virus kido

[luke900]

Ciao a tutti , in questi giorni kaspersky mi ha rilevato un virus , kido.ir e kido.ih e mi ha segnalato che riusciva a fare la disinfezione , ma molto probabilmente non è cosi , infatti sia nel pc , sia nel hard disk ,nel pc non mi apre più gli archivi , con winrar , e nel hard disk esterno non mi trasferisce più i file e non mi apre più le cartelle ; Io ho gia provato a fare la scansione completa con kaspersky, con kk.killer , con antispy professional e con malwarebytes anche in modalita provvisoria ha rilevato qualcosa , e ho eliminato , ma i problemi nel pc e nel hard disk non sono terminati , per gli archivi mi appare il messaggio imppossibile accedere alla periferica , per l'hard disk errore trasferimento file e non posso più trasferire i file dall hard disk al pc o viceversa e ne posso aprire le sue cartelle.c è qualcuno che in questo forum ha gia riscontrato questo problema o qualcuno che puo darmi qlk suggerimento il mio obbiettivo principale è salvare i file sull hard disk il resto posso formattare tutto

[gahan]

Ciao,disattiva il ripristino configurazione di sistema in questo modo:

Click destro su Risorse del computer-->proprietà-->Ripristino configurazione di sistema-->spunta Disattiva ripristino configurazione di sistema, premi su Applica e successivamente conferma cliccando su ok.

Dopo, scarica combofix sul desktop dal seguente link:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Disconnetiti da internet,
Disattiva l'antivirus e eventuali altri software antivirus,
Avvia il file ComboFix.exe
Digita 1 per avviare il software
Segui le instruzioni senza fare niente altro (non installare la recovery console quandoti verra chiesto) e a fine scansione verrà generato un log che trovi in C:\Combofix.txt.
postalo qui sul forum.

[luke900]

Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Menu Avvio\Programmi\D-Link AirPlus Access Point \D-Link AirPlus Manager.lnk
c:\documents and settings\All Users\Menu Avvio\Programmi\D-Link AirPlus Access Point \Uninstall .lnk
c:\documents and settings\LIUK\Documenti\i.reg
c:\programmi\AskSearch\bin\DefaultSearch.dll
c:\windows\kb913800.exe

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((( Dateien erstellt von 2009-12-12 bis 2010-01-12 ))))))))))))))))))))))))))))))
.

2010-01-12 10:01 . 2009-06-30 08:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-01-11 19:42 . 2010-01-11 19:42 52224 ----a-w- c:\documents and settings\LIUK\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-11 19:42 . 2010-01-11 19:42 117760 ----a-w- c:\documents and settings\LIUK\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-11 19:42 . 2010-01-11 19:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2010-01-11 19:41 . 2010-01-11 19:41 -------- d-----w- c:\programmi\SUPERAntiSpyware
2010-01-11 19:41 . 2010-01-11 19:41 -------- d-----w- c:\documents and settings\LIUK\Dati applicazioni\SUPERAntiSpyware.com
2010-01-11 19:40 . 2010-01-11 19:40 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-01-11 18:26 . 2010-01-11 18:26 -------- d-----w- c:\documents and settings\LIUK\Dati applicazioni\Malwarebytes
2010-01-11 18:26 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-11 18:26 . 2010-01-11 18:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-01-11 18:26 . 2010-01-11 18:26 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-01-11 18:26 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-11 16:58 . 2010-01-11 17:06 -------- d-----w- c:\documents and settings\LIUK\Dati applicazioni\BitDefender Deployment Tool
2010-01-11 16:57 . 2010-01-11 16:57 -------- d-----w- c:\programmi\BitDefender
2010-01-11 16:56 . 2010-01-11 16:56 -------- d-----w- c:\programmi\File comuni\BitDefender
2010-01-10 12:53 . 2010-01-10 12:53 -------- d-----w- c:\documents and settings\LIUK\Impostazioni locali\Dati applicazioni\Nokia
2010-01-10 12:52 . 2010-01-10 12:52 -------- d-----w- c:\documents and settings\LIUK\Impostazioni locali\Dati applicazioni\NokiaAccount
2010-01-10 12:05 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-01-10 12:05 . 2010-01-10 12:05 -------- d-----w- c:\programmi\PC Connectivity Solution
2010-01-10 12:03 . 2010-01-10 12:03 12212040 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-01-10 12:03 . 2010-01-10 12:03 13930312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-01-10 12:03 . 2010-01-10 12:03 77824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-01-10 12:03 . 2010-01-10 12:03 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-01-10 12:03 . 2010-01-10 12:03 58880 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-01-10 12:03 . 2010-01-10 12:03 50000 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\pcswpc.exe
2010-01-10 12:02 . 2010-01-10 12:02 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache
2010-01-10 12:02 . 2010-01-10 12:02 95992424 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Nokia_Ovi_Suite_PCS_Update.exe
2010-01-08 15:44 . 2010-01-08 15:58 -------- d-----w- c:\programmi\DAEMON Tools Lite
2010-01-04 22:57 . 2010-01-04 22:58 -------- d-----w- c:\programmi\Windows Live Safety Center
2009-12-27 19:17 . 2009-12-27 19:17 -------- d-----w- c:\programmi\Ubisoft
2009-12-20 18:15 . 2009-12-20 18:15 -------- d-----w- C:\WESTWOOD
2009-12-19 22:42 . 2006-09-28 14:04 200704 ----a-w- c:\windows\system32\ssleay32.dll
2009-12-19 22:42 . 2006-09-28 14:04 1073152 ----a-w- c:\windows\system32\libeay32.dll
2009-12-19 22:42 . 2009-12-20 17:09 -------- d-----w- C:\USDownloader
2009-12-19 13:40 . 2009-12-19 13:40 932368 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2009-12-19 13:40 . 2009-12-19 13:40 678416 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2009-12-19 13:40 . 2009-12-19 13:40 604688 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2009-12-19 13:40 . 2009-12-19 13:40 522768 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2009-12-19 13:40 . 2009-12-19 13:40 1096208 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2009-12-19 13:39 . 2009-12-19 13:39 80400 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2009-12-19 13:39 . 2009-12-19 13:39 80400 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2009-12-19 13:23 . 2009-12-19 13:23 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-12-19 13:23 . 2009-12-19 13:23 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-12-19 13:22 . 2010-01-12 10:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2009-12-19 13:22 . 2009-12-19 13:22 -------- d-----w- c:\programmi\Kaspersky Lab
2009-12-19 13:20 . 2009-12-19 13:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-11 22:28 . 2009-12-08 16:19 -------- d-----w- c:\documents and settings\LIUK\Dati applicazioni\vlc
2010-01-11 02:53 . 2009-08-13 12:16 -------- d-----w- c:\programmi\Panda Security
2010-01-11 00:44 . 2009-10-01 19:55 -------- d-----w- c:\programmi\Nokia
2010-01-11 00:43 . 2009-10-01 19:55 -------- d-----w- c:\programmi\File comuni\Nokia
2010-01-11 00:39 . 2006-11-15 11:05 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-01-10 19:01 . 2009-06-09 16:36 1 ----a-w- c:\documents and settings\LIUK\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-10 12:53 . 2009-10-01 19:57 -------- d-----w- c:\documents and settings\LIUK\Dati applicazioni\Nokia
2010-01-08 15:44 . 2009-01-17 12:56 -------- d-----w- c:\programmi\DAEMON Tools Toolbar
2010-01-08 15:44 . 2009-01-17 12:51 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-08 15:44 . 2009-08-15 14:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2009-12-29 11:31 . 2008-10-18 16:03 -------- d-----w- c:\programmi\uTorrent
2009-12-29 11:31 . 2008-10-18 16:02 -------- d-----w- c:\documents and settings\LIUK\Dati applicazioni\uTorrent
2009-12-27 23:56 . 2009-07-07 16:41 -------- d-----w- c:\documents and settings\LIUK\Dati applicazioni\dvdcss
2009-12-16 15:46 . 2006-04-10 12:00 81242 ----a-w- c:\windows\system32\perfc010.dat
2009-12-16 15:46 . 2006-04-10 12:00 482408 ----a-w- c:\windows\system32\perfh010.dat
2009-12-08 19:58 . 2009-12-08 19:58 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-12-08 19:58 . 2009-12-08 19:58 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-12-08 19:58 . 2009-10-01 19:57 -------- d-----w- c:\documents and settings\LIUK\Dati applicazioni\PC Suite
2009-12-08 19:33 . 2009-12-08 19:33 -------- d-----w- c:\programmi\File comuni\PCSuite
2009-12-08 19:30 . 2009-12-08 19:30 95232 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2009-12-08 19:30 . 2009-12-08 19:30 8192 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2009-12-08 19:30 . 2009-12-08 19:30 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-12-08 19:30 . 2009-12-08 19:30 10240 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2009-12-08 19:30 . 2009-10-01 19:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Installations
2009-12-08 19:30 . 2009-12-08 19:31 34541248 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_ita.exe
2009-12-06 21:00 . 2009-12-06 20:59 -------- d-----w- c:\documents and settings\LIUK\Dati applicazioni\RevoluTV
2009-12-06 20:59 . 2009-12-06 20:59 -------- d-----w- c:\programmi\RevoluTV
2009-12-06 20:57 . 2009-12-06 20:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TVU Networks
2009-12-05 12:30 . 2009-05-15 15:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg8
2009-12-04 16:50 . 2009-12-04 16:47 -------- d-----w- c:\programmi\rockbox
2009-11-30 20:43 . 2009-12-04 16:47 136192 ----a-w- c:\windows\system32\fsproflt.exe
2009-11-14 13:06 . 2009-11-14 13:06 59992 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe
2009-11-11 08:26 . 2009-11-19 18:20 1195464 ----a-w- c:\documents and settings\LIUK\Dati applicazioni\Mozilla\Firefox\Profiles\pf5qcrvk.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
2009-11-03 19:14 . 2009-11-03 19:06 175080 ----a-w- c:\windows\hpoins29.dat
2009-11-02 12:14 . 2009-11-02 12:14 3351812 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe
2009-11-02 12:14 . 2009-11-02 12:14 36864 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe
2009-11-02 12:14 . 2009-11-02 12:14 3203453 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe
2009-11-02 12:13 . 2009-11-02 12:16 24419312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_it.exe
2009-10-29 07:42 . 2006-04-10 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:42 . 2006-04-10 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:42 . 2006-04-10 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:38 . 2006-04-10 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2006-04-10 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 18:34 . 2009-10-20 18:34 219664 ----a-w- c:\windows\system32\klogon.dll
2009-10-20 16:20 . 2006-04-10 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-14 19:18 . 2009-10-14 19:18 36880 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-08-11 12:53 . 2009-08-11 12:37 148768 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-11 12:53 . 2009-08-11 12:37 1568 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

------- Sigcheck -------

[-] 2009-06-20 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS
[-] 2009-06-20 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 10:47 333192 ----a-w- c:\programmi\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\programmi\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\programmi\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mylbx"="c:\programmi\rockbox\mylbx.exe" [2009-12-01 1088688]
"avp"="c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-20 340456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\F:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AliceRE_McciTrayApp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
2006-06-29 15:34 49152 ----a-w- c:\programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 02:14 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 02:14 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus G]
2006-11-17 14:54 1552384 ----a-w- c:\programmi\D-Link\AirPlus G\AirGCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 13:01 67584 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2006-07-17 14:36 684032 ----a-w- c:\programmi\VIAudioi\HDADeck\HDeck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
2006-04-10 12:00 44032 ----a-w- c:\windows\ime\imkr6_1\imekrmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2006-04-10 12:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2006-04-21 13:41 438359 ----a-w- c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2006-04-10 12:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 ----a-w- c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-12-25 23:08 13680640 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-12-25 23:08 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-12-25 23:08 1657376 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2006-04-10 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2006-04-10 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-06-09 16:30 148888 ----a-w- c:\programmi\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2009-05-19 23:26 3561720 ----a-w- c:\programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-02 21:56 204288 ----a-w- c:\programmi\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"ServiceLayer"=3 (0x3)
"SeaPort"=2 (0x2)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"Network WanMiniport First Position"=2 (0x2)
"LightScribeService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
"ASKUpgrade"=2 (0x2)
"ANIWZCSdService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programmi\\NetMeeting\\Conf.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\RARBG Player\\rar.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\D-Link\\AirPlus for DWL-900AP+\\AirPlus_Manager.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4643:TCP"= 4643:TCP:aayilkqe

R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [04/12/2009 17.47.49 43792]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 20.18.34 36880]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [12/01/2010 11.01.44 28552]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [05/01/2010 7.56.04 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 7.56.02 74480]
R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [04/12/2009 17.47.50 136192]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 13.42.46 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 18.39.44 19472]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17/01/2009 13.51.52 691696]
S1 ethtjjmz;ethtjjmz;c:\windows\system32\drivers\ethtjjmz.sys --> c:\windows\system32\drivers\ethtjjmz.sys [?]
S2 kmggad;Time Windows;c:\windows\system32\svchost.exe -k netsvcs [10/04/2006 13.00.00 14336]
S2 tulrasbxb;Manager Driver;c:\windows\system32\svchost.exe -k netsvcs [10/04/2006 13.00.00 14336]
S3 ADM851X;IDF Alice Gate 2 plus USB;c:\windows\system32\drivers\ADM851X.sys [27/10/2004 15.05.10 22144]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [24/08/2009 15.17.03 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [24/08/2009 15.17.03 3072]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 7.56.06 7408]
S4 ASKUpgrade;ASKUpgrade;c:\programmi\AskBarDis\bar\bin\ASKUpgrade.exe [20/06/2009 15.44.55 234888]
S4 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [01/05/2009 23.54.54 8192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
plsdnele
askhnp
xcmnqr
khrpwvo
jyazond
ygdndr
kmggad
.
Inhalt des "geplante Tasks" Ordners

2010-01-11 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

2010-01-12 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
IE: Translate this web page with Babylon - c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
TCP: {40ECDB64-DFF7-488F-99F2-5CB8EC9E0C71} = 192.168.1.1,192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\LIUK\Dati applicazioni\Mozilla\Firefox\Profiles\pf5qcrvk.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - component: c:\documents and settings\LIUK\Dati applicazioni\Mozilla\Firefox\Profiles\pf5qcrvk.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\LIUK\Dati applicazioni\Mozilla\Firefox\Profiles\pf5qcrvk.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\programmi\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\programmi\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programmi\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\programmi\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-DAEMON Tools Lite - c:\programmi\DAEMON Tools Lite\daemon.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-12 11:45
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tulrasbxb]
"ServiceDll"="c:\windows\system32\vrcrs.dll.old"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1745689360-3741322697-3810055154-1005\RemoteAccess\Profile\x *]
"EnableAutodisconnect"=dword:00000001
"EnableExitDisconnect"=dword:00000001
"DisconnectIdleTime"=dword:00000014

[HKEY_USERS\S-1-5-21-1745689360-3741322697-3810055154-1005\Software\SecuROM\License information*]
"datasecu"=hex:28,a2,ba,61,10,f2,35,81,07,9d,7e,65,c2,05,0a,97,7c,4d,20,d8,ca,
3a,34,2b,4e,5d,20,8c,10,5e,b3,90,bf,75,47,15,d9,2d,05,53,9a,85,2b,49,3c,15,\
"rkeysecu"=hex:79,9d,3c,ea,33,92,37,b0,fa,2a,de,a7,90,35,98,2b
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\LIUK\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\LIUK\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
.
Zeit der Fertigstellung: 2010-01-12 11:48:15
ComboFix-quarantined-files.txt 2010-01-12 10:48

Vor Suchlauf: 48.224.370.688 byte disponibili
Nach Suchlauf: 48.186.417.152 byte disponibili

- - End Of File - - B1D719EC65494B6512D9653105690E1E

[Luke57]

Ciao, Apri un file di testo (dal blocco note), ed inserisci il seguente script:

Codice: Seleziona tutto

 NetSvcs::
plsdnele
askhnp
xcmnqr
khrpwvo
jyazond
ygdndr
kmggad

Driver::
plsdnele
askhnp
xcmnqr
khrpwvo
jyazond
ygdndr
kmggad

File::
c:\windows\system32\drivers\ethtjjmz.sys
c:\windows\system32\vrcrs.dll.old

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tulrasbxb]

salva il file nella stessa directory dove hai salvato combofix chiamandolo

obbligatoriamente CFScript.txt
quindi con il puntatore del mouse trascina il file sull'icona di combofix.

Il programma effettuerà una nuova scansione....attendi la fine senza fare nulla e al termine

riavvia il PC (dovrebbe farlo in automatico).
Posta sul forum il nuovo log situato sempre in c:\combofix.txt.

[luke900]

Benutzte Befehlsschalter :: c:\documents and settings\LIUK\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!

FILE ::
"c:\windows\system32\drivers\ethtjjmz.sys"
"c:\windows\system32\vrcrs.dll.old"
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_KMGGAD
-------\Service_kmggad


((((((((((((((((((((((( Dateien erstellt von 2009-12-12 bis 2010-01-12 ))))))))))))))))))))))))))))))
.

2010-01-12 10:01 . 2009-06-30 08:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-01-11 19:42 . 2010-01-11 19:42 52224 ----a-w- c:\documents and settings\LIUK\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-11 19:42 . 2010-01-11 19:42 117760 ----a-w- c:\documents and settings\LIUK\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-11 19:42 . 2010-01-11 19:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2010-01-11 19:41 . 2010-01-11 19:41 -------- d-----w- c:\programmi\SUPERAntiSpyware
2010-01-11 19:41 . 2010-01-11 19:41 -------- d-----w- c:\documents and settings\LIUK\Dati applicazioni\SUPERAntiSpyware.com
2010-01-11 19:40 . 2010-01-11 19:40 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-01-11 18:26 . 2010-01-11 18:26 -------- d-----w- c:\documents and settings\LIUK\Dati applicazioni\Malwarebytes
2010-01-11 18:26 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-11 18:26 . 2010-01-11 18:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-01-11 18:26 . 2010-01-11 18:26 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-01-11 18:26 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-11 16:58 . 2010-01-11 17:06 -------- d-----w- c:\documents and settings\LIUK\Dati applicazioni\BitDefender Deployment Tool
2010-01-11 16:57 . 2010-01-11 16:57 -------- d-----w- c:\programmi\BitDefender
2010-01-11 16:56 . 2010-01-11 16:56 -------- d-----w- c:\programmi\File comuni\BitDefender
2010-01-10 12:53 . 2010-01-10 12:53 -------- d-----w- c:\documents and settings\LIUK\Impostazioni locali\Dati applicazioni\Nokia
2010-01-10 12:52 . 2010-01-10 12:52 -------- d-----w- c:\documents and settings\LIUK\Impostazioni locali\Dati applicazioni\NokiaAccount
2010-01-10 12:05 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-01-10 12:05 . 2010-01-10 12:05 -------- d-----w- c:\programmi\PC Connectivity Solution
2010-01-10 12:03 . 2010-01-10 12:03 12212040 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-01-10 12:03 . 2010-01-10 12:03 13930312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-01-10 12:03 . 2010-01-10 12:03 77824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-01-10 12:03 . 2010-01-10 12:03 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-01-10 12:03 . 2010-01-10 12:03 58880 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-01-10 12:03 . 2010-01-10 12:03 50000 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\pcswpc.exe
2010-01-10 12:02 . 2010-01-10 12:02 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache
2010-01-10 12:02 . 2010-01-10 12:02 95992424 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Nokia_Ovi_Suite_PCS_Update.exe
2010-01-08 15:44 . 2010-01-08 15:58 -------- d-----w- c:\programmi\DAEMON Tools Lite
2010-01-04 22:57 . 2010-01-04 22:58 -------- d-----w- c:\programmi\Windows Live Safety Center
2009-12-27 19:17 . 2009-12-27 19:17 -------- d-----w- c:\programmi\Ubisoft
2009-12-20 18:15 . 2009-12-20 18:15 -------- d-----w- C:\WESTWOOD
2009-12-19 22:42 . 2006-09-28 14:04 200704 ----a-w- c:\windows\system32\ssleay32.dll
2009-12-19 22:42 . 2006-09-28 14:04 1073152 ----a-w- c:\windows\system32\libeay32.dll
2009-12-19 22:42 . 2009-12-20 17:09 -------- d-----w- C:\USDownloader
2009-12-19 13:40 . 2009-12-19 13:40 932368 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2009-12-19 13:40 . 2009-12-19 13:40 678416 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2009-12-19 13:40 . 2009-12-19 13:40 604688 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2009-12-19 13:40 . 2009-12-19 13:40 522768 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2009-12-19 13:40 . 2009-12-19 13:40 1096208 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2009-12-19 13:39 . 2009-12-19 13:39 80400 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2009-12-19 13:39 . 2009-12-19 13:39 80400 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2009-12-19 13:23 . 2009-12-19 13:23 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-12-19 13:23 . 2009-12-19 13:23 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-12-19 13:22 . 2010-01-12 12:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2009-12-19 13:22 . 2009-12-19 13:22 -------- d-----w- c:\programmi\Kaspersky Lab
2009-12-19 13:20 . 2009-12-19 13:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-11 22:28 . 2009-12-08 16:19 -------- d-----w- c:\documents and settings\LIUK\Dati applicazioni\vlc
2010-01-11 02:53 . 2009-08-13 12:16 -------- d-----w- c:\programmi\Panda Security
2010-01-11 00:44 . 2009-10-01 19:55 -------- d-----w- c:\programmi\Nokia
2010-01-11 00:43 . 2009-10-01 19:55 -------- d-----w- c:\programmi\File comuni\Nokia
2010-01-11 00:39 . 2006-11-15 11:05 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-01-10 19:01 . 2009-06-09 16:36 1 ----a-w- c:\documents and settings\LIUK\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-10 12:53 . 2009-10-01 19:57 -------- d-----w- c:\documents and settings\LIUK\Dati applicazioni\Nokia
2010-01-08 15:44 . 2009-01-17 12:56 -------- d-----w- c:\programmi\DAEMON Tools Toolbar
2010-01-08 15:44 . 2009-01-17 12:51 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-08 15:44 . 2009-08-15 14:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2009-12-29 11:31 . 2008-10-18 16:03 -------- d-----w- c:\programmi\uTorrent
2009-12-29 11:31 . 2008-10-18 16:02 -------- d-----w- c:\documents and settings\LIUK\Dati applicazioni\uTorrent
2009-12-27 23:56 . 2009-07-07 16:41 -------- d-----w- c:\documents and settings\LIUK\Dati applicazioni\dvdcss
2009-12-16 15:46 . 2006-04-10 12:00 81242 ----a-w- c:\windows\system32\perfc010.dat
2009-12-16 15:46 . 2006-04-10 12:00 482408 ----a-w- c:\windows\system32\perfh010.dat
2009-12-08 19:58 . 2009-12-08 19:58 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-12-08 19:58 . 2009-12-08 19:58 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-12-08 19:58 . 2009-10-01 19:57 -------- d-----w- c:\documents and settings\LIUK\Dati applicazioni\PC Suite
2009-12-08 19:33 . 2009-12-08 19:33 -------- d-----w- c:\programmi\File comuni\PCSuite
2009-12-08 19:30 . 2009-12-08 19:30 95232 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2009-12-08 19:30 . 2009-12-08 19:30 8192 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2009-12-08 19:30 . 2009-12-08 19:30 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-12-08 19:30 . 2009-12-08 19:30 10240 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2009-12-08 19:30 . 2009-10-01 19:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Installations
2009-12-08 19:30 . 2009-12-08 19:31 34541248 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_ita.exe
2009-12-06 21:00 . 2009-12-06 20:59 -------- d-----w- c:\documents and settings\LIUK\Dati applicazioni\RevoluTV
2009-12-06 20:59 . 2009-12-06 20:59 -------- d-----w- c:\programmi\RevoluTV
2009-12-06 20:57 . 2009-12-06 20:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TVU Networks
2009-12-05 12:30 . 2009-05-15 15:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg8
2009-12-04 16:50 . 2009-12-04 16:47 -------- d-----w- c:\programmi\rockbox
2009-11-30 20:43 . 2009-12-04 16:47 136192 ----a-w- c:\windows\system32\fsproflt.exe
2009-11-14 13:06 . 2009-11-14 13:06 59992 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe
2009-11-11 08:26 . 2009-11-19 18:20 1195464 ----a-w- c:\documents and settings\LIUK\Dati applicazioni\Mozilla\Firefox\Profiles\pf5qcrvk.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
2009-11-03 19:14 . 2009-11-03 19:06 175080 ----a-w- c:\windows\hpoins29.dat
2009-11-02 12:14 . 2009-11-02 12:14 3351812 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe
2009-11-02 12:14 . 2009-11-02 12:14 36864 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe
2009-11-02 12:14 . 2009-11-02 12:14 3203453 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe
2009-11-02 12:13 . 2009-11-02 12:16 24419312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_it.exe
2009-10-29 07:42 . 2006-04-10 12:00 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:42 . 2006-04-10 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:42 . 2006-04-10 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:38 . 2006-04-10 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2006-04-10 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 18:34 . 2009-10-20 18:34 219664 ----a-w- c:\windows\system32\klogon.dll
2009-10-20 16:20 . 2006-04-10 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-14 19:18 . 2009-10-14 19:18 36880 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-08-11 12:53 . 2009-08-11 12:37 148768 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-11 12:53 . 2009-08-11 12:37 1568 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

------- Sigcheck -------

[-] 2009-06-20 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS
[-] 2009-06-20 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 10:47 333192 ----a-w- c:\programmi\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\programmi\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\programmi\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mylbx"="c:\programmi\rockbox\mylbx.exe" [2009-12-01 1088688]
"avp"="c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-20 340456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\F:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AliceRE_McciTrayApp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
2006-06-29 15:34 49152 ----a-w- c:\programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 02:14 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 02:14 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus G]
2006-11-17 14:54 1552384 ----a-w- c:\programmi\D-Link\AirPlus G\AirGCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 13:01 67584 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2006-07-17 14:36 684032 ----a-w- c:\programmi\VIAudioi\HDADeck\HDeck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
2006-04-10 12:00 44032 ----a-w- c:\windows\ime\imkr6_1\imekrmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2006-04-10 12:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2006-04-21 13:41 438359 ----a-w- c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2006-04-10 12:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 ----a-w- c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-12-25 23:08 13680640 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-12-25 23:08 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-12-25 23:08 1657376 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2006-04-10 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2006-04-10 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-06-09 16:30 148888 ----a-w- c:\programmi\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2009-05-19 23:26 3561720 ----a-w- c:\programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-02 21:56 204288 ----a-w- c:\programmi\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"ServiceLayer"=3 (0x3)
"SeaPort"=2 (0x2)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"Network WanMiniport First Position"=2 (0x2)
"LightScribeService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
"ASKUpgrade"=2 (0x2)
"ANIWZCSdService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programmi\\NetMeeting\\Conf.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\RARBG Player\\rar.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\D-Link\\AirPlus for DWL-900AP+\\AirPlus_Manager.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4643:TCP"= 4643:TCP:aayilkqe

R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [04/12/2009 17.47.49 43792]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 20.18.34 36880]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [12/01/2010 11.01.44 28552]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17/01/2009 13.51.52 691696]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [05/01/2010 7.56.04 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 7.56.02 74480]
R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [04/12/2009 17.47.50 136192]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 13.42.46 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 18.39.44 19472]
S1 ethtjjmz;ethtjjmz;c:\windows\system32\drivers\ethtjjmz.sys --> c:\windows\system32\drivers\ethtjjmz.sys [?]
S3 ADM851X;IDF Alice Gate 2 plus USB;c:\windows\system32\drivers\ADM851X.sys [27/10/2004 15.05.10 22144]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [24/08/2009 15.17.03 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [24/08/2009 15.17.03 3072]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 7.56.06 7408]
S4 ASKUpgrade;ASKUpgrade;c:\programmi\AskBarDis\bar\bin\ASKUpgrade.exe [20/06/2009 15.44.55 234888]
S4 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [01/05/2009 23.54.54 8192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners

2010-01-11 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

2010-01-12 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
IE: Add to Anti-Banner - c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: Translate this web page with Babylon - c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
TCP: {40ECDB64-DFF7-488F-99F2-5CB8EC9E0C71} = 192.168.1.1,192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\LIUK\Dati applicazioni\Mozilla\Firefox\Profiles\pf5qcrvk.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - component: c:\documents and settings\LIUK\Dati applicazioni\Mozilla\Firefox\Profiles\pf5qcrvk.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\LIUK\Dati applicazioni\Mozilla\Firefox\Profiles\pf5qcrvk.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\programmi\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\programmi\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programmi\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\programmi\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-12 13:41
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sppq.sys >>UNKNOWN [0x86788938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7664f28
\Driver\ACPI -> ACPI.sys @ 0xf73dccb8
\Driver\atapi -> atapi.sys @ 0xf7371b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Scheda Fast Ethernet VIA compatibile -> SendCompleteHandler -> NDIS.sys @ 0xf7267bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7256a0d
SendHandler -> NDIS.sys @ 0xf726ab40
user & kernel MBR OK

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1745689360-3741322697-3810055154-1005\RemoteAccess\Profile\x *]
"EnableAutodisconnect"=dword:00000001
"EnableExitDisconnect"=dword:00000001
"DisconnectIdleTime"=dword:00000014

[HKEY_USERS\S-1-5-21-1745689360-3741322697-3810055154-1005\Software\SecuROM\License information*]
"datasecu"=hex:28,a2,ba,61,10,f2,35,81,07,9d,7e,65,c2,05,0a,97,7c,4d,20,d8,ca,
3a,34,2b,4e,5d,20,8c,10,5e,b3,90,bf,75,47,15,d9,2d,05,53,9a,85,2b,49,3c,15,\
"rkeysecu"=hex:79,9d,3c,ea,33,92,37,b0,fa,2a,de,a7,90,35,98,2b
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\LIUK\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\LIUK\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

- - - - - - - > 'explorer.exe'(2980)
c:\windows\system32\WININET.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\ehome\mcrdsvc.exe
c:\programmi\Windows Media Player\WMPNetwk.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-01-12 13:46:59 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-01-12 12:46
ComboFix2.txt 2010-01-12 10:48

Vor Suchlauf: 48.135.979.008 byte disponibili
Nach Suchlauf: 48.185.929.728 byte disponibili

- - End Of File - - 487C227B7F684D11A909E4ECC4229690

[gahan]

Allora, c'è un rootkit nell MBR...

Scarica mbr.exe e salvalo nella Directory C:\

http://www2.gmer.net/mbr/mbr.exe

Riavvia il PC e avvialo in modalità provvisoria, selezionabile premendo ripetutamente F5 durante l'accensione del pc finchè non compare una schermata in nero con delle opzioni in bianco.

Da Start --> Esegui --> digita C:\mbr.exe -f e clicca su OK

NB - C'è uno spazio tra C:\mbr.exe e -f

La scansione durerà pochi secondi.
Posta il log situato in C:\ come mbr.log

[luke900]

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

[Luke57]

Allora, c'è un rootkit nell MBR...

Scarica mbr.exe e salvalo nella Directory C:\

http://www2.gmer.net/mbr/mbr.exe

Riavvia il PC e avvialo in modalità provvisoria, selezionabile premendo ripetutamente F5 durante l'accensione del pc finchè non compare una schermata in nero con delle opzioni in bianco.

Da Start --> Esegui --> digita C:\mbr.exe -f e clicca su OK

NB - C'è uno spazio tra C:\mbr.exe e -f

La scansione durerà pochi secondi.
Posta il log situato in C:\ come mbr.log

Ciao, scusami ma sei troppo avventato nelle risposte, senza ragionare troppo su quello che leggi. La segnalazione di combofix riguarda driver del tutto legittimi, infatti il programma non consiglia la rimozione di quanto trovato.

[luke900]

ciao scusa ma io non sono ferrato tanto sul pc mi potresti dire cosa dovrei fare che non ho capito , io in pratica ho avviato in modalità provvisoria
poi ho usato quel programma
poi ho postato il log del documento che ho trovato
cosa c'è che ho sbagliato

[gahan]

ciao scusa ma io non sono ferrato tanto sul pc mi potresti dire cosa dovrei fare che non ho capito , io in pratica ho avviato in modalità provvisoria
poi ho usato quel programma
poi ho postato il log del documento che ho trovato
cosa c'è che ho sbagliato

No no tranquillo...diceva a me.

Ad ogni modo noti miglioramenti adesso?

[luke900]

no sono comparse però delle cartelle nell hard disk esterno dove è scritto recycle e recycler e continua a darmi l'errore di periferica se trasferisco qualcosa, e non mi apre ancora le cartelle dell hard disk

[luke900]

scusa mi correggo le cartelle si chiamano recycler e recycled , e sono in tutte le unita disco compreso quello esterno

[gahan]

Kaspersky ti rileva ancora la presenza del Worm/Kido?

Prova ad effettuare una scansione completa con kaspersky in modalità provvisoria.

[luke900]

ok provero

[Luke57]

Ciao, sostituisci nel file CFScript.txt il testo precedente con questo, salvando le modifiche

Codice: Seleziona tutto

Driver::
ethtjjmz

File::
c:\windows\system32\drivers\ethtjjmz.sys

poi esegui la solita procedura di trascinamento del file sull'icona di combofix. Al termine della scansione posta il nuovo report.

[luke900]

ausgeführt von:: c:\documents and settings\LIUK\Desktop\roba scaricata\ComboFix.exe
Benutzte Befehlsschalter :: c:\documents and settings\LIUK\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!

FILE ::
"c:\windows\system32\drivers\ethtjjmz.sys"
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ethtjjmz


((((((((((((((((((((((( Dateien erstellt von 2009-12-13 bis 2010-01-13 ))))))))))))))))))))))))))))))
.

2010-01-12 14:29 . 2010-01-12 14:29 77312 ----a-w- C:\mbr.exe
2010-01-12 10:01 . 2009-06-30 08:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-01-11 19:42 . 2010-01-11 19:42 52224 ----a-w- c:\documents and settings\LIUK\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-11 19:42 . 2010-01-11 19:42 117760 ----a-w- c:\documents and settings\LIUK\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-11 19:42 . 2010-01-11 19:42 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2010-01-11 19:41 . 2010-01-11 19:41 -------- d-----w- c:\programmi\SUPERAntiSpyware
2010-01-11 19:41 . 2010-01-11 19:41 -------- d-----w- c:\documents and settings\LIUK\Dati applicazioni\SUPERAntiSpyware.com
2010-01-11 19:40 . 2010-01-11 19:40 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2010-01-11 18:26 . 2010-01-11 18:26 -------- d-----w- c:\documents and settings\LIUK\Dati applicazioni\Malwarebytes
2010-01-11 18:26 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-11 18:26 . 2010-01-11 18:26 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-01-11 18:26 . 2010-01-11 18:26 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-01-11 18:26 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-11 16:58 . 2010-01-11 17:06 -------- d-----w- c:\documents and settings\LIUK\Dati applicazioni\BitDefender Deployment Tool
2010-01-11 16:57 . 2010-01-11 16:57 -------- d-----w- c:\programmi\BitDefender
2010-01-11 16:56 . 2010-01-11 16:56 -------- d-----w- c:\programmi\File comuni\BitDefender
2010-01-10 12:53 . 2010-01-10 12:53 -------- d-----w- c:\documents and settings\LIUK\Impostazioni locali\Dati applicazioni\Nokia
2010-01-10 12:52 . 2010-01-10 12:52 -------- d-----w- c:\documents and settings\LIUK\Impostazioni locali\Dati applicazioni\NokiaAccount
2010-01-10 12:05 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-01-10 12:05 . 2010-01-10 12:05 -------- d-----w- c:\programmi\PC Connectivity Solution
2010-01-10 12:03 . 2010-01-10 12:03 12212040 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-01-10 12:03 . 2010-01-10 12:03 13930312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-01-10 12:03 . 2010-01-10 12:03 77824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-01-10 12:03 . 2010-01-10 12:03 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-01-10 12:03 . 2010-01-10 12:03 58880 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-01-10 12:03 . 2010-01-10 12:03 50000 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\pcswpc.exe
2010-01-10 12:02 . 2010-01-10 12:02 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache
2010-01-10 12:02 . 2010-01-10 12:02 95992424 ----a-w- c:\documents and settings\All Users\Dati applicazioni\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Nokia_Ovi_Suite_PCS_Update.exe
2010-01-08 15:44 . 2010-01-08 15:58 -------- d-----w- c:\programmi\DAEMON Tools Lite
2010-01-04 22:57 . 2010-01-04 22:58 -------- d-----w- c:\programmi\Windows Live Safety Center
2009-12-27 19:17 . 2009-12-27 19:17 -------- d-----w- c:\programmi\Ubisoft
2009-12-20 18:15 . 2009-12-20 18:15 -------- d-----w- C:\WESTWOOD
2009-12-19 22:42 . 2006-09-28 14:04 200704 ----a-w- c:\windows\system32\ssleay32.dll
2009-12-19 22:42 . 2006-09-28 14:04 1073152 ----a-w- c:\windows\system32\libeay32.dll
2009-12-19 22:42 . 2009-12-20 17:09 -------- d-----w- C:\USDownloader
2009-12-19 13:40 . 2009-12-19 13:40 932368 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2009-12-19 13:40 . 2009-12-19 13:40 678416 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2009-12-19 13:40 . 2009-12-19 13:40 604688 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2009-12-19 13:40 . 2009-12-19 13:40 522768 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2009-12-19 13:40 . 2009-12-19 13:40 1096208 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2009-12-19 13:39 . 2009-12-19 13:39 80400 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2009-12-19 13:39 . 2009-12-19 13:39 80400 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2009-12-19 13:23 . 2009-12-19 13:23 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-12-19 13:23 . 2009-12-19 13:23 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-12-19 13:22 . 2010-01-13 01:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2009-12-19 13:22 . 2009-12-19 13:22 -------- d-----w- c:\programmi\Kaspersky Lab
2009-12-19 13:20 . 2009-12-19 13:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-11 22:28 . 2009-12-08 16:19 -------- d-----w- c:\documents and settings\LIUK\Dati applicazioni\vlc
2010-01-11 02:53 . 2009-08-13 12:16 -------- d-----w- c:\programmi\Panda Security
2010-01-11 00:44 . 2009-10-01 19:55 -------- d-----w- c:\programmi\Nokia
2010-01-11 00:43 . 2009-10-01 19:55 -------- d-----w- c:\programmi\File comuni\Nokia
2010-01-11 00:39 . 2006-11-15 11:05 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-01-10 19:01 . 2009-06-09 16:36 1 ----a-w- c:\documents and settings\LIUK\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-10 12:53 . 2009-10-01 19:57 -------- d-----w- c:\documents and settings\LIUK\Dati applicazioni\Nokia
2010-01-08 15:44 . 2009-01-17 12:56 -------- d-----w- c:\programmi\DAEMON Tools Toolbar
2010-01-08 15:44 . 2009-01-17 12:51 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-08 15:44 . 2009-08-15 14:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2009-12-29 11:31 . 2008-10-18 16:03 -------- d-----w- c:\programmi\uTorrent
2009-12-29 11:31 . 2008-10-18 16:02 -------- d-----w- c:\documents and settings\LIUK\Dati applicazioni\uTorrent
2009-12-27 23:56 . 2009-07-07 16:41 -------- d-----w- c:\documents and settings\LIUK\Dati applicazioni\dvdcss
2009-12-16 15:46 . 2006-04-10 12:00 81242 ----a-w- c:\windows\system32\perfc010.dat
2009-12-16 15:46 . 2006-04-10 12:00 482408 ----a-w- c:\windows\system32\perfh010.dat
2009-12-08 19:58 . 2009-12-08 19:58 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-12-08 19:58 . 2009-12-08 19:58 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-12-08 19:58 . 2009-10-01 19:57 -------- d-----w- c:\documents and settings\LIUK\Dati applicazioni\PC Suite
2009-12-08 19:33 . 2009-12-08 19:33 -------- d-----w- c:\programmi\File comuni\PCSuite
2009-12-08 19:30 . 2009-12-08 19:30 95232 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2009-12-08 19:30 . 2009-12-08 19:30 8192 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2009-12-08 19:30 . 2009-12-08 19:30 61440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-12-08 19:30 . 2009-12-08 19:30 10240 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2009-12-08 19:30 . 2009-10-01 19:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Installations
2009-12-08 19:30 . 2009-12-08 19:31 34541248 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_ita.exe
2009-12-06 21:00 . 2009-12-06 20:59 -------- d-----w- c:\documents and settings\LIUK\Dati applicazioni\RevoluTV
2009-12-06 20:59 . 2009-12-06 20:59 -------- d-----w- c:\programmi\RevoluTV
2009-12-06 20:57 . 2009-12-06 20:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TVU Networks
2009-12-05 12:30 . 2009-05-15 15:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg8
2009-12-04 16:50 . 2009-12-04 16:47 -------- d-----w- c:\programmi\rockbox
2009-11-30 20:43 . 2009-12-04 16:47 136192 ----a-w- c:\windows\system32\fsproflt.exe
2009-11-14 13:06 . 2009-11-14 13:06 59992 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\English\setup.exe
2009-11-11 08:26 . 2009-11-19 18:20 1195464 ----a-w- c:\documents and settings\LIUK\Dati applicazioni\Mozilla\Firefox\Profiles\pf5qcrvk.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
2009-11-03 19:14 . 2009-11-03 19:06 175080 ----a-w- c:\windows\hpoins29.dat
2009-11-02 12:14 . 2009-11-02 12:14 3351812 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe
2009-11-02 12:14 . 2009-11-02 12:14 36864 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe
2009-11-02 12:14 . 2009-11-02 12:14 3203453 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe
2009-11-02 12:13 . 2009-11-02 12:16 24419312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_it.exe
2009-10-29 07:42 . 2006-04-10 12:00 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:42 . 2006-04-10 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:42 . 2006-04-10 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:38 . 2006-04-10 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2006-04-10 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 18:34 . 2009-10-20 18:34 219664 ----a-w- c:\windows\system32\klogon.dll
2009-10-20 16:20 . 2006-04-10 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-08-11 12:53 . 2009-08-11 12:37 148768 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-11 12:53 . 2009-08-11 12:37 1568 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

------- Sigcheck -------

[-] 2009-06-20 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS
[-] 2009-06-20 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 10:47 333192 ----a-w- c:\programmi\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\programmi\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\programmi\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\programmi\Windows Media Player\WMPNSCFG.exe" [2006-11-02 204288]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mylbx"="c:\programmi\rockbox\mylbx.exe" [2009-12-01 1088688]
"avp"="c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-20 340456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\F:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AliceRE_McciTrayApp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
2006-06-29 15:34 49152 ----a-w- c:\programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 02:14 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 02:14 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus G]
2006-11-17 14:54 1552384 ----a-w- c:\programmi\D-Link\AirPlus G\AirGCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 13:01 67584 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2006-07-17 14:36 684032 ----a-w- c:\programmi\VIAudioi\HDADeck\HDeck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
2006-04-10 12:00 44032 ----a-w- c:\windows\ime\imkr6_1\imekrmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2006-04-10 12:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2006-04-21 13:41 438359 ----a-w- c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2006-04-10 12:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 ----a-w- c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-12-25 23:08 13680640 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-12-25 23:08 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-12-25 23:08 1657376 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2006-04-10 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2006-04-10 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-06-09 16:30 148888 ----a-w- c:\programmi\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2009-05-19 23:26 3561720 ----a-w- c:\programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-02 21:56 204288 ----a-w- c:\programmi\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"ServiceLayer"=3 (0x3)
"SeaPort"=2 (0x2)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"Network WanMiniport First Position"=2 (0x2)
"LightScribeService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
"ASKUpgrade"=2 (0x2)
"ANIWZCSdService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programmi\\NetMeeting\\Conf.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\RARBG Player\\rar.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\D-Link\\AirPlus for DWL-900AP+\\AirPlus_Manager.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4643:TCP"= 4643:TCP:aayilkqe

R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [04/12/2009 17.47.49 43792]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 20.18.34 36880]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [12/01/2010 11.01.44 28552]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17/01/2009 13.51.52 691696]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [05/01/2010 7.56.04 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 7.56.02 74480]
R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [04/12/2009 17.47.50 136192]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 13.42.46 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 18.39.44 19472]
S3 ADM851X;IDF Alice Gate 2 plus USB;c:\windows\system32\drivers\ADM851X.sys [27/10/2004 15.05.10 22144]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [24/08/2009 15.17.03 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [24/08/2009 15.17.03 3072]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [11/01/2010 19.26.36 38224]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 7.56.06 7408]
S4 ASKUpgrade;ASKUpgrade;c:\programmi\AskBarDis\bar\bin\ASKUpgrade.exe [20/06/2009 15.44.55 234888]
S4 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [01/05/2009 23.54.54 8192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners

2010-01-12 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

2010-01-13 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
IE: Add to Anti-Banner - c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: Translate this web page with Babylon - c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
TCP: {40ECDB64-DFF7-488F-99F2-5CB8EC9E0C71} = 192.168.1.1,192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\LIUK\Dati applicazioni\Mozilla\Firefox\Profiles\pf5qcrvk.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - component: c:\documents and settings\LIUK\Dati applicazioni\Mozilla\Firefox\Profiles\pf5qcrvk.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\LIUK\Dati applicazioni\Mozilla\Firefox\Profiles\pf5qcrvk.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\programmi\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\programmi\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programmi\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\programmi\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-13 02:10
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spiw.sys >>UNKNOWN [0x86788938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7664f28
\Driver\ACPI -> ACPI.sys @ 0xf73dccb8
\Driver\atapi -> atapi.sys @ 0xf7371b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Scheda Fast Ethernet VIA compatibile -> SendCompleteHandler -> NDIS.sys @ 0xf7267bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7256a0d
SendHandler -> NDIS.sys @ 0xf726ab40
user & kernel MBR OK

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1745689360-3741322697-3810055154-1005\RemoteAccess\Profile\x *]
"EnableAutodisconnect"=dword:00000001
"EnableExitDisconnect"=dword:00000001
"DisconnectIdleTime"=dword:00000014

[HKEY_USERS\S-1-5-21-1745689360-3741322697-3810055154-1005\Software\SecuROM\License information*]
"datasecu"=hex:28,a2,ba,61,10,f2,35,81,07,9d,7e,65,c2,05,0a,97,7c,4d,20,d8,ca,
3a,34,2b,4e,5d,20,8c,10,5e,b3,90,bf,75,47,15,d9,2d,05,53,9a,85,2b,49,3c,15,\
"rkeysecu"=hex:79,9d,3c,ea,33,92,37,b0,fa,2a,de,a7,90,35,98,2b
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\LIUK\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\LIUK\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

- - - - - - - > 'explorer.exe'(264)
c:\windows\system32\WININET.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\ehome\mcrdsvc.exe
c:\programmi\Windows Media Player\WMPNetwk.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-01-13 02:14:57 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-01-13 01:14
ComboFix2.txt 2010-01-12 12:47
ComboFix3.txt 2010-01-12 10:48

Vor Suchlauf: 47.543.877.632 byte disponibili
Nach Suchlauf: 47.536.226.304 byte disponibili

- - End Of File - - F5BF2CB2705E152F6DE291E0A8121BBC