Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Scansione con Kaspersky Disk Rescue

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Scansione con Kaspersky Disk Rescue

Messaggioda killick » ven mar 26, 2010 11:07 am

Ciao

Oggi ho fatto una scansione con Kaspersky Disk Rescue e ha trovato due virus:
- Trojan Dropper. Win32.Wlord.aka
- Trojan Dropper. Win32.Binder.aef

Li ha cancellati, ma vorrei sapere se devo intervenire manualmente per togliere qualche residuo oppure posso considerare il pc pulito.
Inoltre, se possibile, conoscere la natura di questi virus.
Grazie
Aldo
Avatar utente
killick
Senior Member
Senior Member
 
Messaggi: 200
Iscritto il: mar nov 18, 2008 6:21 pm
Località: Guidonia- Città dell'aria

Re: Scansione con Kaspersky Disk Rescue

Messaggioda stevens » ven mar 26, 2010 12:34 pm

ciao

fai questo controllo>>>> scarica combofix sul desktop
- disconnetiti da internet
- disattiva l'antivirus
- esegui ComboFix.exe
- digita 1
- segui le instruzioni
- finita la scansione portati in C:\ e copia/incolla, nella tua prossima risposta, il contenuto del file di testo Combofix.txt
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm

Re: Scansione con Kaspersky Disk Rescue

Messaggioda killick » ven mar 26, 2010 3:48 pm

Ciao
Scusa il ritardo
ecco il log di Combofix / ho dovuto comprimerlo perché con estensione .txt non l'accettava

ComboFix 10-03-25.09 - Administrator 26/03/2010 15.46.57.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1641 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\Download Internet\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))

c:\documents and settings\Administrator\Documenti\copia registro.reg
c:\windows\system32\vbzlib1.dll

((((((((((((((((((((((((( Files Creati Da 2010-02-26 al 2010-03-26 )))))))))))))))))))))))))))))))))))
2010-03-23 16:01 . 2010-03-23 16:04 -------- d-----w- c:\documents and settings\Administrator\.scribus
2010-03-20 11:09 . 2010-03-20 11:09 -------- d-----w- c:\programmi\AnyBizSoft
2010-03-19 16:35 . 2010-03-21 08:13 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Thunderbird
2010-03-19 16:35 . 2010-03-19 16:35 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Thunderbird
2010-03-19 16:35 . 2010-03-21 08:13 -------- d-----w- c:\programmi\Mozilla Thunderbird
2010-03-18 16:44 . 2010-03-18 17:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-03-18 16:44 . 2010-03-18 16:46 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2010-03-16 14:25 . 2010-03-26 14:43 -------- d-----w- c:\programmi\PeerBlock
2010-03-15 16:49 . 2010-03-15 16:49 398336 ----a-w- c:\windows\system32\CF24357.exe
2010-03-14 10:00 . 2010-03-14 10:00 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\dvdcss
2010-03-14 09:12 . 2010-03-14 09:12 -------- d-----w- C:\Program Files
2010-03-14 08:21 . 2010-03-14 08:21 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-03-13 11:11 . 2010-03-13 11:11 -------- d-sh--w- c:\documents and settings\All Users\DRM
2010-03-13 10:39 . 2010-03-13 10:51 -------- d-----w- c:\programmi\TeraCopy
2010-03-10 17:39 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-08 15:06 . 2010-03-08 15:06 131584 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-03-07 18:39 . 2010-03-12 09:43 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Movienizer
2010-03-07 16:48 . 2010-03-07 16:48 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\vdownloader
2010-03-07 10:40 . 2010-03-15 10:45 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Google
2010-03-05 14:34 . 2010-03-05 14:34 -------- d-----w- c:\programmi\DVD Identifier
2010-03-05 13:53 . 2010-03-05 13:53 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\uTorrent
2010-03-05 09:16 . 2010-03-05 09:16 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-02-25 10:31 . 2010-02-25 10:32 -------- d-----w- c:\programmi\Disable Startup

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-26 14:53 . 2009-10-14 07:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2010-03-26 10:39 . 2009-09-10 05:59 -------- d-----w- c:\programmi\CCleaner
2010-03-24 10:26 . 2010-02-14 18:33 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\vlc
2010-03-24 10:17 . 2010-01-10 07:38 117760 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-23 16:34 . 2009-10-14 15:49 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\TeraCopy
2010-03-23 16:22 . 2009-10-14 07:02 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-03-22 16:03 . 2009-10-14 07:58 -------- d-----w- c:\programmi\Smart CD Catalog PRO
2010-03-20 21:49 . 2009-09-10 06:48 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\uTorrent
2010-03-20 10:53 . 2009-11-25 10:45 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\RFA_Backups
2010-03-20 09:52 . 2010-03-20 09:52 721904 ----a-w- c:\windows\system32\drivers\SPTD.SYS.TMP
2010-03-20 09:52 . 2010-03-20 09:52 32420 ----a-w- c:\windows\SCHEDLGU.TXT.TMP
2010-02-22 18:15 . 2010-02-22 18:15 8145584 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\Sandbox\KLSB17\Device\HarddiskVolume1\Documents and Settings\Administrator\Desktop\Download Internet\Firefox Setup 3.6.exe
2010-02-22 15:52 . 2010-02-22 15:52 461632 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\Sandbox\KLSB13\Device\HarddiskVolume1\Documents and Settings\Administrator\Desktop\Download Internet\GetSystemInfo(2).exe
2010-02-22 15:11 . 2010-02-22 15:25 182944 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1040.dat
2010-02-22 14:37 . 2010-02-22 14:37 2544640 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\Sandbox\KLSB10\Device\HarddiskVolume1\Documents and Settings\Administrator\Desktop\Download Internet\SysInspector(2).exe
2010-02-22 14:36 . 2010-02-22 14:36 2544640 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\Sandbox\KLSB10\Device\HarddiskVolume1\Documents and Settings\Administrator\Desktop\Download Internet\SysInspector.exe
2010-02-22 10:45 . 2010-02-22 10:44 44063760 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\Sandbox\KLSB8\Device\HarddiskVolume1\Documents and Settings\Administrator\Desktop\Download Internet\ashampoo_photo_commander_7_7.31_sm.exe
2010-02-19 15:10 . 2009-10-14 08:22 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Winamp
2010-02-19 08:43 . 2009-10-19 10:14 -------- d-----w- c:\programmi\SUPERAntiSpyware
2010-02-16 09:39 . 2010-02-16 09:39 -------- d-----w- c:\programmi\Lavalys
2010-02-16 09:11 . 2009-11-25 10:03 -------- d-----w- c:\programmi\KeePass Password Safe
2010-02-16 09:06 . 2010-02-16 09:06 -------- d-----w- c:\programmi\File comuni\Java
2010-02-16 09:05 . 2010-02-16 09:05 503808 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7b26c4e7-n\msvcp71.dll
2010-02-16 09:05 . 2010-02-16 09:05 499712 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7b26c4e7-n\jmc.dll
2010-02-16 09:05 . 2010-02-16 09:05 348160 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7b26c4e7-n\msvcr71.dll
2010-02-16 09:05 . 2010-02-16 09:05 61440 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2352b303-n\decora-sse.dll
2010-02-16 09:05 . 2010-02-16 09:05 12800 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2352b303-n\decora-d3d.dll
2010-02-16 09:05 . 2009-09-10 06:21 -------- d-----w- c:\programmi\Java
2010-02-16 09:04 . 2009-10-20 13:51 -------- d-----w- c:\programmi\Paint.NET
2010-02-16 08:59 . 2009-10-19 10:13 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-02-16 08:58 . 2010-02-16 08:58 5115824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-16 08:36 . 2010-02-16 08:34 -------- d-----w- c:\programmi\NVIDIA Corporation
2010-02-16 08:35 . 2010-02-16 08:35 -------- d-----w- c:\programmi\AGEIA Technologies
2010-02-16 08:35 . 2010-02-16 08:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NVIDIA Corporation
2010-02-15 10:50 . 2009-09-10 06:58 -------- d-----w- c:\programmi\Foxit Software
2010-02-15 10:43 . 2010-02-15 10:43 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\Foxit Software
2010-02-14 17:24 . 2010-02-14 17:24 -------- d-----w- c:\programmi\Dnote Software
2010-02-04 10:46 . 2010-02-04 09:56 22328 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\PnkBstrK.sys
2010-02-04 10:46 . 2010-02-04 09:56 22328 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\PnkBstrK.sys
2010-02-04 10:43 . 2009-10-14 17:29 -------- d-----w- c:\programmi\Ubisoft
2010-02-04 09:01 . 2010-02-17 16:08 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 09:01 . 2010-02-17 16:08 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 09:01 . 2010-02-17 16:08 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 09:01 . 2010-02-17 16:08 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-02-03 17:47 . 2010-02-02 18:30 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Skype
2010-02-01 17:49 . 2010-02-01 17:49 -------- d-----w- c:\programmi\OO Software
2010-02-01 17:23 . 2009-11-16 08:32 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\U3
2010-02-01 11:15 . 2010-02-01 11:15 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\aignes
2010-02-01 11:09 . 2010-02-01 11:09 -------- d-----w- c:\programmi\AM-DeadLink
2010-01-31 09:30 . 2010-01-31 09:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\CanonCP
2010-01-30 11:41 . 2009-11-01 11:23 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\gtk-2.0
2010-01-28 09:30 . 2009-10-14 08:22 -------- d-----w- c:\programmi\Winamp
2010-01-25 15:00 . 2010-01-25 14:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Skype
2010-01-18 09:46 . 2004-08-19 12:00 80382 ------w- c:\windows\system32\perfc010.dat
2010-01-18 09:46 . 2004-08-19 12:00 482022 ------w- c:\windows\system32\perfh010.dat
2010-01-11 21:17 . 2010-01-11 21:17 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-01-10 07:38 . 2010-01-10 07:38 52224 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-09 09:32 . 2010-01-09 09:32 5936 ----a-w- c:\documents and settings\Administrator\mqdmwhnt.sys
2010-01-09 09:32 . 2010-01-09 09:32 79328 ----a-w- c:\documents and settings\Administrator\mqdmserd.sys
2010-01-09 09:32 . 2010-01-09 09:32 92064 ----a-w- c:\documents and settings\Administrator\mqdmmdm.sys
2010-01-09 09:32 . 2010-01-09 09:32 9232 ----a-w- c:\documents and settings\Administrator\mqdmmdfl.sys
2010-01-09 09:32 . 2010-01-09 09:32 66656 ----a-w- c:\documents and settings\Administrator\mqdmbus.sys
2010-01-09 09:32 . 2010-01-09 09:32 6208 ----a-w- c:\documents and settings\Administrator\mqdmcmnt.sys
2010-01-09 09:32 . 2010-01-09 09:32 4048 ----a-w- c:\documents and settings\Administrator\mqdmcr.sys
2010-01-09 09:32 . 2010-01-09 09:32 25600 ----a-w- c:\documents and settings\Administrator\usbsermptxp.sys
2010-01-09 09:32 . 2010-01-09 09:32 22768 ----a-w- c:\documents and settings\Administrator\usbsermpt.sys
2010-01-08 05:22 . 2010-01-08 05:22 932368 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-01-08 05:22 . 2010-01-08 05:22 678416 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-01-08 05:22 . 2010-01-08 05:22 604688 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-01-08 05:22 . 2010-01-08 05:22 522768 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2010-01-08 05:22 . 2010-01-08 05:22 1096208 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2010-01-08 05:22 . 2010-01-08 05:22 80400 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-01-08 05:22 . 2010-01-08 05:22 397328 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\oeas.dll
2010-01-08 05:22 . 2010-01-08 05:22 315408 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-01-08 05:22 . 2010-01-08 05:22 19472 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\kloehk.dll
2010-01-08 05:22 . 2010-01-08 05:22 109072 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-01-08 05:21 . 2010-01-08 05:21 397328 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\oeas.dll
2010-01-08 05:21 . 2010-01-08 05:21 17936 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\kloehk.dll
2010-01-08 05:21 . 2010-01-08 05:21 109072 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-01-08 05:21 . 2010-01-08 05:21 80400 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-01-08 05:21 . 2010-01-08 05:21 315408 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-01-08 05:15 . 2010-01-08 05:15 95259 ------w- c:\windows\system32\drivers\klick.dat
2010-01-08 05:15 . 2010-01-08 05:15 108059 ------w- c:\windows\system32\drivers\klin.dat
2010-01-07 15:07 . 2009-10-19 10:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-10-19 10:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2004-08-19 12:00 353792 ------w- c:\windows\system32\drivers\srv.sys
.

------- Sigcheck -------

[-] 2009-12-21 . 07D26189C25F030F7828B7F669170FD6 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="c:\programmi\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe" [2007-09-02 495616]
"SUPERAntiSpyware"="c:\programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-19 2012912]
"PeerBlock"="c:\programmi\PeerBlock\peerblock.exe" [2009-09-28 1524824]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-01-11 246504]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-20 340456]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]
"VIRIT LITE MONITOR"="c:\vexplite\MONLITE.EXE" [2010-03-25 278528]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Avvio^Programmi^Esecuzione automatica^STasks 1.9.lnk]
backup=c:\windows\pss\STasks 1.9.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"NeroFilterCheck"=c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"Easy-PrintToolBox"=c:\programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Programmi\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Programmi\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Programmi\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Programmi\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 21.18.34 36880]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [20/05/2008 8.32.40 15328]
R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [14/10/2009 8.48.12 15172]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14/10/2009 11.16.34 721904]
R0 VIRAGTLT;VIRAGTLT;c:\windows\system32\drivers\VIRAGTLT.sys [11/11/2009 8.53.20 45312]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\SASDIFSV.SYS [05/01/2010 7.56.04 12872]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 7.56.02 66632]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [25/11/2009 16.46.11 116560]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [25/11/2009 16.43.52 41424]
R2 viritsvclite;VirIT eXplorer Lite;c:\vexplite\VIRITSVC.EXE [27/11/2009 15.10.32 69632]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 14.42.46 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 19.39.44 19472]
R3 pbfilter;pbfilter;c:\programmi\PeerBlock\pbfilter.sys [16/03/2010 15.25.16 14424]
R3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 7.56.06 12872]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [09/09/2009 0.02.27 1086208]
S2 gupdate;Servizio di Google Update (gupdate); [x]
S3 esihdrv;esihdrv; [x]
S3 Nbdrv;NetBalancer Service;c:\windows\system32\DRIVERS\nbdrv.sys --> c:\windows\system32\DRIVERS\nbdrv.sys [?]
S3 ReflectService;Macrium Reflect Image Mounting Service;c:\programmi\Macrium\Reflect\ReflectService.exe [17/11/2009 12.49.51 220128]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - PBFILTER
.
Contenuto della cartella 'Scheduled Tasks'

2010-03-26 c:\windows\Tasks\CCleaner.job
- c:\programmi\CCleaner\CCleaner.exe [2010-02-24 17:45]

2010-03-26 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]

------- Scansione supplementare -------
.
uLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
mLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
IE: Aggiungi ad Anti-Banner - c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: Aggiungi all'elenco di stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Anteprima Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stampa ad alta velocità Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\myrnmj77.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - component: c:\programmi\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

AddRemove-DarKite Info Viewer - c:\windows\system32\duninstall.exe \install.log

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-26 15:52
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spuf.sys >>UNKNOWN [0x8A3F0938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb810cf28
\Driver\ACPI -> ACPI.sys @ 0xb7e66cb8
\Driver\atapi -> atapi.sys @ 0xb7dfbb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb7d04bb0
PacketIndicateHandler -> NDIS.sys @ 0xb7cf3a0d
SendHandler -> NDIS.sys @ 0xb7d07b40
user & kernel MBR OK

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-790525478-1383384898-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,48,65,e2,66,8f,e7,b6,43,a7,f4,ee,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,10,72,1b,20,bb,f7,44,85,9b,fb,\

[HKEY_USERS\S-1-5-21-790525478-1383384898-682003330-500\Software\SecuROM\License information*]
"datasecu"=hex:2e,48,76,7d,1b,d6,bb,f9,c2,0f,cf,fd,22,27,c7,bb,4d,c1,98,1e,e3,
43,01,38,af,19,4f,59,d8,40,b8,1a,61,f7,05,6a,f8,ce,be,d1,66,c6,da,94,b8,39,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="E488FB931AF3DDB5BAE45B79BFE4BC91A4FA36C045ED36C1B7F555B2866B6B42D426E7653EABF2C691D2015D30F354B727E71977E1CE188D756D29A8692867F2144D4D8646C7B639F9EE7A274686881C2A1E4B4A8A683AD878C350570877E18E5DEF782EAAF5BB76D5AE07BAF6DE2D6758369CE94BB5CF2757594BDE29A68E964E513B088B7BD71D6D5E68F1D8D5D9F1C42060FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA6A0AC4980AC7933A6A0AC4980AC7933B7EB6111B63DCA632136116DA8F587DAA1B29689E7B89510A099FDB71A30B22995C4F238B6DCA205629E05EECCC81B7D819CB73B984C7C417EC45FCE63DE573B48CFD620BE78C5054A4D7DE782079670575F062E2570C41EEB0A1AEC619F3B23338549B82430753DE730C9065A19E02004068871FEF399C2B32989217ECCF14EAC0099347186C70F415D4FBE9DCAB3FBD43C57D9C78E7B5014891AC25CA65D2F7F7E2B0864E3A5D94D8B0547444C9E7791D221FE57D9BD6B3E34D0E9CF4DB7BBEAE2F46E6C93CE07F695F79BFD32830A71BFA43D3A51093C58D641F3E0C88C6CA2B581E43144D27E20FD49FB2D751AB0239ABAB5AE585870FC449681CB823FBF4D20F02F0B0A98B11CE6ABE8E8F1ECE9C621C9CA2933FAB63A72107802C90237867276D187DB5A12331867AB79E7DA3970B3CF26518A95C5127AFE822750DF58DB1FD99769152515217E5ACE60FC95272A58DD3302ED20D4799A490B932D33AD523D750FA476D938952973A24FB726BD71369A21CA4DE5A1DBB4E94554D9AD43DE07B80A64A1AFF6B4CB3738AA06658EB61BBDE6EEFE07EB96CEEE24AA35D42BED5B281F049F30D5173F3EE68F37822C5E79963AE63BF6F87B92FAE20A0281FCDD3F59A71759395B4800354B4C8001AE43E20417DD9F7D1251CEC4FC9BE55FCE815678C26121FB9248ABDBC46179B6B1B0937BBFB32E368251F395B4BB6B6F4221EDC351DE297F090C878574879FCE54686508377B4C119BAA184B8E7A818775767410FABA879B51FAFB9C432953C73A9FDBC5C4FBC352B17DF6D8D39CF94E90317BC32857B9FE03F0939BDA62D6F50DFE1BE676B1C0909D616C45131B0DC33C73BB5B88CA1E2CB83D00922C8855FCF4236BAF1A4CD4B9BBE07BA91BA152B5A5D58F640E5DF7F7902592A76820D9DA251D3A79462FF68B6D774AB403914A4A7FE175816E8D6F0CAD60469288E5D45DCE731831D0F0FD9A9799A0A9227FD5F97F9890EC240C0FE7B51B351EC7461B262A1EB95AD7DE2A4DA12CEEDC1733BC12DDEAA7EF6CBFC65BD4F49EAB2364E4AC738A78873BF69B62798A463A42A9A733D9C025EA4A41E98C3881E730DF174E3C6A9851E21EEC56E70E015C3F4993"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1228)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(4052)
c:\windows\system32\WININET.dll
c:\programmi\RocketDock\RocketDock.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
c:\windows\system32\nvsvc32.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\oodag.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
**************************************************************************
Ora fine scansione: 2010-03-26 15:55:41 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-03-26 14:55
Pre-Run: 136.003.043.328 byte disponibili
Post-Run: 135.874.490.368 byte disponibili
- - End Of File - - 11EF8F04B51D2D60F6133CDEC03D1E87
Avatar utente
killick
Senior Member
Senior Member
 
Messaggi: 200
Iscritto il: mar nov 18, 2008 6:21 pm
Località: Guidonia- Città dell'aria

Re: Scansione con Kaspersky Disk Rescue

Messaggioda stevens » ven mar 26, 2010 9:33 pm

controlla qui se questo file e' legittimo

c:\windows\system32\CF24357.exe
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm

Re: Scansione con Kaspersky Disk Rescue

Messaggioda killick » sab mar 27, 2010 11:52 am

L'ho fatto analizzare e solo McAffee GW Edition lo riporta come:
- Heuristics.LookLike.Win32:NewMalware.M

Tutti gli altri lo danno come sicuro.

Inoltre nelle proprietà del file:
- Descrizione: Processore dei comandi di Windows
- Nome file originale: CMD.exe
- Nome interno: cmd
- Nome prodotto: Sistema Operativo Microsoft Windows
Tralascio le altre voci

Inoltre in C/Windows/System32 c'è un altro file con le stesse caratteristiche descritte sopra ma il nome è: cmd.exe e hanno tutti e due la stessa dimensione di 389Kb.
Avatar utente
killick
Senior Member
Senior Member
 
Messaggi: 200
Iscritto il: mar nov 18, 2008 6:21 pm
Località: Guidonia- Città dell'aria


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 17 ospiti

cron
Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising