Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Zbot trojan could you help me please?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Zbot trojan could you help me please?

Unread postby trammina » March 30th, 2011, 4:57 am

hello, the online bank has informed me that I have a virus or malware called Zbot. I did many scans with different anti-virus and Windows Defender and Malwarebytes ... even in safe mode, but Zbot is not found. then I have acted with ComboFix. this is the report:

ComboFix 11-03-29.01 - Erika 29/03/2011 23:02:18.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.39.1040.18.3894.2733 [GMT 2:00]
Eseguito da: c:\users\Erika\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Erika\AppData\Local\GamePlayLabs Plugin\BHO.dll
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2011-02-28 al 2011-03-29 )))))))))))))))))))))))))))))))))))
.
.
2011-03-29 21:06 . 2011-03-29 21:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-28 19:54 . 2011-03-28 19:54 -------- d--h--w- c:\programdata\Common Files
2011-03-28 19:53 . 2011-03-28 23:11 -------- d-----w- c:\programdata\AVG10
2011-03-28 19:47 . 2011-03-28 19:53 -------- d-----w- c:\programdata\MFAData
2011-03-28 19:27 . 2011-03-28 19:27 -------- d-----w- c:\program files\CCleaner
2011-03-28 18:20 . 2011-03-28 19:38 -------- d-----w- c:\programdata\PC Tools
2011-03-27 01:20 . 2004-06-02 11:19 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2011-03-27 01:20 . 2004-05-30 10:13 106609 ----a-w- c:\windows\SysWow64\MaJUtilLib.dll
2011-03-27 01:20 . 2004-03-22 07:14 49152 ----a-r- c:\windows\SysWow64\MaJGUILib.dll
2011-03-23 21:24 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-23 21:24 . 2011-03-23 21:24 -------- d-----w- c:\programdata\Malwarebytes
2011-03-23 21:24 . 2011-03-23 21:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-03-23 21:24 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-22 09:16 . 2011-02-02 17:11 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-03-19 12:23 . 2011-03-19 12:23 -------- d-----w- c:\programdata\TomTom
2011-03-19 12:23 . 2011-03-19 12:23 -------- d-----w- c:\program files (x86)\TomTom International B.V
2011-03-19 12:22 . 2011-03-19 12:23 -------- d-----w- c:\program files (x86)\TomTom HOME 2
2011-03-19 12:22 . 2011-03-19 12:22 -------- d-----w- c:\program files (x86)\TomTom DesktopSuite
2011-03-19 10:02 . 2011-03-19 10:02 -------- d-----w- c:\program files (x86)\MarkAny
2011-03-19 10:02 . 2011-03-19 10:02 -------- d-----w- c:\program files (x86)\Samsung
2011-03-19 10:00 . 2011-03-19 10:00 -------- d-----w- C:\Manual-PCProgram
2011-03-19 08:14 . 2011-03-19 08:14 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2011-03-17 09:13 . 2009-12-21 01:42 90624 ----a-w- c:\windows\system32\Primomonnt.dll
2011-03-17 09:13 . 2011-03-17 09:13 -------- d-----w- c:\program files (x86)\Nitro PDF
2011-03-16 12:05 . 2011-03-16 12:05 -------- d-----w- c:\windows\it
2011-03-16 11:59 . 2011-03-16 11:59 -------- dc----w- c:\windows\system32\DRVSTORE
2011-03-16 11:59 . 2010-09-22 23:36 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-03-16 11:58 . 2011-03-16 11:59 -------- d-----w- c:\program files\Windows Live
2011-03-16 11:58 . 2009-09-04 16:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2011-03-16 11:58 . 2009-09-04 16:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2011-03-16 11:58 . 2009-09-04 16:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2011-03-16 11:58 . 2009-09-04 16:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-03-16 11:57 . 2010-08-11 05:19 3860992 ----a-w- c:\windows\system32\UIRibbon.dll
2011-03-16 11:57 . 2010-08-11 05:13 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-03-16 11:57 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2011-03-16 11:57 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2011-03-16 11:57 . 2011-03-16 11:57 469256 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\40031b001cbe3d106\InstallManager_WLE_WLE.exe
2011-03-16 11:56 . 2011-03-16 11:56 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\35c35bf51cbe3d105\MeshBetaRemover.exe
2011-03-16 11:56 . 2011-03-16 11:56 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\32cf65431cbe3d104\DSETUP.dll
2011-03-16 11:56 . 2011-03-16 11:56 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\32cf65431cbe3d104\DXSETUP.exe
2011-03-16 11:56 . 2011-03-16 11:56 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\32cf65431cbe3d104\dsetup32.dll
2011-03-16 11:56 . 2011-03-16 11:56 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2d8679541cbe3d103\DSETUP.dll
2011-03-16 11:56 . 2011-03-16 11:56 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2d8679541cbe3d103\DXSETUP.exe
2011-03-16 11:56 . 2011-03-16 11:56 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2d8679541cbe3d103\dsetup32.dll
2011-03-15 20:07 . 2011-03-15 20:07 -------- d-----w- c:\programdata\{23D58E70-3B83-4B83-A227-68770F84F5EC}
2011-03-14 07:16 . 2011-03-14 07:16 -------- d-----r- c:\program files (x86)\Skype
2011-03-14 07:16 . 2011-03-14 07:16 -------- d-----w- c:\programdata\Skype
2011-03-10 22:55 . 2011-03-10 22:55 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-03-10 20:24 . 2011-03-10 20:24 -------- d-----w- c:\program files (x86)\Native Instruments
2011-03-10 20:24 . 2006-07-11 15:16 61440 ----a-w- c:\windows\SysWow64\NI_DFD_1_4.dll
2011-03-10 20:24 . 2006-05-19 15:54 393216 ----a-w- c:\windows\SysWow64\NI_IRC_1_1.dll
2011-03-10 20:24 . 2005-04-04 17:00 393216 ----a-w- c:\windows\SysWow64\NI_IRC_1_0_3.dll
2011-03-10 20:23 . 2011-03-10 20:24 -------- d-----w- c:\program files (x86)\Finale GPO 2.0
2011-03-10 20:23 . 2011-03-10 20:23 -------- d-----w- C:\PSFonts
2011-03-10 20:23 . 2004-03-29 14:23 90112 ----a-w- c:\windows\unvise32.exe
2011-03-10 20:22 . 2011-03-10 20:23 -------- d-----w- c:\program files (x86)\Finale 2007
2011-03-10 18:53 . 2011-03-10 18:53 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2011-03-10 08:50 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-03-10 08:50 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-03-10 08:49 . 2009-10-10 03:17 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2011-03-10 08:49 . 2009-10-10 02:41 109056 ----a-w- c:\windows\system32\drivers\sdbus.sys
2011-03-10 08:49 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-03-10 08:49 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2011-03-10 08:20 . 2011-03-10 08:20 -------- d-----w- c:\windows\SysWow64\Wat
2011-03-10 08:20 . 2011-03-10 08:20 -------- d-----w- c:\windows\system32\Wat
2011-03-10 00:15 . 2011-03-10 00:15 -------- d-----w- c:\users\Public\CyberLink
2011-03-09 20:33 . 2011-03-09 20:33 -------- d-----w- c:\programdata\Recovery
2011-03-09 17:54 . 2009-11-25 11:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-03-09 17:54 . 2009-11-25 11:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-03-09 17:54 . 2009-11-25 11:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-03-09 17:54 . 2009-11-25 11:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-03-09 17:54 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-03-09 17:54 . 2009-11-25 11:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-03-09 17:54 . 2009-11-25 11:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-03-09 17:54 . 2009-11-25 11:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-03-09 17:54 . 2009-11-25 11:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-03-09 17:54 . 2009-11-25 11:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-03-09 17:54 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2011-03-09 17:50 . 2009-12-11 10:29 153160 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-03-09 17:50 . 2009-12-11 09:24 1446912 ----a-w- c:\windows\system32\lsasrv.dll
2011-03-09 17:50 . 2009-12-11 07:39 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2011-03-09 17:50 . 2009-12-11 07:36 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2011-03-09 17:50 . 2010-08-31 04:32 954752 ----a-w- c:\windows\SysWow64\mfc40.dll
2011-03-09 17:50 . 2010-08-31 04:32 954288 ----a-w- c:\windows\SysWow64\mfc40u.dll
2011-03-09 17:50 . 2010-09-01 05:14 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2011-03-09 17:50 . 2010-09-01 04:26 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2011-03-09 17:50 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2011-03-09 17:50 . 2010-09-01 05:12 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2011-03-09 17:39 . 2011-02-23 15:04 238968 ----a-w- c:\windows\system32\aswBoot.exe
2011-03-09 17:38 . 2011-03-28 19:43 -------- d-----w- c:\programdata\AVAST Software
2011-03-09 17:23 . 2011-03-09 17:23 -------- d-----w- C:\Intel
2011-03-09 12:11 . 2011-03-09 12:11 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-03-09 12:10 . 2011-03-26 00:12 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-03-09 12:08 . 2011-03-09 12:08 -------- d-----w- c:\program files (x86)\Static Windows Live Mail Backup
2011-03-09 11:57 . 2011-03-09 11:57 -------- d-----w- c:\program files\Symantec
2011-03-09 11:38 . 2011-03-09 11:38 -------- d-----w- c:\users\Public\Symantec
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-19 10:01 . 2009-07-21 11:22 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-03-16 12:08 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-09 12:03 . 2010-02-11 04:02 588472 ----a-w- c:\windows\SysWow64\ezsvc7x.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-10-16 2363392]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-10-08 322104]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SMSTray"="c:\program files (x86)\Samsung\EmoDio\SMSTray.exe" [2009-03-21 484888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\users\Erika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-10-16 11:49 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-03-23 c:\windows\Tasks\HPCeeScheduleForErika.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2009-12-22 5977600]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2009-10-13 995840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-11 172032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Scansione supplementare -------
.
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT2418376
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Invia a Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Invia a periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\17c3by8x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/webhp?client=firef ... con+Google
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
URLSearchHooks-{9565115d-c7d6-46d3-bd63-b67b481a4368} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKLM-Run-Easybits Recovery - c:\program files (x86)\EasyBits For Kids\ezRecover.exe
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
AddRemove-WildTangent hp Master Uninstall - c:\program files (x86)\HP Games\Uninstall.exe
AddRemove-WildTangentGameProvider-hp-genres - c:\program files (x86)\HP Games\Game Explorer Categories - genres\Uninstall.exe
AddRemove-WildTangentGameProvider-hp-main - c:\program files (x86)\HP Games\Game Explorer Categories - main\Uninstall.exe
AddRemove-WT065226 - c:\program files (x86)\HP Games\Blasterball 3\Uninstall.exe
AddRemove-WT065277 - c:\program files (x86)\HP Games\Jewel Quest Solitaire 2\Uninstall.exe
AddRemove-WT065290 - c:\program files (x86)\HP Games\Mah Jong Medley\Uninstall.exe
AddRemove-WT065295 - c:\program files (x86)\HP Games\Polar Bowler\Uninstall.exe
AddRemove-WT065296 - c:\program files (x86)\HP Games\Polar Golfer\Uninstall.exe
AddRemove-WT065297 - c:\program files (x86)\HP Games\Super Collapse 3\Uninstall.exe
AddRemove-WT065305 - c:\program files (x86)\HP Games\Virtual Villagers - The Secret City\Uninstall.exe
AddRemove-WT065307 - c:\program files (x86)\HP Games\World of Goo\Uninstall.exe
AddRemove-WT065308 - c:\program files (x86)\HP Games\Dora's Carnival Adventure\Uninstall.exe
AddRemove-WT065414 - c:\program files (x86)\HP Games\Bejeweled 2 Deluxe\Uninstall.exe
AddRemove-WT065426 - c:\program files (x86)\HP Games\Chuzzle Deluxe\Uninstall.exe
AddRemove-WT065446 - c:\program files (x86)\HP Games\Peggle\Uninstall.exe
AddRemove-WT065454 - c:\program files (x86)\HP Games\Slingo Deluxe\Uninstall.exe
AddRemove-WT065459 - c:\program files (x86)\HP Games\Zuma Deluxe\Uninstall.exe
AddRemove-WT074389 - c:\program files (x86)\HP Games\Diner Dash\Uninstall.exe
AddRemove-WT074421 - c:\program files (x86)\HP Games\FATE\Uninstall.exe
AddRemove-WT074441 - c:\program files (x86)\HP Games\THE GAME OF LIFE\Uninstall.exe
AddRemove-WT074442 - c:\program files (x86)\HP Games\Virtual Families\Uninstall.exe
AddRemove-WT074585 - c:\program files (x86)\HP Games\Yahtzee\Uninstall.exe
AddRemove-WT075041 - c:\program files (x86)\HP Games\Farm Frenzy\Uninstall.exe
AddRemove-WT075046 - c:\program files (x86)\HP Games\StoneLoops of Jurassica\Uninstall.exe
AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2011-03-29 23:07:42
ComboFix-quarantined-files.txt 2011-03-29 21:07
.
Pre-Run: 159.784.939.520 byte disponibili
Post-Run: 159.682.613.248 byte disponibili
.
- - End Of File - - 86D22FF4B608212EBD8BE5925D958F8A
trammina
Active Member
 
Posts: 2
Joined: March 30th, 2011, 4:48 am
Advertisement
Register to Remove

Re: Zbot trojan could you help me please?

Unread postby Cypher » March 30th, 2011, 5:38 am

Please familiarize yourself with the forum rules: Forum Posting Rules - Please Read

ComboFix is not a tool that is intended to be used without the direct supervision of a qualified expert. To use ComboFix on your own (especially without the Recovery Console installed) is to court disaster for your computer. Please stop all attempts at self-fixes for your system's issues as that may only confuse the issue further and cause additional problems as well.

In order for us to help you it is necessary that you provide us with DDS logs (DDS.txt and Attach.txt). Please follow the guideline at the link below to start a new topic and post your logs. Also include your ComboFix log in the same post.

This topic is now closed.
Please start a new topic by following the
Guideline for posting your DDS logs.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 391 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware