Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Log By Combofix Downloader.delf.12.an Problem


  • This topic is locked This topic is locked
1 reply to this topic

#1 libra00

libra00

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 03 July 2008 - 05:33 AM

Please help me to remove Trojan Horse Downloader.delf.12.an from one computer on my network.

This is the log file i've receved from combofix setup.

oul'you please verify that and help me? Thank you in advance.

Regard.

Antonio.

LOG:
ComboFix 08-07-01.3 - cbargagn 2008-07-03 10:32:53.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.191 [GMT 2:00]
Eseguito da: C:\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-06-03 al 2008-07-03 )))))))))))))))))))))))))))))))))))
.

2008-07-02 17:28 . 2008-07-02 17:29 2,168,192 --a------ C:\ComboFix.exe
2008-07-02 14:54 . 2008-07-02 14:57 25,230,635 --a------ C:\u7iavi1530p6.bin
2008-07-02 13:46 . 2008-07-02 12:43 51,221,523 --a------ C:\5329xdat.exe
2008-07-02 11:04 . 2008-07-02 11:04 <DIR> d-------- C:\dat-5328
2008-07-02 11:04 . 2008-07-01 18:18 30,139,904 --a------ C:\dat-5328.zip
2008-07-02 10:48 . 2008-07-02 10:48 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Grisoft
2008-07-01 16:51 . 2006-09-05 18:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-07-01 15:25 . 2008-07-01 15:25 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\2BrightSparks
2008-06-30 05:20 . 2008-06-30 05:20 31,755,454 --a------ C:\scan.dat
2008-06-30 05:20 . 2008-06-30 05:20 1,726,389 --a------ C:\clean.dat
2008-06-30 05:20 . 2008-06-30 05:20 878,903 --a------ C:\names.dat
2008-06-30 05:20 . 2008-06-30 05:20 51,200 --a------ C:\validate.exe
2008-06-30 05:20 . 2008-06-30 05:20 839 --a------ C:\packing.lst
2008-06-30 05:20 . 2008-06-30 05:20 714 --a------ C:\pkgdesc.ini
2008-06-27 15:49 . 2008-06-27 15:49 122,502 --a------ C:\MamutuSetup.exe
2008-06-27 15:36 . 2008-06-27 15:37 6,416,408 --a------ C:\SUPERAntiSpywarePro.exe
2008-06-27 15:11 . 2008-06-27 15:11 2,460,160 --a------ C:\vnlt6301.exe
2008-06-27 14:21 . 2008-06-27 14:10 13,380,712 --a------ C:\sdsetup.exe
2008-06-26 17:50 . 2008-06-26 17:50 <DIR> d-------- C:\Documents and Settings\cbargagn\Dati applicazioni\SpywareRemover
2008-06-26 17:25 . 2008-06-26 18:07 <DIR> d-------- C:\Programmi\NoAdware5.0
2008-06-26 17:14 . 2008-06-26 18:05 <DIR> d-------- C:\Programmi\XoftSpySE
2008-06-26 15:07 . 2008-06-26 15:07 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-06-26 15:05 . 2008-06-27 18:00 <DIR> d-------- C:\Programmi\SUPERAntiSpyware
2008-06-26 15:05 . 2008-06-27 18:00 <DIR> d-------- C:\Documents and Settings\cbargagn\Dati applicazioni\SUPERAntiSpyware.com
2008-06-26 12:26 . 2008-06-27 16:12 <DIR> d-------- C:\Programmi\Google
2008-06-26 11:46 . 2008-06-27 17:04 <DIR> d-------- C:\VEXPLITE
2008-06-26 11:46 . 2008-03-17 19:23 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-06-25 17:50 . 2008-06-26 12:58 <DIR> d-------- C:\Programmi\a-squared Free
2008-06-25 17:14 . 2008-06-27 18:00 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-06-25 14:25 . 2008-07-02 17:43 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-25 13:53 . 2008-07-02 16:08 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-25 13:53 . 2008-07-02 16:08 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-25 13:53 . 2008-07-02 16:08 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-25 13:52 . 2008-07-03 08:11 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-25 13:52 . 2008-06-25 13:52 <DIR> d-------- C:\Programmi\AVG
2008-06-25 13:52 . 2008-06-25 13:52 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\avg8
2008-06-25 13:24 . 2008-06-25 13:38 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-06-25 13:15 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002298_.tmp
2008-06-25 13:14 . 2004-08-03 22:43 15,872 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-25 12:50 . 2008-05-27 21:50 48,347,376 --a------ C:\avg_free_stf_all_8_100a1295.exe
2008-06-25 12:33 . 2008-02-20 11:29 188 --a------ C:\web_login.url
2008-06-25 12:32 . 2008-06-25 12:32 <DIR> d-------- C:\WINDOWS\Start Menu
2008-06-25 12:32 . 2008-06-25 12:32 <DIR> d-------- C:\WINDOWS\Favorites
2008-06-25 12:32 . 2008-06-25 12:32 <DIR> d-------- C:\Identities
2008-06-25 12:32 . 2008-06-25 12:32 <DIR> d-------- C:\Collegamenti
2008-06-25 11:45 . 2008-06-25 11:45 <DIR> d-------- C:\Documents and Settings\administrator.DOLE.IT.MIL\Dati applicazioni\PC Suite

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 11:36 --------- d-----w C:\Programmi\File comuni\Adobe
2008-06-18 13:19 --------- d-----w C:\Documents and Settings\cbargagn\Dati applicazioni\AdobeUM
2008-06-06 07:01 --------- d-----w C:\Documents and Settings\cbargagn\Dati applicazioni\Nokia Multimedia Player
2007-03-19 13:46 17,408 ----a-w C:\Programmi\misura stanze.xls
2006-10-26 08:23 16,752 ----a-w C:\Documents and Settings\cbargagn\Dati applicazioni\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A7A0AB52-99D6-4EAD-99B4-C5817F4CAF35}]
2008-03-04 17:44 91904 --a------ C:\WINDOWS\System32\EqnClas.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Programmi\Analog Devices\Core\smax4pnp.exe" [2004-10-14 14:42 1404928]
"ShStatEXE"="C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 08:00 98304]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-12-10 11:09 282624]
"PCSuiteTrayApplication"="C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
"McAfeeUpdaterUI"="C:\Programmi\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 16:06 136512]
"igfxtray"="C:\WINDOWS\System32\igfxtray.exe" [2005-09-20 10:35 94208]
"igfxpers"="C:\WINDOWS\System32\igfxpers.exe" [2005-09-20 10:36 114688]
"igfxhkcmd"="C:\WINDOWS\System32\hkcmd.exe" [2005-09-20 10:32 77824]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-02 16:08 1232152]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"!AVG Anti-Spyware"="C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-07-01 17:01 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2004-08-19 15:39 15360]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= msmsgs
"2"= msmsgs.exe
"3"= msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-707402437-1915618803-922709458-1099\Scripts\Logon\0\0]
"Script"=\\milsrv11\NETLOGON\ITAexpl\ITAexpl.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-707402437-1915618803-922709458-1146\Scripts\Logon\0\0]
"Script"=\\milsrv11\NETLOGON\ITAexpl\ITAexpl.cmd

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 utncqkcu;utncqkcu;C:\WINDOWS\system32\drivers\hubysnlu.dat []
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-02 16:08]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-02 16:08]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-02 16:08]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-02 16:08]

*Newly Created Service* - CATCHME
.
Contenuto della cartella 'Scheduled Tasks'
"2008-07-03 01:00:00 C:\WINDOWS\Tasks\SpywareRemover Scheduled Scan.job"
- C:\Programmi\SpywareRemover\SpywareRemover.ex
- C:\Programmi\SpywareRemover
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-03 10:35:02
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\utncqkcu]
"ImagePath"="system32\drivers\hubysnlu.dat"
.
Ora fine scansione: 2008-07-03 10:35:55
ComboFix-quarantined-files.txt 2008-07-03 08:35:51
ComboFix2.txt 2008-07-02 15:45:28
ComboFix3.txt 2008-07-02 15:35:21

17 Directory 70,791,589,888 byte disponibili
21 Directory 70,799,298,560 byte disponibili

129

BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,762 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:08:23 AM

Posted 03 July 2008 - 06:14 AM

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

I will contact a moderator to have this topic closed.

dc3

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users