Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No network connection


  • Please log in to reply
No replies to this topic

#1 januarius

januarius

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 08 May 2009 - 02:52 AM

Hi,
My pc was infected by popup, rottkit sdra64.exe, armor firewall and other malware...I try malwarebites antimalware,hijackthis and combofix....Now i have not network connection, dhcp not work and if I set static IP my pc set al˛ways 169.154.0.X
this is the log file of combofix
hijackthis


ComboFix 09-05-06.07 - Toro Car Service 07/05/2009 21.04.08.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.895.617 [GMT 2:00]
Eseguito da: c:\documents and settings\Toro Car Service\Desktop\ComboFix.exe

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2009-04-07 al 2009-05-07 )))))))))))))))))))))))))))))))))))
.

2009-05-07 12:18 . 2009-05-07 12:18 -------- d-----w c:\programmi\XP TCPIP Repair
2009-05-07 11:01 . 2009-05-07 11:01 -------- d-----w c:\programmi\CCleaner
2009-05-07 10:27 . 2009-05-07 10:27 -------- d-----w c:\documents and settings\Toro Car Service\Dati applicazioni\Malwarebytes
2009-05-07 10:27 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-07 10:27 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-07 10:27 . 2009-05-07 10:27 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-05-07 10:27 . 2009-05-07 10:27 -------- d-----w c:\programmi\Malwarebytes' Anti-Malware
2009-05-07 10:15 . 2009-05-07 11:25 81920 ----a-w C:\umbk.exe
2009-05-07 10:08 . 2009-05-07 10:08 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Avg7
2009-05-04 08:22 . 2009-05-04 08:23 78336 ----a-w C:\yoqae.exe
2009-05-04 08:22 . 2009-05-04 08:22 78336 ----a-w C:\jlfagg.exe
2009-05-04 08:22 . 2009-05-04 08:22 33792 ----a-w C:\yanslomr.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-07 10:42 . 2006-03-02 12:00 212480 ----a-w c:\windows\system32\drivers\ndis.sys
2009-05-07 09:58 . 2007-11-19 09:03 148304 ----a-w c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2009-04-02 08:09 . 2009-01-28 10:33 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-03-30 07:54 . 2006-03-02 12:00 84552 ----a-w c:\windows\system32\perfc010.dat
2009-03-30 07:54 . 2006-03-02 12:00 489970 ----a-w c:\windows\system32\perfh010.dat
2009-03-13 14:14 . 2008-01-07 13:41 3733 ----a-w C:\dbfapp.tmp
2009-03-06 18:04 . 2009-03-06 18:04 552 ----a-w c:\windows\system32\d3d8caps.dat
.

------- Sigcheck -------

[-] 2009-05-07 10:42 212480 791778A1F54D4B3F36773F11783A53FC c:\windows\system32\dllcache\ndis.sys
[-] 2009-05-07 10:42 212480 791778A1F54D4B3F36773F11783A53FC c:\windows\system32\drivers\ndis.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-05-07_10.15.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-16 19:38 . 2009-05-07 11:24 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
- 2007-11-16 19:38 . 2009-05-07 10:15 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-16 19:38 . 2009-05-07 11:24 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
- 2007-11-16 19:38 . 2009-05-07 10:15 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
+ 2007-11-16 19:38 . 2009-05-07 11:24 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-11-16 19:38 . 2009-05-07 10:15 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_02\bin\jusched.exe" [2007-06-14 132760]
"SSBkgdUpdate"="c:\programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\programmi\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-11 57393]
"IndexSearch"="c:\programmi\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-11 40960]
"BrMfcWnd"="c:\programmi\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]
"SetDefPrt"="c:\programmi\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter3"="c:\programmi\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-31 1622016]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-08-01 16049664]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

c:\documents and settings\Toro Car Service\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.3.lnk - c:\programmi\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Synchronizer.lnk - c:\programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
LG SyncManager.lnk - c:\programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe [2004-11-1 225280]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\LimeWire\\LimeWire.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a6e0db6-ebae-11dc-970c-00196639ef9d}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-07 21:05
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(2480)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\browselc.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA
.
Ora fine scansione: 2009-05-07 21.06.10
ComboFix-quarantined-files.txt 2009-05-07 19:05
ComboFix2.txt 2009-05-07 11:59
ComboFix3.txt 2009-05-07 11:48
ComboFix4.txt 2009-05-07 11:43
ComboFix5.txt 2009-05-07 19:03

Pre-Run: 46.005.800.960 byte disponibili
Post-Run: 45.995.384.832 byte disponibili

117

What should I do?

Thanks all

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users