03:36 105395 ---- AW-c: \ windows \ system32 \ drivers \ klin.dat 2009-06-24 23:59. 2008-07-17 23:08 213520 ---- AW-C: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ temporare Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ XP \ klif.sys 2009-06-24 23:59. 2008-07-17 23:08 861448 ---- AW-C: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ temporare Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ updater.dll 2009-06-24 21:09. 2008-05-17 00:25 ----- -------- d-w C: \ Documents and Settings \ Mouse \ Application Data \ LimeWire 2009-06-24 16:37. 2008-05-19 02:02 ----- -------- d-w C: \ Program Files \ SUPERAntiSpyware 2009-06-23 19:00. 2008-10-16 02:40 ----- -------- d-w C: \ Program Files \ Pando Networks 2009-06-23 18:59. 2008-11-29 18:36 ----- -------- d-w C: \ Program Files \ palmOne 2009-06-21 23:00. 2009-02-09 03:50 138184 ---- AW-c: \ windows \ system32 \ drivers \ PnkBstrK.sys 2009-06-21 23:00. 2009-02-09 03:50 183112 ---- AW-c: \ windows \ system32 \ PnkBstrB.exe 2009-06-18 22:35. 2008-06-17 15:40 ----- -------- d-w C: \ Program Files \ Diablo II 2009-06-18 22:31. 2008-06-02 00:09 -------- d --- AW-C: \ Documents and Settings \ All Users \ Application Data \ TEMP 2009-06-17 22:51. 2008-05-15 04:41 ----- -------- d-w C: \ Documents and Settings \ Mouse \ Application Data \ uTorrent 2009-06-13 16:32. 2008-08-19 04:10 ----- -------- d-w C: \ Program Files \ Common Files \ Apple 2009-05-17 20:58. 2009-05-17 20:58 ----- -------- d-w C: \ Program Files \ LG Electronics 2009-05-17 20:58. 2008-05-12 09:20 -------- d - h - C-C: \ Program Files \ InstallShield Installation Information 2009-05-17 20:57. 2008-05-12 09:20 ----- -------- d-w C: \ Program Files \ Common Files \ InstallShield 2009-05-07 15:32. 2003-03-31 12:00 345600 ---- AW-c: \ windows \ system32 \ localspl.dll 2009-04-29 04:46. 2003-03-31 12:00 666624 ---- AW-c: \ windows \ system32 \ Wininet.dll 2009-04-29 04:46. 2008-05-16 21:18 81920 ------ m-c: \ windows \ system32 \ ieencode.dll 2009-04-28 10:48. 2008-05-17 00:24 ----- -------- d-w C: \ Program Files \ Java 2009-04-28 10:47. 2009-04-28 10:47 152576 ---- AW-C: \ Documents and Settings \ Mouse \ Application Data \ duminică \ Java \ jre1.6.0_13 \ lzma.dll 2009-04-17 12:26. 2003-03-31 12:00 1847168 ---- AW-c: \ windows \ system32 \ Win32k.sys 2009-04-15 14:51. 2003-03-31 12:00 585216 ---- AW-c: \ windows \ system32 \ Rpcrt4.dll 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- AR-C: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe1_B5F7ED63E4D54BE694F0 F06A2CCC5374.exe 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- AR-C: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe_B5F7ED63E4D54BE694F0F 06A2CCC5374_1.exe 2009-04-08 06:13. 2009-04-08 06:13 10134 ---- AR-C: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ ARPPRODUCTICON.exe 2009-04-05 23:39. 2008-05-16 02:24 23032 ---- AW-C: \ Documents and Settings \ Mouse \ Local Settings \ Application Data \ GDIPFONTCACHEV1.DAT 2009-04-05 23:27. 2009-04-05 23:28 5433520 ---- AW-c: \ windows \ system32 \ SpoonUninstall.exe . ((((((((((((((((((((((((((((( SnapShot@2009-06-24_23.25.37 )))))))))))) ))))))))))))))))))))))))))))) . + 2008-03-26 00:07. 2008-03-26 00:07 24592 C: \ windows \ system32 \ drivers \ klim5.sys - 2007-12-13 17:28. 2008-03-26 00:07 24592 C: \ windows \ system32 \ drivers \ klim5.sys + 2009-06-24 23:28. 2008-10-16 19:09 51224 C: \ windows \ system32 \ dllcache \ cache \ wuauclt.exe + 2009-06-24 23:28. 2008-04-14 00:12 82432 C: \ windows \ system32 \ dllcache \ cache \ ws2_32.dll + 2009-06-24 23:28. 2008-04-14 00:12 26112 C: \ windows \ system32 \ dllcache \ cache \ userinit.exe + 2009-06-24 23:28. 2008-04-14 00:12 14336 C: \ windows \ system32 \ dllcache \ cache \ svchost.exe + 2009-06-24 23:28. 2008-04-14 00:12 57856 C: \ windows \ system32 \ dllcache \ cache \ Spoolsv.exe + 2009-06-24 23:28. 2008-04-14 00:12 17408 C: \ windows \ system32 \ dllcache \ cache \ powrprof.dll + 2009-06-24 23:28. 2008-04-14 00:12 13312 C: \ windows \ system32 \ dllcache \ cache \ lsass.exe + 2009-06-24 23:28. 2008-04-13 18:39 24576 C: \ windows \ system32 \ dllcache \ cache \ kbdclass.sys + 2009-06-24 23:28. 2008-04-13 18:53 36608 C: \ windows \ system32 \ dllcache \ cache \ ip6fw.sys + 2009-06-24 23:28. 2008-04-14 00:12 15360 C: \ windows \ system32 \ dllcache \ cache \ Ctfmon.exe - 2008-04-18 17:53. 2009-02-05 00:58 213520 C: \ windows \ system32 \ drivers \ klif.sys + 2008-04-18 17:53. 2009-06-24 23:59 213520 C: \ windows \ system32 \ drivers \ klif.sys + 2009-06-24 23:28. 2008-04-14 00:12 507904 C: \ windows \ system32 \ dllcache \ cache \ winlogon.exe + 2009-06-24 23:28. 2009-04-29 04:46 666624 C: \ windows \ system32 \ dllcache \ cache \ Wininet.dll + 2009-06-24 23:28. 2008-04-14 00:12 578560 C: \ windows \ system32 \ dllcache \ cache \ user32.dll + 2009-06-24 23:28. 2008-04-14 00:12 295424 C: \ windows \ system32 \ dllcache \ cache \ termsrv.dll + 2009-06-24 23:28. 2008-06-20 11:51 361600 C: \ windows \ system32 \ dllcache \ cache \ tcpip.sys + 2009-06-24 23:28. 2009-02-06 11:11 110592 C: \ windows \ system32 \ dllcache \ cache \ services.exe + 2009-06-24 23:28. 2008-04-13 19:20 182656 C: \ windows \ system32 \ dllcache \ cache \ ndis.sys + 2009-06-24 23:28. 2009-03-21 14:06 989696 C: \ windows \ system32 \ dllcache \ cache \ Kernel32.dll + 2009-06-24 23:28. 2008-04-14 00:11 110080 C: \ windows \ system32 \ dllcache \ cache \ imm32.dll + 2009-06-24 23:28. 2008-04-14 00:11 167936 C: \ windows \ system32 \ dllcache \ cache \ appmgmts.dll + 2009-06-24 23:28. 2008-04-14 00:12 1614848 C: \ windows \ system32 \ dllcache \ cache \ sfcfiles.dll + 2009-06-24 23:28. 2009-02-06 11:06 2145280 C: \ windows \ system32 \ dllcache \ cache \ ntoskrnl.exe + 2009-06-24 23:28. 2009-02-06 10:32 2023936 C: \ windows \ system32 \ dllcache \ cache \ ntkrnlpa.exe + 2009-06-24 23:28. 2008-04-14 00:12 1033728 C: \ windows \ system32 \ dllcache \ cache \ explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Se incarca Puncte )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Nota * gol intrări & legit default intrări nu sunt afişate REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "Ctfmon.exe" = "c: \ windows \ system32 \ Ctfmon.exe" [2008-04-14 15360] "H / PC Connection Agent" = "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2008-05-03 13529088] "CTDVDDET" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE" [2003-06-18 45056] "RCSystem" = "C: \ Program Files \ Creative \ Shared Files \ Modulul Loader \ DLLML.exe" [2005-11-04 49152] "AudioDrvEmulator" = "C: \ Program Files \ Creative \ Shared Files \ Modulul Loader \ DLLML.exe" [2005-11-04 49152] "VolPanel" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volumul Panel \ VolPanlu.exe" [2006-07-28 122880] "NvMediaCenter" = "c: \ windows \ system32 \ NvMcTray. Dll" [2008-05-03 86016] "AVP" = "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" [2009-02-05 201992] "QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2009-05-26 413696] "AppleSyncNotifier" = "C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleSyncNotifier.exe" [2009-05-14 177472] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-06-05 292136] "CTHelper" = "CTHELPER.EXE" - c: \ windows \ system32 \ CtHelper.exe [2008-02-21 19456] "CTxfiHlp" = "CTXFIHLP.EXE" - c: \ windows \ system32 \ Ctxfihlp.exe [2008-02-21 19968] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ windows \ curr entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2009-01-01 77824] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ notifice \! SASWinLogon] 2009-01-01 04:29 356352 ---- AW-C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ SafeBoot \ Minimal \ Wdf01000.sys] @ = "Driver" [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ ^ Toate Utilizatorii Start Menu ^ Programs ^ Startup ^ Adobe Gamma Loader.lnk] path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Adobe Gamma Loader.lnk backup = c: \ windows \ pss \ Adobe Gamma Loader.lnkCommon Startup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ ^ Toate Utilizatorii Start Menu ^ Programs ^ Startup ^ HOTSYNCSHORTCUTNAME.lnk] path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ HOTSYNCSHORTCUTNAME.lnk backup = c: \ windows \ pss \ n HOTSYNCSHORTCUTNAME.lnkCommo Startup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ ^ Toate Utilizatorii Start Menu ^ Programs ^ Startup ^ Microsoft Office.lnk] path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Microsoft Office.lnk backup = c: \ windows \ pss \ Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ servicii] "StyleXPService" = 2 (0x2) "PLFlash DeviceIoControl Service" = 2 (0x2) "NMIndexingService" = 3 (0x3) "Nero BackItUp Scheduler 3" = 2 (0x2) "MDM" = 2 (0x2) "ZuneNetworkSvc" = 3 (0x3) "WMPNetworkSvc" = 3 (0x3) "npkcmsvc" = 2 (0x2) "JavaQuickStarterService" = 2 (0x2) "IDriverT" = 3 (0x3) "iPod Service" = 3 (0x3) "idsvc" = 3 (0x3) "Adobe LM Service" = 3 (0x3) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center] "AntiVirusOverride" = dword: 00000001 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitorizarea \ KasperskyAntiVirus] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile] "EnableFirewall" = 0 (0x0) [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ Lista] "% WINDIR% \ \ system32 \ \ sessmgr.exe" = "c: \ \ Program Files \ \ uTorrent \ \ uTorrent.exe" = "c: \ \ Program Files \ \ Veoh Networks \ \ Veoh \ \ VeohClient.exe" = "c: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "c: \ \ Program Files \ \ Sierra \ \ Frica \ \ FEAR.exe" = "c: \ \ Program Files \ \ Xfire \ \ xfire.exe" = "c: \ \ Program Files \ \ Ubisoft \ Assassin's Creed \ \ AssassinsCreed_Dx9.exe" = "c: \ \ Program Files \ \ Ubisoft \ Assassin's Creed \ \ AssassinsCreed_Dx10.exe" = "c: \ \ Program Files \ \ Ubisoft \ Assassin's Creed \ \ AssassinsCreed_Launcher.exe" = "c: \ \ Documents and Settings \ \ All Users \ \ Application Data \ \ Kaspersky Lab Setup Files \ \ Kaspersky Internet Security 2009 \ \ engleză \ \ setup.exe" = "C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync RAPI Manager "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" = C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Connection Manager "C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Application "% WINDIR% \ \ Reţeaua de diagnostic \ \ xpnetdiag.exe" = "c: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" = "c: \ \ Program Files \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" = "c: \ \ Program Files \ \ AIM6 \ \ aim6.exe" = "c: \ \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" = "c: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ Lista] "6112: TCP" = 6112: TCP: Diablo 2 "26675: TCP" = 26675: TCP: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Service "58398: TCP" = 58398: TCP: Pando Media Booster "58398: UDP" = 58398: UDP: Pando Media Booster R0 klbg; Kaspersky Lab Boot Garda Driver; c: \ windows \ system32 \ drivers \ klbg.sys [1.29.2008 6:29 33808] R1 SASDIFSV; SASDIFSV; C: \ Program Files \ SUPERAntiSpyware \ SASDIFSV.SYS [2.29.2008 4:03 9968] R1 SASKUTIL; SASKUTIL; C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [2.29.2008 4:03 55024] R1 UGURU; UGURU; c: \ windows \ system32 \ drivers \ uGuru.sys [5.12.2008 5:23 14592] R3 KLFLTDEV; Kaspersky Lab KLFltDev; c: \ windows \ system32 \ drivers \ klfltdev.sys [3.13.2008 7:02 26640] R3 klim5; Kaspersky Anti-Virus NDIS Filter; C: \ windows \ system32 \ drivers \ klim5.sys [3.25.2008 8:07 24592] S2 Cubase32; Cubase32; c: \ windows \ system32 \ drivers \ Cuba se32.sys [4/5/2009 7:02 PM 11808] S3 SASENUM; SASENUM; C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [2.16.2006 4:51 4096] . Cuprins de la "Activităţi programate" dosar 2009-06-13 C: \ windows \ Tasks \ AppleSoftwareUpdate.job - C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2008-07-30 17:34] 2009-06-25 C: \ windows \ Tasks \ Malwarebytes' Anti-Malware.job - C: \ progra ~ 1 \ MALWAR ~ 1 \ mbam.exe [2008-05-19 00:52] . . ------- Suplimentare Scan ------- . uStart Page = hxxp: / / google.com / IE: Adauga la Banner Ad Blocker - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm IE: E & xportaţi la Microsoft Excel - c: \ progra ~ 1 \ milionimi ~ 2 \ Office10 \ EXCEL.EXE/3000 DPF: Microsoft XML Parser pentru Java - file: / / c: \ windows \ Java \ Classes \ xmldso.cab DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll FF - ProfilePath -- . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit / stealth malware detector de Gmer, http://www.gmer.net Rootkit scan 2009-06-25 19:11 Windows 5.1.2600 Service Pack 3 NTFS scanare ascuns procese ... scanare ascuns autostart intrări ... scanare fişiere ascunse ... scanare sa finalizat cu succes fişiere ascunse: 0 ************************************************** ************************ . --------------------- Blocat chei din registri --------------------- [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b" = hex: 2e, E8, E1, 00, EB, 16,2 b, DE, ff, 66,8 f, 81, D1, 34, D2, D9, C8, 28,51, af, B0, 29, A3, 98, A9, C3, A8, 8a, 5e, D3, 39,87, E2, 63,26, F1, 3f, C8, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98 A-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b" = hex: 71,3 B, 04,66, 8b, 46,0 d, 96, C2, C2, DC, E4, A8, 65,45,2 E, 71,3 b, 04,66,8 B, 46,0 d, 96,21,7 c, aa, e9, A8, 42, 2f, C4, 6a, 9c, D6, 61, af, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "2c81e34222e8052573023a60d06dd016" = hex: 25, da, CE, 7e, 55,20, C9, 26, EB, A7, df, 4d, 25, C2, 62,83,25, da, CE, 7e, 55,20, C9, 26, a3, f2, 65, ed, 80,3 e, E4, F6, ff, 7c, 85, E0, 43, D4, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CC D-F60F-4708-AD98-D0152D08C8B9) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "2582ae41fb52324423be06337561aa48" = hex: 3e, 1e, 9e, E0, 57,5 a, 93,61, F2, A1, b4, 61,82, BB, AB, D5, 3e, 1e, 9e, E0, 57,5 A, 93,61,6 f, 0e, 5c, ae, CE, 4f, E7, 8d, 86,8 c, 21,01, fi, 91, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F 9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472" = hex: cd, 44, CD, B9, A6, 33,6 c, CD-uri, 91, D7, 7a, 29,97, C7, 40,4 b, CD-uri, 44, CD, B9, A6, 33,6 c, CD, 49,19,95,11,6 f, AC, 43,68, F5, 1d, 4d, 73, A8, 13, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E 8-7A56-4fb1-843B-3E52D94DB145) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d" = hex: df, 20,58,62, 78,6 b, a se vedea, C8, 7e, 4a, D5, 24,8 d, 3a, 49, C4, B0, 18, ed, A7, 3f, 8d, 37, A4, 29, B5, 53,9 A, D3, 4a, 02,51, df, 20,58,62,78,6 B, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b" = hex: 31,77, E1, ba, B1, F8, 68,02,09, D4, 0b, f3, 53, bc, 62,26,31,77, E1, ba, B1, F8, 68,02,77, C3, DE, C6, 98,79, 54,2 c, fb, A7, 78, E6, 12,2 f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654C A-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d" = hex: 01,3 A, 48, FC, E8, 04,4 A, F1, df, 00, D5, 43, FF, F8, 0f, f3, 83,6 c, 56,8 b, A0, 85,96, AB, D5, 19,39,90, da, 30, 2a, 05,01,3 A, 48, FC, E8, 04, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3" = hex: F6, 0f, 4e, 58, 98,5 B, 89, C9, 6a, / buc, F8, C4, 82, 1a, 7f, D8, 51, fa, 6e, 91,28,9 E, 14, cc, 82, AC, 7a, 83, EB, 90, 81, C6, F6, 0f, 4e, 58,98,5 B, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE 5-B0E2-4288-8073-C02FF9619B6F) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b" = hex: 3d, CE, / buc, 26, 2d, 45, aa, 78,0 b, ba, 41,78,8 A, c9, 90,04, B1, CD-uri, 45,5 A, A8, C4, F8, B9, 6b, C6, A2, 44,8 d, 59, A6, F5, 3d, CE, / buc, 26,2 d, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6" = hex: 2A, b7, cc, B5, B9, 7f, 41, E7, 5d, 45,06,19,5 e, 30,20, E6, E3, 0e, 66, D5, EB, BC, 2f, 6b, E1, 69,31, AC, dd, ba, 7f, 02,2 A, b7, cc, B5, B9, 7f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2" = hex: fa, / buc, 66,7 f, D4, 3b, 6b, 70, A5, 97,0 A, 6e, 8a, CF, 52,73, fa, / buc, 66,7 f, D4, 3b, 6b, 70,30,24, / buc, 79, A1, 7b, 08,64,6 c, 43,2 d, 1e, aa, 22, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Installer \ userdata \ LocalSystem \ Componen TS \ h-€ | aaaa ¤ • € | U • Un ~ *] "AB141C35E9F4BF344B9FC010BB17F68A" = "" . --------------------- DLLs Loaded Sub Running Processes --------------------- - - - - - - -> "Winlogon.exe" (1028) C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL c: \ windows \ system32 \ klogon.dll - - - - - - -> "Explorer.exe" (212) c: \ windows \ system32 \ WPDShServiceObj.dll c: \ windows \ system32 \ PortableDeviceTypes.dll c: \ windows \ system32 \ PortableDeviceApi.dll . ------------------------ Other Running Processes ----------------------- -- . C: \ Program Files \ Creative \ Shared Files \ CTAudSvc.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Bonjour \ mDNSResponder.exe c: \ windows \ system32 \ nvsvc32.exe c: \ windows \ system32 \ PnkBstrA.exe c: \ windows \ system32 \ rundll32.exe C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Centru \ EAXLoadr.exe c: \ progra ~ 1 \ milionimi ~ 4 \ rapimgr.exe C: \ Program Files \ iPod \ bin \ iPodService.exe c: \ windows \ system32 \ CTxfispi.exe c: \ windows \ system32 \ wscntfy.exe . ************************************************** ************************ . Completion time: 2009-06-25 19:14 - masina a fost repornită ComboFix-carantină-files.txt 2009-06-25 23:14 ComboFix2.txt 2009-06-24 23:29 ComboFix3.txt 2008-05-20 17:05 Pre-Run: 67819319296 bytes liber Post-Run: 67883995136 bytes liber Current = 3 default = 3 Eşuare = 1 LastKnownGood = 4 seturi = 1,2,3,4 310 --- EOF --- 2009-06-11 03:03 |
|
#9
25 iunie 2009, 18:13
| |||
| |||
| Infectate cu MultiPacked.Multi.Generic Malware! Îmi pare rău că am trecut cu ceva. Ştergeţi aceste fişiere / foldere, după cum urmează: 1. Du-te la Porni > Fugi > Tip Notepad.exe şi faceţi clic pe OK pentru a deschide Notepad. El / ea trebui fi Notepad, nu Wordpad. 2. Copia textul în caseta de mai jos codul de evidenţă tot textul şi apăsând Ctrl + C Cod: Killall:: RegLock:: [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98A-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373FB-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CCD-F60F-4708-AD98-D0152D08C8B9) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E8-7A56-4fb1-843B-3E52D94DB145) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654CA-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE5-B0E2-4288-8073-C02FF9619B6F) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (F8F02ADD-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Installer \ userdata \ LocalSystem \ Componente \ h-€ | aaaa ¤ • € | U • Un ~ *] 4. Apoi, faceţi clic pe Dosar > Economisi 5. Nume de fişier CFScript.txt - Salvaţi fişierul pe spaţiul de lucru 6. Apoi, glisaţi CFScript (ţineţi butonul stânga al mouse-ului în timp ce fişierul de lungă durată) şi fixaţi-l (de eliberare din stânga mouse-ul) în ComboFix.exe după cum puteţi vedea în imaginea de mai jos. Important: Efectua această instrucţiune cu atenţie! ComboFix vor începe să execute, urmaţi solicitările. După repornirea sistemului (în cazul în care le cere să reporniţi), aceasta va produce un jurnal pentru tine. Post că jurnal (Combofix.txt) în următoarea replică. Notă: Nu mouseclick ComboFix de fereastră în timp ce se execută. Care pot determina sistemul dvs. pentru a se congela ---------- De asemenea, lasă-mă să ştiu cum în care computerul execută acum. .
__________________ |
|
#10
26 iunie 2009, 00:59
| |||
| |||
| Infectate cu MultiPacked.Multi.Generic Malware! ComboFix 09-06-23.01 - Mouse 06/26/2009 3:47.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1564 [GMT -4:00] Rularea de la: C: \ Documents and Settings \ Mouse \ Desktop \ ComboFix.exe Command comutatoare utilizat:: c: \ Documents and Settings \ Mouse \ Desktop \ CFScript.txt AV: Kaspersky Internet Security * acces on-scanare cu handicap * (Actualizat) (2C4D4BC6-0793-4956-A9F9-E252435469C0) FW: Kaspersky Internet Security cu handicap * * (2C4D4BC6-0793-4956-A9F9-E252435469C0) . Alte ((((((((((((((((((((((((((((((((((((((( ştergerile ))))))))) )))))))))))))))))))))))))))))))))))))))) . c: \ windows \ system32 \ drivers \ kl1.sys . ((((((((((((((((((((((((( Fişierele create de 2009-05-26 la 2009-06-26 ))))))))))) )))))))))))))))))))) . 2009-06-24 23:28. 2009-06-24 23:28 dc -------- ---- W-c: \ windows \ system32 \ dllcache \ cache 2009-06-23 18:47. 2009-06-24 16:37 117760 ---- AW-C: \ Documents and Settings \ Mouse \ Application Data \ SUPERAntiSpyware.com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009-06-17 17:58. 2009-06-17 18:10 ----- -------- d-w C: \ Program Files \ LSoft Tehnologii 2009-06-13 16:32. 2009-06-13 16:32 ----- -------- d-w C: \ Program Files \ iPod 2009-06-13 16:32. 2009-06-13 16:32 ----- -------- d-w C: \ Program Files \ iTunes 2009-06-13 16:28. 2009-06-13 16:29 ----- -------- d-w C: \ Program Files \ QuickTime 2009-06-13 16:23. 2009-06-13 16:23 75048 ---- AW-C: \ Documents and Settings \ All Users \ Application Data \ Apple Computer \ Installer Cache \ iTunes 8.2.0.23 \ SetupAdmin.exe 2009-06-10 23:14. 2001-08-18 02:36 462848-C - AW-c: \ windows \ system32 \ dllcache \ a3dapi.dll 2009-06-10 23:14. 2001-08-18 02:36 462848 ---- AW-c: \ windows \ system32 \ a3dapi.dll 2009-06-10 23:13. 2009-06-11 07:20 ----- -------- d-w C: \ Descent3 2009-06-10 23:13. 2009-06-10 23:13 ----- -------- d-w C: \ Jocuri 2009-06-10 20:13. 2009-05-07 15:32 345600-c ---- W-c: \ windows \ system32 \ dllcache \ localspl.dll 2009-06-10 20:13. 2009-04-15 14:51 585216-c ---- W-c: \ windows \ system32 \ dllcache \ Rpcrt4.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Raport )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009-06-26 07:54. 2008-05-16 03:35 ----- -------- d-w C: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab 2009-06-26 07:52. 2008-05-16 03:35 761888 - SHA-m-c: \ windows \ system32 \ drivers \ fidbox2.dat 2009-06-26 07:52. 2008-05-16 03:35 64388 - SHA-m-c: \ windows \ system32 \ drivers \ fidbox.idx 2009-06-26 07:52. 2008-05-16 03:35 4571424 - SHA-m-c: \ windows \ system32 \ drivers \ fidbox.dat 2009-06-26 07:52. 2008-05-16 03:35 29696 - SHA-m-c: \ windows \ system32 \ drivers \ fidbox2.idx 2009-06-25 23:24. 2008-01-29 22:29 33808 ---- AW-c: \ windows \ system32 \ drivers \ klbg.sys 2009-06-25 23:24. 2008-05-16 03:36 94643 ---- AW-c: \ windows \ system32 \ drivers \ klick.dat 2009-06-25 23:24. 2008-05-16 03:36 105395 ---- AW-c: \ windows \ system32 \ drivers \ klin.dat 2009-06-25 23:24. 2009-02-05 00:58 33808 ---- AW-C: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ temporare Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ klbg.sys 2009-06-25 23:24. 2008-07-17 23:08 213520 ---- AW-C: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ temporare Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ XP \ klif.sys 2009-06-25 23:24. 2008-07-17 23:08 861448 ---- AW-C: \ Documents and Settings \ All Users \ Application Data \ Kaspersky Lab \ AVP8 \ Data \ Updater \ temporare Files \ temporaryFolder \ AutoPatches \ kav8exec \ 8.0.0.3 57 \ updater.dll 2009-06-24 21:09. 2008-05-17 00:25 ----- -------- d-w C: \ Documents and Settings \ Mouse \ Application Data \ LimeWire 2009-06-24 16:37. 2008-05-19 02:02 ----- -------- d-w C: \ Program Files \ SUPERAntiSpyware 2009-06-23 19:00. 2008-10-16 02:40 ----- -------- d-w C: \ Program Files \ Pando Networks 2009-06-23 18:59. 2008-11-29 18:36 ----- -------- d-w C: \ Program Files \ palmOne 2009-06-21 23:00. 2009-02-09 03:50 138184 ---- AW-c: \ windows \ system32 \ drivers \ PnkBstrK.sys 2009-06-21 23:00. 2009-02-09 03:50 183112 ---- AW-c: \ windows \ system32 \ PnkBstrB.exe 2009-06-18 22:35. 2008-06-17 15:40 ----- -------- d-w C: \ Program Files \ Diablo II 2009-06-18 22:31. 2008-06-02 00:09 -------- d --- AW-C: \ Documents and Settings \ All Users \ Application Data \ TEMP 2009-06-17 22:51. 2008-05-15 04:41 ----- -------- d-w C: \ Documents and Settings \ Mouse \ Application Data \ uTorrent 2009-06-13 16:32. 2008-08-19 04:10 ----- -------- d-w C: \ Program Files \ Common Files \ Apple 2009-05-17 20:58. 2009-05-17 20:58 ----- -------- d-w C: \ Program Files \ LG Electronics 2009-05-17 20:58. 2008-05-12 09:20 -------- d - h - C-C: \ Program Files \ InstallShield Installation Information 2009-05-17 20:57. 2008-05-12 09:20 ----- -------- d-w C: \ Program Files \ Common Files \ InstallShield 2009-05-07 15:32. 2003-03-31 12:00 345600 ---- AW-c: \ windows \ system32 \ localspl.dll 2009-04-29 04:46. 2003-03-31 12:00 666624 ---- AW-c: \ windows \ system32 \ Wininet.dll 2009-04-29 04:46. 2008-05-16 21:18 81920 ------ m-c: \ windows \ system32 \ ieencode.dll 2009-04-28 10:48. 2008-05-17 00:24 ----- -------- d-w C: \ Program Files \ Java 2009-04-28 10:47. 2009-04-28 10:47 152576 ---- AW-C: \ Documents and Settings \ Mouse \ Application Data \ duminică \ Java \ jre1.6.0_13 \ lzma.dll 2009-04-17 12:26. 2003-03-31 12:00 1847168 ---- AW-c: \ windows \ system32 \ Win32k.sys 2009-04-15 14:51. 2003-03-31 12:00 585216 ---- AW-c: \ windows \ system32 \ Rpcrt4.dll 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- AR-C: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe1_B5F7ED63E4D54BE694F0 F06A2CCC5374.exe 2009-04-08 06:13. 2009-04-08 06:13 45056 ---- AR-C: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ MapleStory.exe_B5F7ED63E4D54BE694F0F 06A2CCC5374_1.exe 2009-04-08 06:13. 2009-04-08 06:13 10134 ---- AR-C: \ Documents and Settings \ Mouse \ Application Data \ Microsoft \ Installer \ (B5F7ED63-E4D5-4BE6-94F0-F06A2CCC5374) \ ARPPRODUCTICON.exe 2009-04-05 23:39. 2008-05-16 02:24 23032 ---- AW-C: \ Documents and Settings \ Mouse \ Local Settings \ Application Data \ GDIPFONTCACHEV1.DAT 2009-04-05 23:27. 2009-04-05 23:28 5433520 ---- AW-c: \ windows \ system32 \ SpoonUninstall.exe . ((((((((((((((((((((((((((((( SnapShot@2009-06-24_23.25.37 )))))))))))) ))))))))))))))))))))))))))))) . + 2008-03-26 00:07. 2008-03-26 00:07 24592 C: \ windows \ system32 \ drivers \ klim5.sys - 2007-12-13 17:28. 2008-03-26 00:07 24592 C: \ windows \ system32 \ drivers \ klim5.sys + 2009-06-24 23:28. 2008-10-16 19:09 51224 C: \ windows \ system32 \ dllcache \ cache \ wuauclt.exe + 2009-06-24 23:28. 2008-04-14 00:12 82432 C: \ windows \ system32 \ dllcache \ cache \ ws2_32.dll + 2009-06-24 23:28. 2008-04-14 00:12 26112 C: \ windows \ system32 \ dllcache \ cache \ userinit.exe + 2009-06-24 23:28. 2008-04-14 00:12 14336 C: \ windows \ system32 \ dllcache \ cache \ svchost.exe + 2009-06-24 23:28. 2008-04-14 00:12 57856 C: \ windows \ system32 \ dllcache \ cache \ Spoolsv.exe + 2009-06-24 23:28. 2008-04-14 00:12 17408 C: \ windows \ system32 \ dllcache \ cache \ powrprof.dll + 2009-06-24 23:28. 2008-04-14 00:12 13312 C: \ windows \ system32 \ dllcache \ cache \ lsass.exe + 2009-06-24 23:28. 2008-04-13 18:39 24576 C: \ windows \ system32 \ dllcache \ cache \ kbdclass.sys + 2009-06-24 23:28. 2008-04-13 18:53 36608 C: \ windows \ system32 \ dllcache \ cache \ ip6fw.sys + 2009-06-24 23:28. 2008-04-14 00:12 15360 C: \ windows \ system32 \ dllcache \ cache \ Ctfmon.exe - 2008-04-18 17:53. 2009-02-05 00:58 213520 C: \ windows \ system32 \ drivers \ klif.sys + 2008-04-18 17:53. 2009-06-25 23:24 213520 C: \ windows \ system32 \ drivers \ klif.sys + 2009-06-24 23:28. 2008-04-14 00:12 507904 C: \ windows \ system32 \ dllcache \ cache \ winlogon.exe + 2009-06-24 23:28. 2009-04-29 04:46 666624 C: \ windows \ system32 \ dllcache \ cache \ Wininet.dll + 2009-06-24 23:28. 2008-04-14 00:12 578560 C: \ windows \ system32 \ dllcache \ cache \ user32.dll + 2009-06-24 23:28. 2008-04-14 00:12 295424 C: \ windows \ system32 \ dllcache \ cache \ termsrv.dll + 2009-06-24 23:28. 2008-06-20 11:51 361600 C: \ windows \ system32 \ dllcache \ cache \ tcpip.sys + 2009-06-24 23:28. 2009-02-06 11:11 110592 C: \ windows \ system32 \ dllcache \ cache \ services.exe + 2009-06-24 23:28. 2008-04-13 19:20 182656 C: \ windows \ system32 \ dllcache \ cache \ ndis.sys + 2009-06-24 23:28. 2009-03-21 14:06 989696 C: \ windows \ system32 \ dllcache \ cache \ Kernel32.dll + 2009-06-24 23:28. 2008-04-14 00:11 110080 C: \ windows \ system32 \ dllcache \ cache \ imm32.dll + 2009-06-24 23:28. 2008-04-14 00:11 167936 C: \ windows \ system32 \ dllcache \ cache \ appmgmts.dll + 2009-06-24 23:28. 2008-04-14 00:12 1614848 C: \ windows \ system32 \ dllcache \ cache \ sfcfiles.dll + 2009-06-24 23:28. 2009-02-06 11:06 2145280 C: \ windows \ system32 \ dllcache \ cache \ ntoskrnl.exe + 2009-06-24 23:28. 2009-02-06 10:32 2023936 C: \ windows \ system32 \ dllcache \ cache \ ntkrnlpa.exe + 2009-06-24 23:28. 2008-04-14 00:12 1033728 C: \ windows \ system32 \ dllcache \ cache \ explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Se incarca Puncte )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Nota * gol intrări & legit default intrări nu sunt afişate REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "Ctfmon.exe" = "c: \ windows \ system32 \ Ctfmon.exe" [2008-04-14 15360] "H / PC Connection Agent" = "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2008-05-03 13529088] "CTDVDDET" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ DVDAudio \ CTDVDDET.EXE" [2003-06-18 45056] "RCSystem" = "C: \ Program Files \ Creative \ Shared Files \ Modulul Loader \ DLLML.exe" [2005-11-04 49152] "AudioDrvEmulator" = "C: \ Program Files \ Creative \ Shared Files \ Modulul Loader \ DLLML.exe" [2005-11-04 49152] "VolPanel" = "C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Volumul Panel \ VolPanlu.exe" [2006-07-28 122880] "NvMediaCenter" = "c: \ windows \ system32 \ NvMcTray. Dll" [2008-05-03 86016] "AVP" = "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe" [2009-02-05 201992] "QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2009-05-26 413696] "AppleSyncNotifier" = "C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleSyncNotifier.exe" [2009-05-14 177472] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-06-05 292136] "CTHelper" = "CTHELPER.EXE" - c: \ windows \ system32 \ CtHelper.exe [2008-02-21 19456] "CTxfiHlp" = "CTXFIHLP.EXE" - c: \ windows \ system32 \ Ctxfihlp.exe [2008-02-21 19968] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ windows \ curr entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2009-01-01 77824] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ notifice \! SASWinLogon] 2009-01-01 04:29 356352 ---- AW-C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ SafeBoot \ Minimal \ Wdf01000.sys] @ = "Driver" [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ ^ Toate Utilizatorii Start Menu ^ Programs ^ Startup ^ Adobe Gamma Loader.lnk] path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Adobe Gamma Loader.lnk backup = c: \ windows \ pss \ Adobe Gamma Loader.lnkCommon Startup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ ^ Toate Utilizatorii Start Menu ^ Programs ^ Startup ^ HOTSYNCSHORTCUTNAME.lnk] path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ HOTSYNCSHORTCUTNAME.lnk backup = c: \ windows \ pss \ n HOTSYNCSHORTCUTNAME.lnkCommo Startup [HKLM \ ~ \ startupfolder \ C: ^ Documents and Settings ^ ^ Toate Utilizatorii Start Menu ^ Programs ^ Startup ^ Microsoft Office.lnk] path = C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Microsoft Office.lnk backup = c: \ windows \ pss \ Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ servicii] "StyleXPService" = 2 (0x2) "PLFlash DeviceIoControl Service" = 2 (0x2) "NMIndexingService" = 3 (0x3) "Nero BackItUp Scheduler 3" = 2 (0x2) "MDM" = 2 (0x2) "ZuneNetworkSvc" = 3 (0x3) "WMPNetworkSvc" = 3 (0x3) "npkcmsvc" = 2 (0x2) "JavaQuickStarterService" = 2 (0x2) "IDriverT" = 3 (0x3) "iPod Service" = 3 (0x3) "idsvc" = 3 (0x3) "Adobe LM Service" = 3 (0x3) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center] "AntiVirusOverride" = dword: 00000001 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitorizarea \ KasperskyAntiVirus] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile] "EnableFirewall" = 0 (0x0) [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ Lista] "% WINDIR% \ \ system32 \ \ sessmgr.exe" = "c: \ \ Program Files \ \ uTorrent \ \ uTorrent.exe" = "c: \ \ Program Files \ \ Veoh Networks \ \ Veoh \ \ VeohClient.exe" = "c: \ \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "c: \ \ Program Files \ \ Sierra \ \ Frica \ \ FEAR.exe" = "c: \ \ Program Files \ \ Xfire \ \ xfire.exe" = "c: \ \ Program Files \ \ Ubisoft \ Assassin's Creed \ \ AssassinsCreed_Dx9.exe" = "c: \ \ Program Files \ \ Ubisoft \ Assassin's Creed \ \ AssassinsCreed_Dx10.exe" = "c: \ \ Program Files \ \ Ubisoft \ Assassin's Creed \ \ AssassinsCreed_Launcher.exe" = "c: \ \ Documents and Settings \ \ All Users \ \ Application Data \ \ Kaspersky Lab Setup Files \ \ Kaspersky Internet Security 2009 \ \ engleză \ \ setup.exe" = "C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync RAPI Manager "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" = C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Connection Manager "C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Application "% WINDIR% \ \ Reţeaua de diagnostic \ \ xpnetdiag.exe" = "c: \ \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" = "c: \ \ Program Files \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" = "c: \ \ Program Files \ \ AIM6 \ \ aim6.exe" = "c: \ \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" = "c: \ \ Program Files \ \ iTunes \ \ iTunes.exe" = [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ Lista] "6112: TCP" = 6112: TCP: Diablo 2 "26675: TCP" = 26675: TCP: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Service "58398: TCP" = 58398: TCP: Pando Media Booster "58398: UDP" = 58398: UDP: Pando Media Booster R0 klbg; Kaspersky Lab Boot Garda Driver; c: \ windows \ system32 \ drivers \ klbg.sys [1.29.2008 6:29 33808] R1 SASDIFSV; SASDIFSV; C: \ Program Files \ SUPERAntiSpyware \ SASDIFSV.SYS [2.29.2008 4:03 9968] R1 SASKUTIL; SASKUTIL; C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [2.29.2008 4:03 55024] R1 UGURU; UGURU; c: \ windows \ system32 \ drivers \ uGuru.sys [5.12.2008 5:23 14592] R3 KLFLTDEV; Kaspersky Lab KLFltDev; c: \ windows \ system32 \ drivers \ klfltdev.sys [3.13.2008 7:02 26640] R3 klim5; Kaspersky Anti-Virus NDIS Filter; C: \ windows \ system32 \ drivers \ klim5.sys [3.25.2008 8:07 24592] S2 Cubase32; Cubase32; c: \ windows \ system32 \ drivers \ Cuba se32.sys [4/5/2009 7:02 PM 11808] S3 SASENUM; SASENUM; C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [2.16.2006 4:51 4096] . Cuprins de la "Activităţi programate" dosar 2009-06-13 C: \ windows \ Tasks \ AppleSoftwareUpdate.job - C: \ Program Files \ Apple Software Update \ SoftwareUpdate.exe [2008-07-30 17:34] 2009-06-26 C: \ windows \ Tasks \ Malwarebytes' Anti-Malware.job - C: \ progra ~ 1 \ MALWAR ~ 1 \ mbam.exe [2008-05-19 00:52] . . ------- Suplimentare Scan ------- . uStart Page = hxxp: / / google.com / IE: Adauga la Banner Ad Blocker - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm IE: E & xportaţi la Microsoft Excel - c: \ progra ~ 1 \ milionimi ~ 2 \ Office10 \ EXCEL.EXE/3000 DPF: Microsoft XML Parser pentru Java - file: / / c: \ windows \ Java \ Classes \ xmldso.cab DPF: (463ED66E-431B-11D2-ADB0-0080C83DA4EB) - hxxps: / / w3s.webmoney.ru/WMAcceptor.dll FF - ProfilePath -- . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit / stealth malware detector de Gmer, http://www.gmer.net Rootkit scan 2009-06-26 03:54 Windows 5.1.2600 Service Pack 3 NTFS scanare ascuns procese ... scanare ascuns autostart intrări ... scanare fişiere ascunse ... scanare sa finalizat cu succes fişiere ascunse: 0 ************************************************** ************************ . --------------------- Blocat chei din registri --------------------- [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (47629D4 B-2AD3-4e50-B716-A66C15C63153) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b" = hex: 2e, E8, E1, 00, EB, 16,2 b, DE, ff, 66,8 f, 81, D1, 34, D2, D9, C8, 28,51, af, B0, 29, A3, 98, A9, C3, A8, 8a, 5e, D3, 39,87, E2, 63,26, F1, 3f, C8, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (604BB98 A-A94F-4a5c-A67C-D8D3582C741C) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b" = hex: 71,3 B, 04,66, 8b, 46,0 d, 96, C2, C2, DC, E4, A8, 65,45,2 E, 71,3 b, 04,66,8 B, 46,0 d, 96,21,7 c, aa, e9, A8, 42, 2f, C4, 6a, 9c, D6, 61, af, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (684373F B-9CD8-4e47-B990-5A4466C16034) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "2c81e34222e8052573023a60d06dd016" = hex: 25, da, CE, 7e, 55,20, C9, 26, EB, A7, df, 4d, 25, C2, 62,83,25, da, CE, 7e, 55,20, C9, 26, a3, f2, 65, ed, 80,3 e, E4, F6, ff, 7c, 85, E0, 43, D4, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (74554CC D-F60F-4708-AD98-D0152D08C8B9) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "2582ae41fb52324423be06337561aa48" = hex: 3e, 1e, 9e, E0, 57,5 a, 93,61, F2, A1, b4, 61,82, BB, AB, D5, 3e, 1e, 9e, E0, 57,5 A, 93,61,6 f, 0e, 5c, ae, CE, 4f, E7, 8d, 86,8 c, 21,01, fi, 91, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (7EB537F 9-A916-4339-B91B-DED8E83632C0) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472" = hex: cd, 44, CD, B9, A6, 33,6 c, CD-uri, 91, D7, 7a, 29,97, C7, 40,4 b, CD-uri, 44, CD, B9, A6, 33,6 c, CD, 49,19,95,11,6 f, AC, 43,68, F5, 1d, 4d, 73, A8, 13, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (948395E 8-7A56-4fb1-843B-3E52D94DB145) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d" = hex: df, 20,58,62, 78,6 b, a se vedea, C8, 7e, 4a, D5, 24,8 d, 3a, 49, C4, B0, 18, ed, A7, 3f, 8d, 37, A4, 29, B5, 53,9 A, D3, 4a, 02,51, df, 20,58,62,78,6 B, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (AC3ED30 B-6F1A-4bfc-A4F6-2EBDCCD34C19) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b" = hex: 31,77, E1, ba, B1, F8, 68,02,09, D4, 0b, f3, 53, bc, 62,26,31,77, E1, ba, B1, F8, 68,02,77, C3, DE, C6, 98,79, 54,2 c, fb, A7, 78, E6, 12,2 f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (DE5654C A-EB84-4df9-915B-37E957082D6D) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d" = hex: 01,3 A, 48, FC, E8, 04,4 A, F1, df, 00, D5, 43, FF, F8, 0f, f3, 83,6 c, 56,8 b, A0, 85,96, AB, D5, 19,39,90, da, 30, 2a, 05,01,3 A, 48, FC, E8, 04, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (E39C35E 8-7488-4926-92B2-2F94619AC1A5) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3" = hex: F6, 0f, 4e, 58, 98,5 B, 89, C9, 6a, / buc, F8, C4, 82, 1a, 7f, D8, 51, fa, 6e, 91,28,9 E, 14, cc, 82, AC, 7a, 83, EB, 90, 81, C6, F6, 0f, 4e, 58,98,5 B, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (EACAFCE 5-B0E2-4288-8073-C02FF9619B6F) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b" = hex: 3d, CE, / buc, 26, 2d, 45, aa, 78,0 b, ba, 41,78,8 A, c9, 90,04, B1, CD-uri, 45,5 A, A8, C4, F8, B9, 6b, C6, A2, 44,8 d, 59, A6, F5, 3d, CE, / buc, 26,2 d, 45, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (F8F02AD D-7366-4186-9488-C21CB8B3DCEC) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6" = hex: 2A, b7, cc, B5, B9, 7f, 41, E7, 5d, 45,06,19,5 e, 30,20, E6, E3, 0e, 66, D5, EB, BC, 2f, 6b, E1, 69,31, AC, dd, ba, 7f, 02,2 A, b7, cc, B5, B9, 7f, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ (FEE45DE 2-A467-4bf9-BF2D-1411304BCD84) \ InprocServer32 *] "ThreadingModel" = "Apartment" @ = "C: \ \ WINDOWS \ \ system32 \ \ OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2" = hex: fa, / buc, 66,7 f, D4, 3b, 6b, 70, A5, 97,0 A, 6e, 8a, CF, 52,73, fa, / buc, 66,7 f, D4, 3b, 6b, 70,30,24, / buc, 79, A1, 7b, 08,64,6 c, 43,2 d, 1e, aa, 22, \ [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Installer \ userdata \ LocalSystem \ Componen TS \ h-€ | aaaa ¤ • € | U • Un ~ *] "AB141C35E9F4BF344B9FC010BB17F68A" = "" . --------------------- DLLs Loaded Sub Running Processes --------------------- - - - - - - -> "Winlogon.exe" (672) C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.DLL c: \ windows \ system32 \ klogon.dll - - - - - - -> "Explorer.exe" (288) c: \ windows \ system32 \ WPDShServiceObj.dll c: \ windows \ system32 \ PortableDeviceTypes.dll c: \ windows \ system32 \ PortableDeviceApi.dll . ------------------------ Other Running Processes ----------------------- -- . C: \ Program Files \ Creative \ Shared Files \ CTAudSvc.exe C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe C: \ Program Files \ Bonjour \ mDNSResponder.exe c: \ windows \ system32 \ nvsvc32.exe c: \ windows \ system32 \ PnkBstrA.exe c: \ windows \ system32 \ rundll32.exe C: \ Program Files \ Creative \ Sound Blaster X-Fi \ Centru \ EAXLoadr.exe c: \ progra ~ 1 \ milionimi ~ 4 \ rapimgr.exe C: \ Program Files \ iPod \ bin \ iPodService.exe c: \ windows \ system32 \ wscntfy.exe c: \ windows \ system32 \ CTxfispi.exe . ************************************************** ************************ . Completion time: 2009-06-26 3:57 - masina a fost repornită ComboFix-carantină-files.txt 2009-06-26 07:57 ComboFix2.txt 2009-06-25 23:14 ComboFix3.txt 2009-06-24 23:29 ComboFix4.txt 2008-05-20 17:05 Pre-Run: 67824807936 bytes liber Post-Run: 67888648192 bytes liber Current = 3 default = 3 Eşuare = 1 LastKnownGood = 4 seturi = 1,2,3,4 311 --- EOF --- 2009-06-11 03:03 |
|
| |
| Marcaje |
Similar Threads | ||||
| Fir | Thread Starter | Forum | Răspunsurile | Ultimul mesaj |
| Problema cu Calul troian Downloader Generic 9 | ÖGB | Nume, Spyware & Securitate | 7 | 21 noiembrie 2009 13:06 |
| Multi aplicaţie desktop? | Haun | General Chat Software | 6 | 31 martie 2009 01:30 |
| HEUR Trojan Generic | kathymer | Nume, Spyware & Securitate | 10 | 29 noiembrie 2008 12:58 |
| Infectate cu Heur.trojan.generic Vă rugăm să Ajutor | ruffryder2k7 | Nume, Spyware & Securitate | 17 | 6 noiembrie 2008 10:39 |
| Sunteţi în măsură să o sincronizare generic mp3 player [nu un iPod] cu iTunes? | reyrey_angulo | Sunet, Difuzoare & MP3 Playere | 1 | 18 martie 2007 15:39 |
| Thread Tools | |
| |
