rootkit - Sicurezza Informatica - NoTrace Security Forum

NoTrace Security Forum

Nome Utente:	Password:
Salva Password
Password Dimenticata?

Tutti i Forum

Virus

Computer Virus

rootkit

Forum Bloccato

Versione Stampabile

Aggiungi Segnalibro

Autore

Discussione

xbbx
New Member

38 Messaggi

Inserito il - 06/07/2010 : 18:08:02

scusate sono nuovo e non ho trovato la sezione per presentarmi, volevo chiedervi se e' possibile dare un occhio al mio log, grazie mille in anticipo

Malwarebytes' Anti-Malware 1.46
[www].malwarebytes.org

Versione database: 4282

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

06/07/2010 18:05:27
mbam-log-2010-07-06 (18-05-27).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi esaminati: 197146
Tempo trascorso: 28 minuti, 36 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 1
Chiavi di registro infette: 7
Valori di registro infetti: 1
Voci infette nei dati di registro: 0
Cartelle infette: 1
File infetti: 8

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
C:\Users\Biagio\AppData\Local\PHadDEn.dll (Trojan.Agent.Gen) -> No action taken.

Chiavi di registro infette:
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> No action taken.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> No action taken.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> No action taken.

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tvuqe (Trojan.Agent.Gen) -> No action taken.

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
C:\Windows\$NtUninstallMTF1011$ (Adware.Adrotator) -> No action taken.

File infetti:
C:\Users\Biagio\AppData\Local\PHadDEn.dll (Trojan.Agent.Gen) -> No action taken.
C:\Users\Biagio\AppData\Local\Temp\CE68.tmp (Rootkit.TDSS.Gen) -> No action taken.
C:\Users\Biagio\AppData\Local\Temp\hyozvNABAE.exe (Trojan.Agent.Gen) -> No action taken.
C:\Windows\System32\drivers\mrdjucj.sys (Rootkit.Agent) -> No action taken.
C:\Windows\System32\spool\prtprocs\w32x86\D9D2.tmp (Rootkit.Agent) -> No action taken.
C:\Windows\System32\spool\prtprocs\w32x86\F1F6.tmp (Rootkit.Agent) -> No action taken.
C:\Windows\Temp\5565.tmp (Rootkit.Agent) -> No action taken.
D:\PROGRAMMI\xbins\xbins.exe (HackTool.IRCBrute) -> No action taken.

Modificato da - in Data

shang
Advanced Member

Città: Roma

4879 Messaggi

Inserito il - 06/07/2010 : 19:35:44

ciao e benvenuto nel forum

elimina quello trovato da mbam

disattiva il tuo antivirus momentaneamente

scarica combofix sul desktop
(non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.

non usare il pc durante la scansione, nemmeno il mouse!

come usare correttamente combofix

xbbx
New Member

38 Messaggi

Inserito il - 08/07/2010 : 13:52:25

grazie mille ho risolto con combo fix allego il report

ComboFix 10-07-07.02 - Biagio 08/07/2010 13:37:28.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.39.1040.18.2047.1350 [GMT 2:00]
Eseguito da: c:\users\Biagio\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Biagio\AppData\Roaming\Ywuw\zyapi.exe
c:\windows\system32\%appdata%

.
((((((((((((((((((((((((( Files Creati Da 2010-06-08 al 2010-07-08 )))))))))))))))))))))))))))))))))))
.

2010-07-08 11:43 . 2010-07-08 11:45 -------- d-----w- c:\users\Biagio\AppData\Local\temp
2010-07-08 11:43 . 2010-07-08 11:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-07 13:16 . 2010-07-07 13:36 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-07 13:16 . 2010-07-07 13:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-06 15:34 . 2010-07-06 15:34 -------- d-----w- c:\users\Biagio\AppData\Roaming\Malwarebytes
2010-07-06 15:34 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-06 15:34 . 2010-07-06 15:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-06 15:34 . 2010-07-06 15:34 -------- d-----w- c:\programdata\Malwarebytes
2010-07-06 15:34 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-06 12:21 . 2010-07-06 12:28 -------- d-----w- c:\program files\Datel
2010-06-27 14:23 . 2010-07-06 13:50 -------- d-----w- c:\users\Biagio\AppData\Local\xdcvfoote
2010-06-22 21:59 . 2009-11-25 10:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-22 21:59 . 2009-11-25 10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-22 21:59 . 2009-11-25 10:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-22 21:59 . 2009-11-25 10:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-22 21:59 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-22 21:58 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-06-22 21:58 . 2010-05-09 09:14 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-06-22 21:58 . 2010-05-09 09:14 417792 ----a-w- c:\windows\system32\msdri.dll
2010-06-20 11:34 . 2010-07-08 11:08 -------- d-----w- c:\users\Biagio\AppData\Roaming\abgx360
2010-06-19 10:58 . 2009-08-20 07:24 49304 ----a-w- c:\windows\system32\drivers\FETN62.sys
2010-06-18 15:12 . 2010-06-18 15:12 -------- d-----w- c:\windows\Sun
2010-06-18 14:29 . 2010-06-18 14:29 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-18 12:30 . 2009-08-08 16:46 485920 ----a-w- c:\windows\system32\nvuninst.exe
2010-06-18 12:29 . 2009-08-08 16:46 485920 ----a-w- c:\windows\system32\nvunrm.exe
2010-06-18 12:29 . 2009-07-30 15:12 287392 ----a-w- c:\windows\system32\drivers\nvmf6232.sys
2010-06-18 12:29 . 2009-07-30 14:48 898048 ----a-w- c:\windows\system32\fdco2.dll
2010-06-18 12:29 . 2009-07-30 08:29 521128 ----a-w- c:\windows\system32\DPInst.exe
2010-06-18 12:29 . 2009-07-29 22:28 155648 ----a-w- c:\windows\system32\nvconrm.dll
2010-06-18 12:25 . 2010-04-19 14:15 36616 ----a-w- c:\windows\system32\drivers\btcusb.sys
2010-06-18 12:25 . 2010-02-25 13:49 19464 ----a-w- c:\windows\system32\btinstall.dll
2010-06-16 14:58 . 2009-09-28 10:55 18432 ----a-w- c:\windows\system32\drivers\KMWDFILTER.sys
2010-06-16 14:41 . 2010-06-16 14:41 -------- d-----w- c:\users\Biagio\AppData\Local\Innovative Solutions
2010-06-16 14:41 . 2010-06-16 14:41 -------- d-----w- c:\programdata\Innovative Solutions
2010-06-14 21:19 . 2010-06-14 21:19 -------- d-----w- c:\windows\system32\Wat
2010-06-14 10:15 . 2010-06-14 10:20 -------- d-----w- c:\windows\system32\Adobe
2010-06-13 10:31 . 2010-06-13 11:05 -------- d-----w- c:\users\Biagio\AppData\Roaming\ImgBurn
2010-06-13 10:30 . 2010-06-13 10:30 -------- d-----w- c:\program files\ImgBurn
2010-06-12 11:01 . 2010-06-12 11:01 -------- d-----w- c:\programdata\Messenger Plus!
2010-06-11 10:56 . 2009-06-22 16:58 89600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
2010-06-11 10:12 . 2010-06-11 10:12 -------- d-----w- c:\program files\CCleaner
2010-06-11 10:11 . 2010-07-07 18:34 -------- d-----w- c:\users\Biagio\AppData\Roaming\vlc
2010-06-11 10:10 . 2010-06-11 10:10 -------- d-----w- c:\program files\VideoLAN
2010-06-10 21:54 . 2010-06-20 09:25 -------- d-----w- c:\users\Biagio\AppData\Local\Microsoft Games
2010-06-10 20:05 . 2010-06-10 20:05 -------- d-----w- c:\program files\Messenger Plus! Live
2010-06-10 19:53 . 2010-06-19 18:06 -------- d-----w- c:\users\Biagio\Tracing
2010-06-10 19:51 . 2010-06-10 19:51 -------- d-----w- c:\program files\Microsoft
2010-06-10 19:50 . 2010-06-10 19:50 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-06-10 19:50 . 2010-06-10 19:51 -------- d-----w- c:\program files\Windows Live
2010-06-10 18:29 . 2010-06-10 18:29 -------- d-----w- c:\program files\Common Files\Windows Live
2010-06-10 17:30 . 2009-11-25 09:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-06-10 17:30 . 2009-03-30 07:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-06-10 17:30 . 2010-06-10 17:30 -------- d-----w- c:\programdata\Avira
2010-06-10 17:30 . 2010-06-10 17:30 -------- d-----w- c:\program files\Avira
2010-06-10 17:21 . 2010-06-10 18:29 108824 ----a-w- c:\users\Biagio\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-10 17:15 . 2010-06-10 17:15 -------- d-----w- c:\program files\VS Revo Group
2010-06-10 17:15 . 2010-06-14 10:20 -------- d-----w- c:\windows\system32\Macromed
2010-06-10 17:08 . 2008-11-10 09:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-06-10 17:08 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-06-10 17:07 . 2010-06-10 18:24 -------- d-----w- c:\program files\Microsoft Works
2010-06-10 17:06 . 2010-07-08 09:00 -------- d-----w- c:\windows\PCHEALTH
2010-06-10 17:06 . 2010-06-10 17:06 -------- d-----w- c:\program files\Microsoft.NET
2010-06-10 17:05 . 2010-06-10 17:05 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-06-10 17:04 . 2010-06-10 17:04 -------- d-----w- c:\users\Biagio\AppData\Local\Microsoft Help
2010-06-10 17:04 . 2010-06-10 18:29 -------- d-----w- c:\programdata\Microsoft Help
2010-06-10 17:04 . 2010-06-10 17:04 -------- d-----r- C:\MSOCache
2010-06-10 17:02 . 2010-06-10 17:02 -------- d-----w- c:\program files\abgx360
2010-06-10 17:00 . 2010-06-10 17:00 -------- d-----w- c:\program files\Common Files\PC SOFT
2010-06-10 16:58 . 2010-06-10 16:58 -------- d-----w- c:\program files\MKVtoolnix
2010-06-10 16:58 . 2010-06-10 16:59 -------- d-----w- c:\program files\360WavesPatcher
2010-06-10 16:53 . 2010-06-19 12:23 -------- d-----w- c:\users\Biagio\AppData\Local\ElevatedDiagnostics
2010-06-10 16:45 . 2010-06-10 15:57 -------- d-----w- c:\windows\Panther
2010-06-10 16:44 . 2010-06-10 16:44 -------- d-----w- c:\programdata\eMule
2010-06-10 16:43 . 2010-06-10 16:45 -------- d-----w- c:\users\Biagio\AppData\Local\eMule
2010-06-10 16:43 . 2010-06-10 16:43 -------- d-----w- c:\program files\eMule
2010-06-10 16:35 . 2010-07-07 17:08 -------- d-----w- c:\program files\JDownloader
2010-06-10 16:34 . 2010-06-10 16:34 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-06-10 16:34 . 2010-06-10 16:34 -------- d-----w- c:\program files\Java
2010-06-10 16:24 . 2010-06-10 16:24 -------- d-----w- c:\users\Biagio\AppData\Roaming\Nero
2010-06-10 16:24 . 2010-06-10 16:24 -------- d-----w- c:\programdata\Nero
2010-06-10 16:22 . 2010-06-10 16:22 -------- d-----w- c:\program files\Common Files\Nero
2010-06-10 16:22 . 2010-06-10 16:24 -------- d-----w- c:\program files\Nero
2010-06-10 16:13 . 2010-06-18 12:31 -------- d-----w- c:\programdata\NVIDIA
2010-06-10 16:13 . 2010-06-18 14:29 -------- d-sh--w- c:\windows\Installer
2010-06-10 16:13 . 2010-06-10 16:13 -------- d-----w- c:\program files\NVIDIA Corporation
2010-06-10 16:12 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-06-10 16:08 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-06-10 16:08 . 2010-05-21 12:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-06-10 16:08 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-06-10 16:05 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-06-10 16:05 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-06-10 16:00 . 2010-07-08 11:41 -------- d-----w- c:\windows\system32\wbem\Performance

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-08 11:41 . 2009-07-14 08:21 692090 ----a-w- c:\windows\system32\perfh010.dat
2010-07-08 11:41 . 2009-07-14 08:21 125396 ----a-w- c:\windows\system32\perfc010.dat
2010-06-10 17:07 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-06-10 16:15 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-06-10 15:58 . 2010-06-10 15:58 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-06-10 15:57 . 2010-06-10 15:57 -------- d-sh--we c:\programdata\Preferiti
2010-06-10 15:57 . 2010-06-10 15:57 -------- d-sh--we c:\programdata\Modelli
2010-06-10 15:57 . 2010-06-10 15:57 -------- d-sh--we c:\programdata\Menu Avvio
2010-06-10 15:57 . 2010-06-10 15:57 -------- d-sh--we c:\programdata\Documenti
2010-06-10 15:57 . 2010-06-10 15:57 -------- d-sh--we c:\programdata\Dati applicazioni
2010-06-10 15:57 . 2010-06-10 15:57 -------- d-sh--we c:\program files\File comuni
2010-05-27 07:24 . 2010-06-10 16:07 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-10 16:07 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 05:18 . 2010-06-10 16:07 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-01 14:49 . 2010-06-10 16:07 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 09:47 . 2010-04-29 09:47 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-04-29 09:47 . 2010-04-29 09:47 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-04-23 07:13 . 2010-06-10 16:07 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-16 20:12 . 2010-04-16 20:12 48464 ----a-w- c:\windows\system32\sirenacm.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\skb
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uftgytay

R3 {3355B94A-C921-48B0-BA8891380A37A53F};{3355B94A-C921-48B0-BA8891380A37A53F};c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 {3B929166-69B2-41A0-99DB63502F14A72E};{3B929166-69B2-41A0-99DB63502F14A72E};c:\windows\TEMP\5D43.tmp [x]
R3 {75D4E786-3147-460D-AB9F9F8264D6B5CE};{75D4E786-3147-460D-AB9F9F8264D6B5CE};c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 BthAudioHF;Servizio Audio vivavoce Bluetooth;c:\windows\system32\DRIVERS\BthAudioHF.sys [2009-12-21 43008]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-14 1343400]
S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 KMWDFILTERx86;MLK KM DRIVER;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-09-28 18432]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - mrdjucj

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthaudiosvc REG_MULTI_SZ HFGService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
{75D4E786-3147-460D-AB9F9F8264D6B5CE}
{3355B94A-C921-48B0-BA8891380A37A53F}
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://[www].google.it/
uInternet Settings,ProxyServer = htt*=127.0.0.1:5577
uInternet Settings,ProxyOverride = <local>
TCP: {91820DDA-6942-47C7-9FD5-8BE4C24F575C} = 8.8.8.8,8.8.4.4
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

Toolbar-Locked - (no file)
HKCU-Run-{CACC6570-5C9C-4EAA-6E76-6F4D6B5D1AD2} - c:\users\Biagio\AppData\Roaming\Ywuw\zyapi.exe
MSConfigStartUp-Tvuqe - c:\users\Biagio\AppData\Local\PHadDEn.dll
MSConfigStartUp-{CACC6570-5C9C-4EAA-6E76-6F4D6B5D1AD2} - c:\users\Biagio\AppData\Roaming\Ywuw\zyapi.exe

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, htt*://[www].gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85BD3EC5]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0x53706341
DeleteProcedure -> 0x4080002
ParseProcedure -> 0xee657645
user & kernel MBR OK
copy of MBR has been found in sector 0x01D385800
malicious code

sector 0x01D385803 !
PE file found in sector at 0x01D385819 !

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{3355B94A-C921-48B0-BA8891380A37A53F}]
"ServiceDll"="c:\users\Biagio\AppData\Local\Temp\F1E5.tmp"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{3B929166-69B2-41A0-99DB63502F14A72E}]
"ImagePath"="\??\c:\windows\TEMP\5D43.tmp"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{75D4E786-3147-460D-AB9F9F8264D6B5CE}]
"ServiceDll"="c:\users\Biagio\AppData\Local\Temp\F1E5.tmp"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrdjucj]

.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

Denied: (A 2) (Everyone)

="FlashBroker"
"LocalizedString"="

c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

Denied: (A 2) (Everyone)

="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

Denied: (A) (Users)

Denied: (A) (Everyone)

Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

Denied: (A) (Users)

Denied: (A) (Everyone)

Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

Denied: (A) (Users)

Denied: (A) (Everyone)

Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Ora fine scansione: 2010-07-08 13:48:33 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-07-08 11:48

Pre-Run: 234.790.334.464 byte disponibili
Post-Run: 234.930.372.608 byte disponibili

- - End Of File - - F7DD3142D032D31605CB6F84F6F70818

xbbx
New Member

38 Messaggi

Inserito il - 08/07/2010 : 20:02:38

se lancio combofix pero' il rootkit nella cartella %appdata% e' sempre presente, avete soluzioni per favore?

Discussione

Forum Bloccato

Versione Stampabile

Aggiungi Segnalibro

Vai a:

NoTrace Security Forum

Pagina generata in 0,31 secondi.

TargatoNA | SuperDeeJay | Snitz Forums 2000