Utility
Home Messaggi odierni FAQ Ricerca avanzata Lo staff del forum Regolamento Utenti Archivio
Visualizzazione dei risultati da 1 a 4 su 4

Discussione: Log combofix

  1. 12-10-2012, 20:01 #1
    kasper799
    kasper799 non è in linea
    Utente di HTML.it
    Registrato dal
    Nov 2006
    Messaggi
    37

    Log combofix

    Salve a tutti.... sono nuovo del forum e avrei bisogno una mano per controllare il log di combofix .
    Durante l'esecuzione di combofix mi ha segnalato "File system infect".

    Ho effettuato diverse scansioni con vari antivir ma non hanno trovato nulla

    Allego il log:

    ComboFix 12-10-12.01 - Giuseppe 12/10/2012 19.18.57.4.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1015.484 [GMT 2:00]
    Eseguito da: c:\documents and settings\Giuseppe\Desktop\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
    .
    .
    c:\windows\system32\midimap.dll . . . è infetto!!
    .
    .
    ((((((((((((((((((((((((( Files Creati Da 2012-09-12 al 2012-10-12 )))))))))))))))))))))))))))))))))))
    .
    .
    2012-10-10 19:13 . 2012-10-12 14:49 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AVAST Software
    2012-10-09 09:36 . 2012-10-09 09:36 -------- d-----w- c:\documents and settings\Giuseppe\Impostazioni locali\Dati applicazioni\Avg2013
    2012-10-09 09:30 . 2012-01-09 16:59 11352 ----a-w- c:\windows\system32\drivers\kl2.sys
    2012-10-09 09:30 . 2012-01-09 16:59 133208 ----a-w- c:\windows\system32\drivers\kl1.sys
    2012-10-09 08:32 . 2012-10-09 08:32 -------- d-----w- c:\documents and settings\All Users\AVG Secure Search
    2012-10-09 08:29 . 2012-10-09 09:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MFAData
    2012-10-09 08:29 . 2012-10-09 08:29 -------- d--h--w- c:\documents and settings\All Users\Dati applicazioni\Common Files
    2012-10-09 08:29 . 2012-10-09 08:29 -------- d-----w- c:\documents and settings\Giuseppe\Impostazioni locali\Dati applicazioni\MFAData
    2012-10-02 11:24 . 2012-10-02 11:24 -------- d-----w- c:\documents and settings\Giuseppe\Impostazioni locali\Dati applicazioni\VS Revo Group
    2012-10-01 09:33 . 2012-10-01 09:33 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-09-27 18:40 . 2012-09-27 18:40 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\HP
    2012-09-27 18:40 . 2012-09-27 18:40 -------- d-----w- c:\documents and settings\Giuseppe\Impostazioni locali\Dati applicazioni\HP
    2012-09-27 18:38 . 2009-06-08 23:43 316928 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp092 .dll
    2012-09-27 18:38 . 2009-06-08 23:43 122880 ----a-w- c:\windows\system32\hpf3l092.dll
    2012-09-27 18:37 . 2001-08-30 18:28 6912 ----a-w- c:\windows\system32\drivers\serscan.sys
    2012-09-27 18:25 . 2012-09-27 18:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HP Product Assistant
    2012-09-27 18:24 . 2012-09-27 18:40 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HP
    2012-09-27 18:24 . 2012-09-27 18:24 -------- d-----w- c:\programmi\File comuni\HP
    2012-09-27 18:23 . 2012-09-27 18:23 -------- d-----w- c:\windows\hpoj4500g510n-z
    2012-09-27 18:23 . 2009-05-26 17:32 716288 ----a-w- c:\windows\system32\hpwwiax9.dll
    2012-09-27 18:23 . 2009-05-26 17:32 593920 ----a-w- c:\windows\system32\hpwtscl5.dll
    2012-09-27 18:23 . 2009-05-26 17:32 315392 ----a-w- c:\windows\system32\hpwvst01.dll
    2012-09-27 18:23 . 2009-05-18 21:49 372736 ----a-w- c:\windows\system32\hppldcoi.dll
    2012-09-27 18:23 . 2009-05-21 13:14 452408 ----a-w- c:\windows\system32\hpzids01.dll
    2012-09-27 18:22 . 2012-09-27 18:26 -------- d-----w- c:\programmi\HP
    2012-09-19 16:08 . 2012-10-12 16:04 -------- d-----w- c:\programmi\Runtime Software
    2012-09-18 06:59 . 2012-09-18 06:59 73696 ----a-w- c:\programmi\Mozilla Firefox\breakpadinjector.dll
    2012-09-17 10:34 . 2012-09-17 10:34 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\Leadertech
    2012-09-17 10:34 . 2012-09-17 10:34 53248 ----a-r- c:\documents and settings\Giuseppe\Dati applicazioni\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2012-09-17 10:34 . 2012-09-17 10:34 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2012-09-17 10:33 . 2011-09-02 06:30 12184 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
    2012-09-17 10:33 . 2012-09-19 13:59 -------- d-----w- c:\programmi\File comuni\LogiShrd
    2012-09-17 10:32 . 2012-09-17 10:35 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\Logitech
    2012-09-17 10:32 . 2012-09-17 10:33 -------- d-----w- c:\documents and settings\Giuseppe\Dati applicazioni\Logishrd
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
    .
    2012-10-09 06:45 . 2012-05-26 16:46 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-10-09 06:45 . 2011-07-04 10:14 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-08-25 16:52 . 2012-08-25 16:52 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2012-08-25 16:52 . 2012-08-25 16:52 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-08-25 16:52 . 2012-08-25 16:52 746984 ----a-w- c:\windows\system32\deployJava1.dll
    2012-08-25 16:52 . 2012-08-25 16:52 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2012-09-18 06:59 . 2011-03-25 18:26 266720 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2008-10-12 . E248A8391D7388A0A3679D1FB33E003D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
    .
    [-] 2008-10-12 13:20 . 0FF0C3264283FDEDDAA6A9DE51341A3D . 1444352 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
    .
    [-] 2008-12-30 . B93931EA1B7E9ACCA65C131B5FB5E4CA . 549888 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
    .
    [-] 2008-10-12 . 6C01B44D2A5A66137E80E8537E761914 . 111616 . . [5.4.3790.5512] . . c:\windows\system32\wuauclt.exe
    .
    [-] 2008-10-12 . 8B2A7229651894B07A5F750E1FEF99CC . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll
    [7] 2008-04-13 . 9530E35D9033ACED20CDA2509A21073A . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
    [7] 2006-03-02 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
    .
    [-] 2008-10-12 . 00572A665D35302A26A021F151F9F592 . 1554432 . . [6.00.2900.5512] . . c:\windows\explorer.exe
    .
    [-] 2008-04-13 . B46240BFFFDD064F32BCD4F7D958014F . 272384 . . [5.1.2600.5512] . . c:\windows\regedit.exe
    .
    [-] 2008-10-12 . 91B6AAC828F8BBE1796275424E44DFB0 . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
    .
    .
    [-] 2008-10-12 . 3316C8A8EC07A9D4C0BE10310809A9E5 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
    .
    [-] 2008-10-12 . 43A8C03A8CF9DB90958238AB694BF79D . 371200 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
    .
    [-] 2008-10-15 . 53C84C21D29E66AB84ADF162A47F5590 . 2030592 . . [5.1.2600.5657] . . c:\windows\system32\ntkrnlpa.exe
    .
    [-] 2008-10-15 . A54B00317DEA437AE97B256F1B6C57A8 . 2151936 . . [5.1.2600.5657] . . c:\windows\system32\ntoskrnl.exe
    .
    [-] 2008-10-12 . D8B05CF0EAD10A78DACAE187559D113D . 42496 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
    .
    c:\windows\System32\wscntfy.exe ... è mancante !!
    .
    ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* i valori vuoti & legittimi/default non sono visualizzati.
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-11-13 20:58 3913000 ----a-w- c:\programmi\ConduitEngine\ConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "ZoneAlarm"="c:\programmi\CheckPoint\ZoneAlarm\zat ray.exe" [2012-07-22 73392]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-10-12 25088]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
    "_nltide_3"="advpack.dll" [2008-08-26 124928]
    .
    c:\documents and settings\Giuseppe\Menu Avvio\Programmi\Esecuzione automatica\
    Scheduler.lnk - c:\programmi\3B Software\Common\Scheduler\wcomschd.exe [2011-1-12 464240]
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
    "NoSMConfigurePrograms"= 1 (0x1)
    .
    [HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
    "NoSMConfigurePrograms"= 1 (0x1)
    .
    [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
    "CTFMON.EXE"=c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
    "igfxtray"=c:\windows\system32\igfxtray.exe
    "Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
    "igfxhkcmd"=c:\windows\system32\hkcmd.exe
    "igfxpers"=c:\windows\system32\igfxpers.exe
    "RTHDCPL"=RTHDCPL.EXE
    "HotKeysCmds"=c:\windows\system32\hkcmd.exe
    "Persistence"=c:\windows\system32\igfxpers.exe
    "ISW"=c:\programmi\CheckPoint\ZAForceField\ForceFi eld.exe /icon="hidden"
    "HP Software Update"=c:\programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    "SMSERIAL"=sm56hlpr.exe
    "SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
    "c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxs08.exe"=
    "c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpqfxt08.exe"=
    "c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Programmi\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=
    "c:\\Programmi\\Hewlett-Packard\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
    "c:\\Programmi\\Skype\\Phone\\Skype.exe"=
    .
    Rispondi quotando Rispondi quotando
  2. 12-10-2012, 20:03 #2
    kasper799
    kasper799 non è in linea
    Utente di HTML.it
    Registrato dal
    Nov 2006
    Messaggi
    37
    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)
    .
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30/12/2008 21.23.30 717296]
    R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [09/10/2012 11.30.25 11352]
    R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sa sdifsv.sys [22/07/2011 18.27.02 12880]
    R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SA SKUTIL.SYS [12/07/2011 23.55.22 67664]
    R2 !SASCORE;SAS Core Service;c:\programmi\SUPERAntiSpyware\SASCore.exe [12/08/2011 1.38.07 116608]
    R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\programmi\CheckPoint\ZAForceField\ISWKL.s ys [03/11/2011 16.44.20 27056]
    R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\programmi\CheckPoint\ZAForceField\ISWSVC .exe [03/11/2011 16.44.28 497320]
    R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [17/09/2012 12.33.49 12184]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programmi\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [28/01/2011 11.14.24 1517376]
    R3 SynMini;USB2.0 1.3M Web Cam;c:\windows\system32\drivers\SynMini.sys [30/11/2010 20.32.17 720470]
    R3 SynScan;USB2.0 1.3M Web Cam Still Image;c:\windows\system32\drivers\SynScan.sys [30/11/2010 20.32.16 8278]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programmi \TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [07/10/2010 13.34.32 10064]
    S2 Guard.Mail.ru;Guard.Mail.ru; [x]
    S2 ServUpdater;Service Updater;c:\documents and settings\Giuseppe\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe [29/11/2011 20.55.10 156160]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPl ayerUpdateService.exe [26/05/2012 18.46.11 250808]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfil t.sys [31/01/2012 10.31.23 1691480]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [27/01/2011 2.31.23 13192]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [27/01/2011 2.31.23 8456]
    S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [09/07/2012 12.33.12 114432]
    S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [09/07/2012 12.33.12 100736]
    S3 NETwLx32; Driver scheda Intel(R) Wireless WiFi Link 5000 Series per Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [31/01/2012 11.02.55 6609920]
    S3 WLAN;NETGEAR Wireless 802.11b LAN Driver;c:\windows\system32\drivers\CW10.SYS [05/02/2012 21.33.17 51712]
    S3 zlportio;zlportio;\??\c:\documents and settings\Giuseppe\Desktop\NDZ\StudioNds211diMicrom ax\zlportio.sys --> c:\documents and settings\Giuseppe\Desktop\NDZ\StudioNds211diMicrom ax\zlportio.sys [?]
    S4 SkypeUpdate;Skype Updater;c:\programmi\Skype\Updater\Updater.exe [07/06/2012 19.12.14 160944]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Contenuto della cartella 'Scheduled Tasks'
    .
    2012-10-12 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe [2012-05-26 06:46]
    .
    2012-10-12 c:\windows\Tasks\Browser Manager.job
    - c:\windows\system32\sc.exe [2006-03-02 13:00]
    .
    .
    ------- Scansione supplementare -------
    .
    uStart Page = hxxp://www.google.it/
    mStart Page = hxxp://www.searchya.com/?s=0&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1QzutDtDtCtAtDtByB0DyE0C0BzztCy E0FtAtN0D0Tzu0StByEyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr =1748634089
    IE: Download all with Free Download Manager - file://c:\programmi\Free Download Manager\dlall.htm
    IE: Download selected with Free Download Manager - file://c:\programmi\Free Download Manager\dlselected.htm
    TCP: Interfaces\{91AB0528-74D7-4FBC-BACC-5309278389B1}: NameServer = 192.168.0.1
    TCP: Interfaces\{A51545C4-FC39-45C9-A823-A77F433623F7}: NameServer = 176.31.229.24,176.31.229.25
    TCP: Interfaces\{B6BBE167-87B9-466F-BDE3-B375382844F0}: NameServer = 176.31.229.24,176.31.229.25
    FF - ProfilePath - c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\tzceetpe.def ault\
    FF - prefs.js: browser.search.defaulturl - hxxp://go.mail.ru/search?fr=fftb&utf8in&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
    FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B0bcf47c5-d7eb-46b4-9a9b-714e5b1b517e%7D&mid=af2ee67207f647d09cba5bbefc5b67 dc-f0f8a6d137f094190b15a4f7cb37975f765e7e59&ds=AVG&v= 12.2.5.4&lang=it&pr=fr&d=2012-10-09%2010%3A33%3A03&sap=ku&q=
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    FF - user.js: extensions.BabylonToolbar_i.id - dc4e14f30000000000000013027d4cb8
    FF - user.js: extensions.BabylonToolbar_i.hardId - dc4e14f30000000000000013027d4cb8
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15391
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    FF - user.js: extensions.funmoods.hmpg - true
    FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtCtAtDt ByB0DyE0C0BzztCyE0FtAtN0D0Tzu0CtCzzzztN1L2XzutBtFt CtFtDtFtAtDtC&cr=2024828991
    FF - user.js: extensions.funmoods.dfltSrch - true
    FF - user.js: extensions.funmoods.srchPrvdr - Search
    FF - user.js: extensions.funmoods.dnsErr - true
    FF - user.js: extensions.funmoods_i.newTab - true
    FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtCtAtDt ByB0DyE0C0BzztCyE0FtAtN0D0Tzu0CtCzzzztN1L2XzutBtFt CtFtDtFtAtDtC&cr=2024828991
    FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtCtAtDt ByB0DyE0C0BzztCyE0FtAtN0D0Tzu0CtCzzzztN1L2XzutBtFt CtFtDtFtAtDtC&cr=2024828991&q=
    FF - user.js: extensions.funmoods.id - 0013027D4CB814F3
    FF - user.js: extensions.funmoods.instlDay - 15527
    FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
    FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
    FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2220:22
    FF - user.js: extensions.funmoods.prtnrId - funmoods
    FF - user.js: extensions.funmoods.prdct - funmoods
    FF - user.js: extensions.funmoods.aflt - nv1
    FF - user.js: extensions.funmoods_i.smplGrp - none
    FF - user.js: extensions.funmoods.tlbrId - base
    FF - user.js: extensions.funmoods.instlRef - nv1
    FF - user.js: extensions.funmoods.dfltLng -
    FF - user.js: extensions.funmoods.excTlbr - false
    FF - user.js: extensions.funmoods.autoRvrt - false
    FF - user.js: extensions.funmoods.envrmnt - production
    FF - user.js: extensions.funmoods.isdcmntcmplt - true
    FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
    FF - user.js: extensions.zonealarm.autoRvrt - false
    FF - user.js: extensions.zonealarm_i.hmpg - true
    FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN14040986082999-1220&toolbarId=base&affiliateId=1001&Lan=en&utid=d c4e14f30000000000000013027d4cb8
    FF - user.js: extensions.zonealarm.dfltSrch - true
    FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
    FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN14040986082999-1220&toolbarId=base&affiliateId=1001&Lan=en&utid=d c4e14f30000000000000013027d4cb8&q={searchTerms}
    FF - user.js: extensions.zonealarm_i.dnsErr - true
    FF - user.js: extensions.zonealarm_i.newTab - true
    FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?Source=Newtab&oemCode=ZLN14040986082999-1220&toolbarId=base&affiliateId=1001&Lan=en&utid=d c4e14f30000000000000013027d4cb8
    FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN14040986082999-1220&toolbarId=base&affiliateId=1001&Lan={dfltLng} &utid=dc4e14f30000000000000013027d4cb8&q=
    FF - user.js: extensions.zonealarm.id - dc4e14f30000000000000013027d4cb8
    FF - user.js: extensions.zonealarm.instlDay - 15547
    FF - user.js: extensions.zonealarm.vrsn - 1.6.4.5
    FF - user.js: extensions.zonealarm.vrsni - 1.6.4.5
    FF - user.js: extensions.zonealarm_i.vrsnTs - 1.6.4.520:11
    FF - user.js: extensions.zonealarm.prtnrId - checkpoint
    FF - user.js: extensions.zonealarm.prdct - zonealarm
    FF - user.js: extensions.zonealarm.aflt - 1001
    FF - user.js: extensions.zonealarm_i.smplGrp - none
    FF - user.js: extensions.zonealarm.tlbrId - base
    FF - user.js: extensions.zonealarm.instlRef - ZLN14040986082999-1220
    FF - user.js: extensions.zonealarm.dfltLng - en
    FF - user.js: extensions.zonealarm.excTlbr - false
    FF - user.js: extensions.zonealarm.admin - false
    FF - user.js: extensions.BabylonToolbar.autoRvrt - false
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=dc4e14f30000000000000013027d 4cb8&q=
    FF - user.js: extensions.BabylonToolbar.id - dc4e14f30000000000000013027d4cb8
    FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
    FF - user.js: extensions.BabylonToolbar.instlDay - 15587
    FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
    FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1220:56
    FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar.tlbrId - base
    FF - user.js: extensions.BabylonToolbar.instlRef - sst
    FF - user.js: extensions.BabylonToolbar.dfltLng - en
    FF - user.js: extensions.BabylonToolbar.excTlbr - false
    FF - user.js: extensions.BabylonToolbar.admin - false
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=115287&tt=040912_ccp_3612_5
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.searchya.hmpg - true
    FF - user.js: extensions.searchya.hmpgUrl - hxxp://www.searchya.com/?s=0&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1QzutDtDtCtAtDtByB0DyE0C0BzztCy E0FtAtN0D0Tzu0StByEyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr =1748634089
    FF - user.js: extensions.searchya.dfltSrch - true
    FF - user.js: extensions.searchya.srchPrvdr - Search
    FF - user.js: extensions.searchya.dnsErr - true
    FF - user.js: extensions.searchya_i.newTab - true
    FF - user.js: extensions.searchya.newTabUrl - hxxp://www.searchya.com/?s=2&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1QzutDtDtCtAtDtByB0DyE0C0BzztCy E0FtAtN0D0Tzu0StByEyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr =1748634089
    FF - user.js: extensions.searchya.tlbrSrchUrl - hxxp://www.searchya.com/?s=3&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1QzutDtDtCtAtDtByB0DyE0C0BzztCy E0FtAtN0D0Tzu0StByEyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr =1748634089&q=
    FF - user.js: extensions.searchya.id - 0013027D4CB814F3
    FF - user.js: extensions.searchya.instlDay - 15587
    FF - user.js: extensions.searchya.vrsn - 1.5.25.0
    FF - user.js: extensions.searchya.vrsni - 1.5.25.0
    FF - user.js: extensions.searchya_i.vrsnTs - 1.5.25.020:56
    FF - user.js: extensions.searchya.prtnrId - searchya
    FF - user.js: extensions.searchya.prdct - searchya
    FF - user.js: extensions.searchya.aflt - foxtab
    FF - user.js: extensions.searchya_i.smplGrp - none
    FF - user.js: extensions.searchya.tlbrId - base
    FF - user.js: extensions.searchya.instlRef - tc-100
    FF - user.js: extensions.searchya.dfltLng -
    FF - user.js: extensions.searchya.excTlbr - false
    FF - user.js: extensions.searchya.autoRvrt - false
    FF - user.js: extensions.searchya.envrmnt - production
    FF - user.js: extensions.searchya.isdcmntcmplt - true
    FF - user.js: extensions.searchya.mntrvrsn - 1.3.0
    .
    Rispondi quotando Rispondi quotando
  3. 12-10-2012, 20:03 #3
    kasper799
    kasper799 non è in linea
    Utente di HTML.it
    Registrato dal
    Nov 2006
    Messaggi
    37
    - - - - CHIAVI ORFANE RIMOSSE - - - -
    .
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKLM-Run-ISW - (no file)
    .
    .
    .
    ************************************************** ************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-10-12 19:25
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scansione processi nascosti ...
    .
    scansione entrate autostart nascoste ...
    .
    Scansione files nascosti ...
    .
    Scansione completata con successo
    Files nascosti: 0
    .
    ************************************************** ************************
    .
    --------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
    .
    [HKEY_USERS\S-1-5-21-1960408961-261478967-527237240-1003\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{462A2C83-6610-95F9-348C-4D65800F7FF1}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "hapmjildgidgfgai"=hex:61,61,00,00
    "hapmjildajndncjg"=hex:61,61,00,00
    "iadplhfmhciiojmgdk"=hex:69,61,69,65,62,70,6c,68,6 2,6b,70,6f,68,6b,6f,6b,6f,6f,
    00,00
    "habpaafbihafalek"=hex:69,61,69,65,62,70,6c,68,62, 6b,70,6f,68,6b,6f,6b,6f,6f,
    00,00
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{462A2C8 3-6610-95F9-348C-4D65800F7FF1}\InProcServer32*]
    "iafpghbhjflbehpnog"=hex:61,61,00,00
    "iafpghbhjfbbkijcck"=hex:61,61,00,00
    "jafpcmgakbapcenlpgpn"=hex:69,61,69,65,62,70,6c,68 ,62,6b,70,6f,68,6b,6f,6b,6f,
    6f,00,00
    "iafpinaejboccfihjb"=hex:69,61,69,65,62,70,6c,68,6 2,6b,70,6f,68,6b,6f,6b,6f,6f,
    00,00
    .
    --------------------- Dlls caricate dai processi in esecuzione ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1144)
    c:\windows\system32\sfc_os.dll
    c:\programmi\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\cscui.dll
    c:\windows\system32\COMRes.dll
    c:\programmi\CheckPoint\ZAForceField\Plugins\ISWSH EX.dll
    .
    - - - - - - - > 'lsass.exe'(1200)
    c:\windows\system32\scecli.dll
    c:\programmi\CheckPoint\ZAForceField\Plugins\ISWSH EX.dll
    .
    Ora fine scansione: 2012-10-12 19:28:08
    ComboFix-quarantined-files.txt 2012-10-12 17:28
    .
    Pre-Run: 3.106.889.728 byte disponibili
    Post-Run: 3.230.363.648 byte disponibili
    .
    - - End Of File - - BC6DFCB732CBF329BC4B702A7CFA0211



    Grazie
    Rispondi quotando Rispondi quotando
  4. 12-10-2012, 20:11 #4
    kasper799
    kasper799 non è in linea
    Utente di HTML.it
    Registrato dal
    Nov 2006
    Messaggi
    37
    l'ho scaricato intero s:

    http://wikisend.com/download/936170/ComboFix.txt

    Rispondi quotando Rispondi quotando
« Discussione precedente | Prossima discussione »

Permessi di invio

  • Non puoi inserire discussioni
  • Non puoi inserire repliche
  • Non puoi inserire allegati
  • Non puoi modificare i tuoi messaggi
  •  

Regole del Forum

Powered by vBulletin® Version 4.2.1
Copyright © 2025 vBulletin Solutions, Inc. All rights reserved.