API tools faq
paste
Guest User

Log Combofix

a guest
Jan 4th, 2014
43
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.20 KB | None | 0 0
raw download clone embed print report
  1. ComboFix 14-01-04.03 - Maurizio 04/01/2014 17.26.57.1.1 - x86
  2. Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1023.591 [GMT 1:00]
  3. Eseguito da: c:\documents and settings\Maurizio\Documenti\Downloads\ComboFix.exe
  4. * Creato nuovo punto di ripristino
  5. .
  6. .
  7. ((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
  8. .
  9. .
  10. c:\documents and settings\Maurizio\Dati applicazioni\facemoods.com
  11. c:\documents and settings\Maurizio\Dati applicazioni\facemoods.com\facemoods\rprt\4AC16.upld
  12. c:\documents and settings\Maurizio\Dati applicazioni\OfferBox
  13. c:\documents and settings\Maurizio\Dati applicazioni\OfferBox\config.xml
  14. c:\documents and settings\Maurizio\Impostazioni locali\Dati applicazioni\cqsaa.dat
  15. c:\documents and settings\Maurizio\Impostazioni locali\Dati applicazioni\cqsaa.exe
  16. c:\documents and settings\Maurizio\Impostazioni locali\Dati applicazioni\cqsaa_nav.dat
  17. c:\documents and settings\Maurizio\Impostazioni locali\Dati applicazioni\cqsaa_navps.dat
  18. c:\documents and settings\Maurizio\Impostazioni locali\Dati applicazioni\xiscte.dat
  19. c:\documents and settings\maurizio\impostazioni locali\dati applicazioni\xiscte.exe
  20. c:\documents and settings\Maurizio\Impostazioni locali\Dati applicazioni\xiscte_nav.dat
  21. c:\documents and settings\Maurizio\Impostazioni locali\Dati applicazioni\xiscte_navps.dat
  22. c:\documents and settings\Maurizio\WINDOWS
  23. c:\programmi\FunWebProducts
  24. c:\programmi\FunWebProducts\Shared\000CDD2C.dat
  25. c:\programmi\Mozilla Firefox\extensions\[email protected]
  26. c:\programmi\Mozilla Firefox\extensions\[email protected]\chrome.manifest
  27. c:\programmi\Mozilla Firefox\extensions\[email protected]\content\blgc.js
  28. c:\programmi\Mozilla Firefox\extensions\[email protected]\content\facemoods.png
  29. c:\programmi\Mozilla Firefox\extensions\[email protected]\content\facemoods.xul
  30. c:\programmi\Mozilla Firefox\extensions\[email protected]\content\Loader.js
  31. c:\programmi\Mozilla Firefox\extensions\[email protected]\content\pref.jpg
  32. c:\programmi\Mozilla Firefox\extensions\[email protected]\content\preferences.js
  33. c:\programmi\Mozilla Firefox\extensions\[email protected]\content\preferences.xul
  34. c:\programmi\Mozilla Firefox\extensions\[email protected]\content\prefman.js
  35. c:\programmi\Mozilla Firefox\extensions\[email protected]\content\script-compiler.js
  36. c:\programmi\Mozilla Firefox\extensions\[email protected]\content\Thumbs.db
  37. c:\programmi\Mozilla Firefox\extensions\[email protected]\content\xmlhttprequester.js
  38. c:\programmi\Mozilla Firefox\extensions\[email protected]\defaults\preferences\facemoods.js
  39. c:\programmi\Mozilla Firefox\extensions\[email protected]\install.rdf
  40. c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
  41. c:\windows\IsUn0410.exe
  42. c:\windows\system32\dbghelp.dll.tmp
  43. c:\windows\system32\SETB1.tmp
  44. c:\windows\system32\SETBD.tmp
  45. c:\windows\UA000022.DLL
  46. c:\windows\unin0410.exe
  47. .
  48. .
  49. ((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
  50. .
  51. .
  52. -------\Legacy_NPF
  53. .
  54. .
  55. ((((((((((((((((((((((((( Files Creati Da 2013-12-04 al 2014-01-04 )))))))))))))))))))))))))))))))))))
  56. .
  57. .
  58. 2014-01-04 16:00 . 2014-01-04 16:00 -------- dc----w- c:\documents and settings\Administrator
  59. 2014-01-01 17:49 . 2014-01-01 17:49 -------- dc----w- c:\documents and settings\Maurizio\Impostazioni locali\Dati applicazioni\SearchProtect
  60. 2014-01-01 17:48 . 2014-01-01 17:48 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\Auslogics
  61. 2014-01-01 17:47 . 2014-01-01 17:47 -------- d-----w- c:\programmi\Auslogics
  62. 2014-01-01 17:33 . 2014-01-01 17:33 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
  63. 2014-01-01 17:33 . 2014-01-01 17:33 -------- d-----w- c:\programmi\TP-LINK
  64. 2014-01-01 17:33 . 2014-01-01 17:33 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\TP-LINK Driver
  65. .
  66. .
  67. .
  68. (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
  69. .
  70. .
  71. .
  72. ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
  73. .
  74. .
  75. *Nota* i valori vuoti & legittimi/default non sono visualizzati.
  76. REGEDIT4
  77. .
  78. [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  79. "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
  80. .
  81. c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
  82. TL-WN321G Wireless Utility.lnk - c:\programmi\TP-LINK\TL-WN321G\COMMON\TWCU.exe -s [2014-1-1 1298432]
  83. .
  84. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
  85. 2004-03-03 11:00 335872 ----a-w- c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
  86. .
  87. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  88. "%windir%\\system32\\sessmgr.exe"=
  89. "c:\\Programmi\\eMule\\emule.exe"=
  90. "c:\\Programmi\\Pinnacle\\Studio 11\\programs\\RM.exe"=
  91. "c:\\Programmi\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
  92. "c:\\Programmi\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
  93. "c:\\Programmi\\Pinnacle\\Studio 11\\programs\\umi.exe"=
  94. "c:\\Programmi\\Messenger\\msmsgs.exe"=
  95. "c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
  96. "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  97. "c:\\Programmi\\BitTorrent\\bittorrent.exe"=
  98. "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
  99. "c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
  100. "c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
  101. "c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
  102. "c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
  103. "c:\\Programmi\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
  104. "c:\\Programmi\\IHMC CmapTools\\jre\\bin\\javaw.exe"=
  105. "c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
  106. "c:\\Programmi\\Skype\\Phone\\Skype.exe"=
  107. .
  108. S2 cgpystb;Boot Microsoft;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 13.00.00 14336]
  109. S2 derzfkdcg;Support Shell;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 13.00.00 14336]
  110. S2 kvsif;Update Helper;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 13.00.00 14336]
  111. S2 nqtmhds;Microsoft Manager;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 13.00.00 14336]
  112. S2 rcilqea;Monitor Security;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 13.00.00 14336]
  113. S2 wmklzow;Monitor Update;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 13.00.00 14336]
  114. S2 xhcrynga;uxaebynf;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 13.00.00 14336]
  115. S2 zcajq;Image Center;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 13.00.00 14336]
  116. S3 iComp;Python2 USB WDM Encoder;c:\windows\system32\drivers\p2usbwdm.sys [31/07/2005 19.21.22 1183616]
  117. S3 KMWDFILTERx86;MLK KM DRIVER;c:\windows\system32\drivers\KMWDFILTER.sys [22/05/2010 9.41.57 18432]
  118. S3 mdxgthkn;mdxgthkn;\??\c:\docume~1\Maurizio\IMPOST~1\Temp\mdxgthkn.sys --> c:\docume~1\Maurizio\IMPOST~1\Temp\mdxgthkn.sys [?]
  119. .
  120. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
  121. HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
  122. hpdevmgmt REG_MULTI_SZ hpqcxs08
  123. .
  124. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
  125. fangysb
  126. .
  127. [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
  128. 2014-01-01 17:50 1210320 ----a-w- c:\programmi\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
  129. .
  130. Contenuto della cartella 'Scheduled Tasks'
  131. .
  132. 2013-04-14 c:\windows\Tasks\Driver Robot.job
  133. - c:\programmi\Driver Robot\1.1.0.14\DriverRobot.exe [2009-11-30 12:53]
  134. .
  135. 2014-01-04 c:\windows\Tasks\Google Software Updater.job
  136. - c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-21 13:52]
  137. .
  138. 2014-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  139. - c:\programmi\Google\Update\GoogleUpdate.exe [2010-04-05 13:55]
  140. .
  141. 2014-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  142. - c:\programmi\Google\Update\GoogleUpdate.exe [2010-04-05 13:55]
  143. .
  144. 2013-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1078145449-839522115-1004Core.job
  145. - c:\documents and settings\Maurizio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-05-14 17:07]
  146. .
  147. 2014-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1078145449-839522115-1004UA.job
  148. - c:\documents and settings\Maurizio\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-05-14 17:07]
  149. .
  150. .
  151. ------- Scansione supplementare -------
  152. .
  153. uStart Page = hxxp://it.msn.com
  154. uDefault_Search_URL = hxxp://www.google.com/ie
  155. uInternet Settings,ProxyOverride = ;127.0.0.1;<local>
  156. uSearchAssistant = hxxp://www.google.com/ie
  157. uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
  158. IE: E&sporta in Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
  159. IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
  160. IE: MediaManager tool grab multimedia file - c:\programmi\MP3 Player Utilities 3.74\MediaManager\grab.html
  161. TCP: DhcpNameServer = 192.168.1.1
  162. DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
  163. .
  164. - - - - CHIAVI ORFANE RIMOSSE - - - -
  165. .
  166. WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
  167. MSConfigStartUp-xiscte - c:\documents and settings\maurizio\impostazioni locali\dati applicazioni\xiscte.exe
  168. AddRemove-xiscte - c:\documents and settings\maurizio\impostazioni locali\dati applicazioni\xiscte.exe
  169. AddRemove-Techno Design IP Notify - c:\programmi\Techno Design IP\LiveSearch Notification.exe
  170. .
  171. .
  172. .
  173. **************************************************************************
  174. .
  175. catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  176. Rootkit scan 2014-01-04 17:36
  177. Windows 5.1.2600 Service Pack 3 NTFS
  178. .
  179. scansione processi nascosti ...
  180. .
  181. scansione entrate autostart nascoste ...
  182. .
  183. Scansione files nascosti ...
  184. .
  185. Scansione completata con successo
  186. Files nascosti: 0
  187. .
  188. **************************************************************************
  189. .
  190. [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cgpystb]
  191. "ServiceDll"="c:\documents and settings\Maurizio\Dati applicazioni\qtyzf.dll"
  192. --
  193. .
  194. [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\derzfkdcg]
  195. "ServiceDll"="c:\programmi\Internet Explorer\qtyzf.dll"
  196. --
  197. .
  198. [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kvsif]
  199. "ServiceDll"="c:\windows\system32\qtyzf.dll"
  200. --
  201. .
  202. [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nqtmhds]
  203. "ServiceDll"="c:\programmi\Movie Maker\qtyzf.dll"
  204. --
  205. .
  206. [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rcilqea]
  207. "ServiceDll"="c:\programmi\Internet Explorer\qtyzf.dll"
  208. --
  209. .
  210. [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wmklzow]
  211. "ServiceDll"="c:\windows\system32\qtyzf.dll"
  212. --
  213. .
  214. [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xhcrynga]
  215. "ServiceDll"="c:\windows\system32\qtyzf.dll"
  216. --
  217. .
  218. [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zcajq]
  219. "ServiceDll"="c:\programmi\Movie Maker\qtyzf.dll"
  220. .
  221. --------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
  222. .
  223. [HKEY_USERS\S-1-5-21-842925246-1078145449-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3554563A-AF50-385D-FF36-F6A3A22263B8}*]
  224. @Allowed: (Read) (RestrictedCode)
  225. @Allowed: (Read) (RestrictedCode)
  226. "oaodlcnokahgepfdbjbkfboggmahkg"=hex:61,69,6d,62,6d,65,70,70,69,6d,68,6a,6a,64,
  227. 63,6f,6c,67,6b,6f,6f,67,62,6b,6e,6f,67,6e,67,69,66,69,6d,61,63,64,6d,64,68,\
  228. "iahenplfcbpbphjngc"=hex:6b,61,64,61,6f,6a,61,65,62,65,70,6c,70,68,65,62,62,67,
  229. 66,6b,6c,6e,00,00
  230. "hafehbkmdndmmhac"=hex:6b,61,64,61,6f,6a,61,65,62,65,70,6c,70,68,65,62,62,67,
  231. 66,6b,6c,6e,00,00
  232. .
  233. [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
  234. "0140311900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
  235. .
  236. --------------------- Dlls caricate dai processi in esecuzione ---------------------
  237. .
  238. - - - - - - - > 'winlogon.exe'(540)
  239. c:\windows\system32\Ati2evxx.dll
  240. .
  241. - - - - - - - > 'explorer.exe'(3164)
  242. c:\windows\system32\WININET.dll
  243. c:\windows\system32\WPDShServiceObj.dll
  244. c:\windows\system32\PortableDeviceTypes.dll
  245. c:\windows\system32\PortableDeviceApi.dll
  246. .
  247. ------------------------ Altri processi in esecuzione ------------------------
  248. .
  249. c:\windows\system32\Ati2evxx.exe
  250. c:\windows\system32\Ati2evxx.exe
  251. c:\programmi\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe
  252. c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
  253. c:\windows\system32\wscntfy.exe
  254. .
  255. **************************************************************************
  256. .
  257. Ora fine scansione: 2014-01-04 17:42:12 - Il pc è stato riavviato
  258. ComboFix-quarantined-files.txt 2014-01-04 16:42
  259. .
  260. Pre-Run: 44.379.492.352 byte disponibili
  261. Post-Run: 44.597.637.120 byte disponibili
  262. .
  263. WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
  264. [boot loader]
  265. timeout=2
  266. default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
  267. [operating systems]
  268. c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
  269. UnsupportedDebug="do not select this" /debug
  270. multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
  271. .
  272. - - End Of File - - 2E4C21A75833CD7CD73D7F4A626D0872
  273. 828E02D5C4A4FBE53441EE9DBEE51F43
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!