Registrazione
Moderatori: m.paolo, kadosh, Luke57
di homerino85 » 27/05/12 12:28
di FrancescoFDAC » 27/05/12 12:33
di homerino85 » 27/05/12 12:39
di FrancescoFDAC » 27/05/12 12:58
di homerino85 » 27/05/12 13:26
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: FireWall *Enabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Creati Da 2012-04-25 al 2012-05-25 )))))))))))))))))))))))))))))))))))
.
.
2012-05-25 16:15 . 2012-05-25 16:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-25 16:15 . 2012-05-25 16:15 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-05-25 08:25 . 2012-05-14 23:43 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2077FBF7-6C9E-4A0F-B014-4124C11C643C}\mpengine.dll
2012-05-24 18:12 . 2012-05-25 15:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-05-24 18:12 . 2012-05-24 18:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-05-23 13:58 . 2012-02-23 08:18 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-23 13:40 . 2012-05-23 13:40 -------- d-----w- c:\users\GM\AppData\Roaming\Avira
2012-05-23 13:39 . 2012-05-23 14:18 91968 ----a-w- c:\windows\system32\drivers\avfwim.sys
2012-05-23 13:39 . 2012-05-23 14:18 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-23 13:39 . 2012-05-23 14:18 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-23 13:39 . 2012-05-23 14:18 112032 ----a-w- c:\windows\system32\drivers\avfwot.sys
2012-05-23 13:39 . 2011-10-11 12:53 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-05-23 13:39 . 2012-05-23 13:40 -------- d-----w- c:\programdata\Avira
2012-05-23 13:39 . 2012-05-23 13:39 -------- d-----w- c:\program files\Avira
2012-05-23 13:15 . 2012-05-25 16:15 -------- d-----w- c:\users\GM\AppData\Local\temp
2012-05-16 08:19 . 2012-05-16 08:19 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-05-15 22:35 . 2012-05-15 22:35 -------- d-----w- c:\users\GM\AppData\Roaming\Malwarebytes
2012-05-15 22:35 . 2012-05-16 09:44 -------- d-----w- c:\programdata\Malwarebytes
2012-05-15 22:35 . 2012-05-15 22:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-15 22:35 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-10 10:00 . 2012-03-30 10:29 1287024 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 10:00 . 2012-04-02 04:40 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 10:00 . 2012-04-02 04:41 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 10:00 . 2012-04-02 04:40 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 10:00 . 2012-04-02 04:40 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 09:59 . 2012-04-02 04:46 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 09:59 . 2012-04-02 04:46 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-10 09:59 . 2012-04-02 02:43 2342400 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 09:59 . 2012-03-17 07:20 56688 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 09:59 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 09:59 . 2012-03-03 05:40 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-10 09:59 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-10 09:59 . 2012-03-03 05:40 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-05-10 09:59 . 2012-03-03 05:40 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-07 08:28 . 2012-05-22 15:42 -------- d-----w- c:\users\GM\AppData\Roaming\DC++
2012-05-07 08:28 . 2012-05-22 15:42 -------- d-----w- c:\users\GM\AppData\Local\DC++
2012-05-07 08:24 . 2012-05-07 08:25 -------- d-----w- c:\program files\DC++
2012-05-05 14:19 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll
2012-05-05 11:08 . 2012-05-05 11:08 -------- d-----w- c:\users\Administrator\AppData\Local\Mozilla
2012-05-04 15:50 . 2012-05-04 15:50 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-26 15:39 . 2012-04-26 15:40 -------- d-----w- c:\users\GM\AppData\Roaming\Edqaun
2012-04-26 15:39 . 2012-04-26 15:39 -------- d-----w- c:\users\GM\AppData\Roaming\Apqud
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 05:53 . 2012-04-25 11:48 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:49 . 2012-04-25 11:48 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:45 . 2012-04-25 11:48 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:40 . 2012-04-25 11:48 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-28 01:18 . 2012-04-25 11:50 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-25 11:50 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-25 11:50 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-25 11:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-21 01:18 . 2012-05-04 15:49 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}"= "c:\program files\uTorrentBar_IT\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}]
2011-05-09 08:49 176936 ----a-w- c:\program files\uTorrentBar_IT\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}"= "c:\program files\uTorrentBar_IT\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1}"= "c:\program files\uTorrentBar_IT\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2010-07-23 1755960]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 16062464]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-23 348624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/it.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT&inst=NzctMTI3ODQ4Njk0NC1ERFQrNDI5NDk0OTk1NC1GTDEwKzEtVFVHKzMtU1VQKzEtREQxMEYrMS1TVDEwRkFQUCsxLUYxME0xMkVUKzEtVEIrMS1VMTArMS1GMTBUQisyLVNUMTBUQkYrMQ&prod=55&ver=10.0.1424" [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
R3 cpuz134;cpuz134;c:\users\GM\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-05-16 40776]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 vpcuxd;Servizio stub virtualizzazione USB;c:\windows\system32\DRIVERS\vpcuxd.sys [2009-09-23 12800]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-09 1343400]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2012-05-23 112032]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [2012-05-23 619472]
S2 AntiVirMailService;Avira Mail Protection;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2012-05-23 375760]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-05-23 86224]
S2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-23 465360]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2012-05-23 91968]
S3 yukonw7;Driver miniport NDIS6.2 per controller Ethernet Marvell Yukon;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
freepops
axsnmsvc
advantage
SRVLOC
ifp800
WmVirHid
fgdxbus
acmservice
hpqwmiex
ProcObsrv
AVWLP_USB
csctl50
cpuidlep
VX1000
BTSLBCSP
LPCFilter
PSI_SVC_2
ati2mtaa
clr_optimization_v2.0.50215_32
mbackmonitor
appnnode
IntuitUpdateService
mi-raysat_3dsMax2008_32
dlpwd
vcsw
U81xobex
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Cerca nel web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{CCA6DC43-77E0-4026-AC87-7F100BECA733}: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\GM\AppData\Roaming\Mozilla\Firefox\Profiles\4s1fob9y.default\
FF - prefs.js: browser.startup.homepage - http://www.virgilio.it
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bcefbae01-5ba7-4900-913e-de20a3153113%7D&mid=1ae87b56d9314842b973dd0619525f12-731045572bf46aa7e679ba2b87c0664067ed7a66&ds=AVG&v=10.0.0.7&lang=it&pr=fr&d=2011-12-10%2011%3A39%3A08&sap=ku&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2012-05-25 18:18:15
ComboFix-quarantined-files.txt 2012-05-25 16:18
ComboFix2.txt 2012-05-23 13:22
.
Pre-Run: 177.192.976.384 byte disponibili
Post-Run: 176.909.172.736 byte disponibili
.
- - End Of File - - 71855BD498EE7E63AEE8370C5C7AFF65di FrancescoFDAC » 27/05/12 13:46
di homerino85 » 27/05/12 15:53
Running from "C:\Users\GM\Desktop"
Microsoft Windows 7 Professional (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returned error: Yahoo IP is offline
Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-10 12:00] - [2012-03-30 12:29] - 1287024 ____A (Microsoft Corporation) 55E9965552741F3850CB22CBBA9671ED
C:\Windows\system32\dnsrslvr.dll
[2011-07-08 20:39] - [2011-03-03 07:29] - 0132608 ____A (Microsoft Corporation) B15BE77A2BACF9C3177D27518AFE26A9
C:\Windows\system32\mpssvc.dll
[2009-07-14 01:53] - [2009-07-14 03:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E
C:\Windows\system32\bfe.dll
[2009-07-14 01:54] - [2009-07-14 03:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll
[2009-07-14 01:23] - [2009-07-14 03:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446
C:\Windows\system32\vssvc.exe
[2009-07-14 01:24] - [2009-07-14 03:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C
C:\Windows\system32\wscsvc.dll
[2011-07-08 20:37] - [2010-12-21 07:38] - 0073728 ____A (Microsoft Corporation) A661A76333057B383A06E65F0073222F
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll
[2009-07-14 02:15] - [2009-07-14 03:16] - 1912832 ____A (Microsoft Corporation) A33408CC036F9C08142B11BE5E93F0A1
C:\Windows\system32\qmgr.dll
[2009-07-14 01:30] - [2009-07-14 03:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
**** End of log ****di FrancescoFDAC » 27/05/12 16:56
di homerino85 » 27/05/12 17:03
========== reg ==========
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\dhcp]
"ServiceDll"="%SystemRoot%\system32\dhcpcore.dll"
"DisplayName"="@%SystemRoot%\system32\dhcpcore.dll,-100"
"Group"="TDI"
"ImagePath"="%SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted"
"Description"="@%SystemRoot%\system32\dhcpcore.dll,-101"
"ObjectName"="NT Authority\LocalService"
"ErrorControl"= 0x0000000001 (1)
"Start"= 0x0000000002 (2)
"Type"= 0x0000000020 (32)
"DependOnService"="NSI Tdx Afd"
"ServiceSidType"= 0x0000000001 (1)
"RequiredPrivileges"="SeChangeNotifyPrivilege SeCreateGlobalPrivilege"
"FailureActions"=80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 c0 d4 01 00 01 00 00 00 e0 93 04 00 00 00 00 00 00 00 00 00 (REG_BINARY)
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\dhcp\Configurations]
"Options"=32 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 ff ff ff 7f 00 00 00 00 01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 ff ff ff 7f 00 00 00 00 (REG_BINARY)
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\dhcp\Linkage]
(No values found)
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\dhcp\Linkage\Disabled]
(No values found)
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\dhcp\Parameters]
"ServiceDll"="C:\Windows\system32\dhcpcore.dll"
"ServiceDllUnloadOnStop"= 0x0000000001 (1)
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\dhcp\Parameters\Options]
(No values found)
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\dhcp\Parameters\Options\1]
"KeyType"= 0x0000000007 (7)
"RegLocation"="SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpSubnetMaskOpt SYSTEM\CurrentControlSet\Services\?\Parameters\Tcpip\DhcpSubnetMaskOpt"
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\dhcp\Parameters\Options\15]
"KeyType"= 0x0000000001 (1)
"RegLocation"="SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpDomain SYSTEM\CurrentControlSet\Services\TcpIp\Parameters\DhcpDomain"
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\dhcp\Parameters\Options\220]
"KeyType"= 0x0000000003 (3)
"RegSendLocation"="SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\SoHRequest"
"VendorType"= 0x0000000001 (1)
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\dhcp\Parameters\Options\3]
"KeyType"= 0x0000000007 (7)
"RegLocation"="SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpDefaultGateway SYSTEM\CurrentControlSet\Services\?\Parameters\Tcpip\DhcpDefaultGateway"
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\dhcp\Parameters\Options\44]
"KeyType"= 0x0000000001 (1)
"RegLocation"="SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_?\DhcpNameServerList SYSTEM\CurrentControlSet\Services\NetBT\Adapters\?\DhcpNameServer"
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\dhcp\Parameters\Options\46]
"KeyType"= 0x0000000004 (4)
"RegLocation"="SYSTEM\CurrentControlSet\Services\NetBT\Parameters\DhcpNodeType"
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\dhcp\Parameters\Options\47]
"KeyType"= 0x0000000001 (1)
"RegLocation"="SYSTEM\CurrentControlSet\Services\NetBT\Parameters\DhcpScopeID"
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\dhcp\Parameters\Options\6]
"KeyType"= 0x0000000001 (1)
"RegLocation"="SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\?\DhcpNameServer SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer"
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\dhcp\Parameters\Options\DhcpNetbiosOptions]
"KeyType"= 0x0000000004 (4)
"OptionId"= 0x0000000001 (1)
"VendorType"= 0x0000000001 (1)
"RegLocation"="SYSTEM\CurrentControlSet\Services\NetBT\Parameters\Interfaces\Tcpip_?\DhcpNetbiosOptions"
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\dhcp\Parametersv6]
"DllName"="%SystemRoot%\system32\dhcpcore6.dll"
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\dhcp\Parametersv6\Options]
(No values found)
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\dhcp\Parametersv6\Options\23]
"KeyType"= 0x0000000003 (3)
"RegLocation"="SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\?\Dhcpv6DNSServers SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Dhcpv6DNSServers"
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\dhcp\Parametersv6\Options\24]
"KeyType"= 0x0000000003 (3)
"RegLocation"="SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\?\Dhcpv6DomainSearchList SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Dhcpv6DomainSearchList"
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\dhcp\Security]
"Security"=01 00 14 80 a4 00 00 00 b0 00 00 00 14 00 00 00 30 00 00 00 02 00 1c 00 01 00 00 00 02 80 14 00 ff 01 0f 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 74 00 05 00 00 00 00 00 14 00 8d 01 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 18 00 fd 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 2c 02 00 00 00 00 18 00 ff 01 0f 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 9d 01 02 00 01 01 00 00 00 00 00 02 01 00 00 00 00 00 14 00 fd 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 (REG_BINARY)
[HKLM \System\CurrentControlSet\Services\Tcpip]
Hive unrecognized.
-= EOF =-di FrancescoFDAC » 27/05/12 17:07
di homerino85 » 27/05/12 17:10
SystemLook 30.07.11 by jpshortstuff
Log created at 18:24 on 27/05/2012 by GM
Administrator - Elevation successful
========== folderfind ==========
Searching for "$NtUninstallKB*$"
C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB44207$ d------ [12:56 23/05/2012]
-= EOF =-di FrancescoFDAC » 27/05/12 17:15
di homerino85 » 27/05/12 17:21
di homerino85 » 27/05/12 17:28
Host operation System: Windows Seven X86 version 6.1.7600
18:35:21 - CheckSystem - Begin to check system...
18:35:21 - OpenRootDrive - Opening system root volume and physical drive....
18:35:21 - C Root Drive: Disk number: 0 Start sector: 0x00030000 Partition Size: 0x1D195800 sectors.
18:35:21 - PrevX Main driver extracted in "C:\Windows\system32\drivers\ZeroAccess.sys".
18:35:21 - InstallAndStartDriver - Main driver was installed and now is running.
18:35:21 - CheckSystem - Disk class driver state is OK.
18:35:32 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed.
18:35:32 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted!
18:35:32 - Execution Ended!
di Luke57 » 27/05/12 18:14
di homerino85 » 27/05/12 18:16
di homerino85 » 27/05/12 18:27
di Luke57 » 27/05/12 22:16
di homerino85 » 28/05/12 07:18
di homerino85 » 28/05/12 07:39
Visitano il forum: Nessuno e 121 ospiti