Help
This topic is locked
Posted 02 February 2009 - 09:06 AM
To day I downloaded the new version of Combofix and I crawled with no problem.
My PC for daily use is protected by Norton Internet Security 2009.
One feature of NIS 2009 is that, although very light, making the virus definition updates in the background every 3 - 4 minutes, and then practically in real time.
This is the Combofix logs this morning
ComboFix 09-01-31.01 - Rohan 2009-02-01 10.01.42.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.1023.717 [GMT 1:00]
Eseguito da: c:\documents and settings\Enzo\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Security *enabled*
* Creato nuovo punto di ripristino
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
[i] ADS - WINDOWS: deleted 24 bytes in 1 streams. [/i]
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\winhelp.ini
.
((((((((((((((((((((((((( Files Creati Da 2009-01-01 al 2009-02-01 )))))))))))))))))))))))))))))))))))
.
2009-01-30 01:26 . 2003-06-25 16:05 266,360 --a------ c:\windows\system32\TweakUI.exe
2009-01-30 01:26 . 2002-06-21 15:09 160,217 --a------ c:\windows\system32\PowerToysLicense.rtf
2009-01-24 14:02 . 2009-01-24 14:02 <DIR> d-------- c:\programmi\Trend Micro
2009-01-23 12:22 . 2008-04-13 11:45 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2009-01-23 12:22 . 2008-04-13 11:45 60,032 --a--c--- c:\windows\system32\dllcache\usbaudio.sys
2009-01-23 12:21 . 2008-04-13 11:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2009-01-23 12:21 . 2008-04-13 11:45 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2009-01-23 12:20 . 2007-04-10 22:46 1,966,312 --a------ c:\windows\system32\drivers\VX1000.sys
2009-01-23 12:20 . 2007-04-10 22:46 709,992 --a------ c:\windows\vVX1000.exe
2009-01-23 12:20 . 2007-04-10 22:46 476,520 --a------ c:\windows\vVX1000.dll
2009-01-23 12:20 . 2007-04-10 22:46 202,088 --a------ c:\windows\system32\LCCoin14.dll
2009-01-23 12:20 . 2007-04-10 22:46 185,704 --a------ c:\windows\system32\cVX1000.dll
2009-01-23 12:20 . 2007-04-10 22:46 116,072 --a------ c:\windows\VX1000.dll
2009-01-23 12:20 . 2007-04-10 22:46 15,498 --a------ c:\windows\VX1000.ini
2009-01-23 12:20 . 2007-04-10 22:46 13,023 --a------ c:\windows\VX1000.src
2009-01-23 12:18 . 2009-01-23 12:18 <DIR> d-------- c:\windows\system32\drivers\umdf
2009-01-23 12:18 . 2009-01-23 12:19 <DIR> d-------- c:\programmi\Microsoft LifeCam
2009-01-23 12:17 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\system32\d3dx9_31.dll
2009-01-23 12:17 . 2006-09-28 16:05 237,848 --a------ c:\windows\system32\xactengine2_4.dll
2009-01-23 12:17 . 2006-07-28 09:30 236,824 --a------ c:\windows\system32\xactengine2_3.dll
2009-01-23 12:17 . 2006-09-28 16:04 68,888 --a------ c:\windows\system32\xinput1_3.dll
2009-01-23 12:17 . 2006-07-28 09:30 62,744 --a------ c:\windows\system32\xinput1_2.dll
2009-01-23 12:17 . 2006-09-28 16:03 15,128 --a------ c:\windows\system32\x3daudio1_1.dll
2009-01-22 15:25 . 2008-02-13 13:17 618,112 --a------ c:\windows\system32\drivers\PFC027.SYS
2009-01-22 14:53 . 2008-04-13 19:13 54,784 --a------ c:\windows\system32\vfwwdm32.dll
2009-01-22 14:53 . 2008-04-13 19:13 54,784 --a--c--- c:\windows\system32\dllcache\vfwwdm32.dll
2009-01-22 13:49 . 2009-01-22 13:49 <DIR> d-------- c:\documents and settings\Enzo\Dati applicazioni\ArcSoft
2009-01-22 13:21 . 2009-01-22 15:49 <DIR> d-------- c:\windows\PixArt
2009-01-22 13:21 . 2007-11-02 11:07 6,656 --a------ c:\windows\system32\CoInst_080213.dll
2009-01-22 12:15 . 2009-01-22 12:15 <DIR> d-------- c:\documents and settings\Enzo\Dati applicazioni\InstallShield
2009-01-21 12:46 . 2009-02-01 00:14 <DIR> d-------- c:\documents and settings\Enzo\Dati applicazioni\skypePM
2009-01-21 12:46 . 2009-01-21 12:46 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-01-21 12:43 . 2009-01-21 12:43 <DIR> d-------- c:\programmi\Skype
2009-01-21 12:43 . 2009-01-21 12:43 <DIR> d-------- c:\programmi\File comuni\Skype
2009-01-21 12:43 . 2009-02-01 02:28 <DIR> d-------- c:\documents and settings\Enzo\Dati applicazioni\Skype
2009-01-21 12:43 . 2009-01-21 12:43 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Skype
2009-01-21 09:27 . 2008-08-28 08:46 105,472 -----c--- c:\windows\system32\dllcache\win32spl.dll
2009-01-21 09:27 . 2008-08-28 08:46 74,752 -----c--- c:\windows\system32\dllcache\msw3prt.dll
2009-01-15 15:58 . 2009-01-15 15:58 <DIR> d-------- c:\programmi\Microsoft Baseline Security Analyzer 2
2009-01-15 15:58 . 2009-01-26 05:31 <DIR> d-------- c:\documents and settings\Enzo\SecurityScans
2009-01-14 22:43 . 2009-01-14 22:43 24,360 --a------ c:\windows\system32\drivers\ElbyCDIO.sys
2009-01-14 22:13 . 2009-01-14 22:13 93,352 --a------ c:\windows\system32\ElbyCDIO.dll
2009-01-13 23:51 . 2009-01-13 23:51 103,360 --a------ c:\windows\system32\drivers\AnyDVD.sys
2009-01-12 15:28 . 2009-01-10 12:47 9,849 --a------ c:\windows\system32\enzo.enz
2009-01-12 15:28 . 2009-01-17 17:46 5,120 --ahs---- c:\windows\system32\Thumbs.db
2009-01-09 14:20 . 2009-01-09 14:20 <DIR> d-------- C:\CloneDVDTemp
2009-01-05 08:08 . 2009-01-05 08:08 <DIR> d-------- c:\programmi\BHO Scanner & Remover
2009-01-02 09:48 . 2001-08-30 23:07 8,704 --a------ c:\windows\system32\kbdjpn.dll
2009-01-02 09:48 . 2001-08-30 23:07 8,704 --a--c--- c:\windows\system32\dllcache\kbdjpn.dll
2009-01-02 09:48 . 2001-08-30 23:07 8,192 --a------ c:\windows\system32\kbdkor.dll
2009-01-02 09:48 . 2001-08-30 23:07 8,192 --a--c--- c:\windows\system32\dllcache\kbdkor.dll
2009-01-02 09:48 . 2008-04-13 19:12 6,144 --a------ c:\windows\system32\kbd106.dll
2009-01-02 09:48 . 2001-08-17 22:55 6,144 --a------ c:\windows\system32\kbd101c.dll
2009-01-02 09:48 . 2001-08-17 22:55 6,144 --a------ c:\windows\system32\kbd101b.dll
2009-01-02 09:48 . 2008-04-13 19:12 6,144 --a--c--- c:\windows\system32\dllcache\kbd106.dll
2009-01-02 09:48 . 2001-08-17 22:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101c.dll
2009-01-02 09:48 . 2001-08-17 22:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101b.dll
2009-01-02 09:48 . 2001-08-17 22:55 5,632 --a------ c:\windows\system32\kbd103.dll
2009-01-02 09:48 . 2001-08-17 22:55 5,632 --a--c--- c:\windows\system32\dllcache\kbd103.dll
2009-01-01 19:49 . 2009-01-01 19:49 <DIR> d-------- c:\programmi\UPHClean
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-30 00:28 --------- d-----w c:\programmi\Total Uninstall
2009-01-25 00:30 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-01-22 14:56 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-01-17 18:04 --------- d-----r c:\programmi\Norton Support
2009-01-15 11:41 --------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-03 00:56 --------- d-----w c:\programmi\CCleaner
2008-12-31 13:43 --------- d-----w c:\programmi\File comuni\eSellerate
2008-12-31 13:43 --------- d-----w c:\programmi\AnswersThatWork
2008-12-12 03:28 36,272 ----a-r c:\windows\system32\drivers\SymIM.sys
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-09-15 10:10 81,920 ----a-w c:\documents and settings\Enzo\Dati applicazioni\ezpinst.exe
2008-09-15 10:10 47,360 ----a-w c:\documents and settings\Enzo\Dati applicazioni\pcouffin.sys
2008-09-11 12:49 23 --sha-w c:\windows\system32\eafcca_z.dll
2008-09-10 19:03 32,768 --sha-w c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008091020080911\index.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus D68 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE" [2005-01-25 98304]
"LifeCam"="c:\programmi\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
DSLMON.lnk - c:\programmi\ARESCOM\Modem Telindus Arescom ND220\dslmon.exe [2007-08-16 917600]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytoosl"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\[u]0[/u]autocheck autochk *
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio rapido di Album.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced Uninstaller PRO Installation Monitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC207_Monitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VIRIT LITE MONITOR
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 20:21 57344 c:\programmi\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoREX]
--a------ 2003-07-30 00:37 332288 c:\programmi\MemoRex\MemoRexStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 18:14 1695232 c:\programmi\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-06-08 08: 31... c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-06-19 08:53 570664 c:\programmi\File comuni\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NIC Monitor]
--a------ 2002-05-30 20:31 40960 c:\windows\system32\VNICMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)
"ScsiAccess"=2 (0x2)
"PLFlash DeviceIoControl Service"=2 (0x2)
"NMIndexingService"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R0 SymEFA;Symantec Extended File Attributes;\SystemRoot\\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS --> \SystemRoot\\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS [?]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1002000.007\BHDrvx86.sys [2008-12-31 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1002000.007\cchpx86.sys [2008-12-31 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090129.001\IDSxpx86.sys [2009-01-30 274808]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-10-03 99376]
R4 Norton Internet Security;Norton Internet Security;c:\programmi\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe [2008-12-31 115560]
R4 PD91Agent;PD91Agent;c:\programmi\Raxco\PerfectDisk2008\PD91Agent.exe [2008-09-09 693512]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\A.tmp --> c:\windows\system32\A.tmp [?]
S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [2009-01-22 618112]
S3 PD91Engine;PD91Engine;c:\programmi\Raxco\PerfectDisk2008\PD91Engine.exe [2008-09-09 906504]
S3 VNICPKT5;VNICPKT5 Protocol Driver;c:\windows\system32\VNICPKT5.sys [2007-08-16 16202]
--- Altri Servizi/Drivers In Memoria ---
*Deregistered* - uphcleanhlp
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\programmi\Norton Internet Security\Engine\16.2.0.7\CoIEPlg.dll
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2009-02-01 10:04:51
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\programmi\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\programmi\Norton Internet Security\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\A.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-1644491937-1425521274-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'lsass.exe'(708)
c:\windows\system32\relog_ap.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\Maxtor\Schedule2\schedul2.exe
c:\programmi\Microsoft LifeCam\MSCamS32.exe
c:\programmi\UPHClean\uphclean.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2009-02-01 10:07:57 - Il pc è stato riavviato [Enzo]
ComboFix-quarantined-files.txt 2009-02-01 09:07:54
Pre-Run: 71.575.719.936 byte disponibili
Post-Run: 71,539,060,736 byte disponibili
212 --- E O F --- 2009-01-14 08:14:28
I checked Combofix.exe with NIS 2009 and this is the summary of the scan.
NIS 2009 has found 2 viruses
I did not delete.
Statistiche scansione: Durata scansione: 9 secondi Opzioni di scansione: Destinazioni scansione: D:\ZipFiles\AntiSpyware\Combo Fix\ComboFix.exe Totali: Totale elementi sottoposti a scansione: 120 - File e directory: 120 - Voci del Registro di sistema: 0 - Processi ed elementi di avvio: 0 - Elementi di rete e browser: 0 - Altro: 0 - File attendibili: 0 - File ignorati: 0 Totale rischi per la sicurezza rilevati: 2 Totale elementi risolti: 0 Totale elementi che richiedono attenzione: 2 Minacce risolte: Minacce non risolte: Rischi nel file compresso "ComboFix.exe" Tipo: Compresso Rischio: Alto (Alto Stealth, Alto Rimozione, Alto Prestazioni, Alto Privacy) Categorie: Virus euristico Stato: Non eseguito File 2 d:\zipfiles\antispyware\combo fix\combofix.exe - Nessuna azione intrapresa -----------
Norton Internet Security notes inside an internal error and does not work.
In my second PC Avast does not allow me to download Combofix.
Help me
Hiro Joda
Back to top
