Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

is there anyone who can help me with combofix log file?


  • This topic is locked This topic is locked
1 reply to this topic

#1 paolopucci

paolopucci

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 08 October 2009 - 08:09 AM

first of all excuse me for my imperfect english. I run combofix to free my pc from virus that other anti virus programs (avast avir avg 8.5) did not recognize. the first time I Run combofix, it eliminated steup.exe but my pc continue to have very big big problems (after few minutes no action is possible and i have to restart the machine).

this is combofix log file. please help me. my problems began on 29 or 30/09/2009

ComboFix 09-10-07.02 - Administrator 08/10/2009 14.40.11.2.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.447.185 [GMT 2:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Esecuzione precedente -------
.
c:\programmi\\setup.exe
C:\setup.exe

.
((((((((((((((((((((((((( Files Creati Da 2009-09-08 al 2009-10-08 )))))))))))))))))))))))))))))))))))
.

2009-10-04 19:54 . 2009-10-04 19:54 -------- d-----w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\AVG Security Toolbar
2009-10-04 15:50 . 2009-10-05 12:15 -------- d-----w- C:\$AVG8.VAULT$
2009-10-04 14:30 . 2009-10-04 14:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-04 14:30 . 2009-10-04 14:30 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-04 14:30 . 2009-10-04 14:30 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-04 14:30 . 2009-10-04 14:30 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-04 14:30 . 2009-10-04 14:30 -------- d-----w- c:\windows\system32\drivers\Avg
2009-10-04 12:37 . 2009-10-04 12:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AVG Security Toolbar
2009-10-03 17:38 . 2009-10-03 17:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-10-03 15:21 . 2009-10-03 15:21 -------- d-----w- c:\programmi\AVG
2009-10-03 15:00 . 2009-10-04 14:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg8
2009-10-03 14:56 . 2009-10-03 15:53 7085308 ----a-w- c:\programmi\avg_free_stf_eu_85_420a1700.exe
2009-09-30 14:09 . 2009-09-30 14:09 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Mozilla
2009-09-30 14:08 . 2009-09-30 14:08 -------- d-s---w- c:\documents and settings\Administrator\UserData
2009-09-29 13:41 . 2009-09-29 14:01 -------- d--h--w- c:\documents and settings\HelpAssistant\Impostazioni locali
2009-09-29 13:41 . 2009-09-29 13:44 -------- d--h--r- c:\documents and settings\HelpAssistant\Dati applicazioni
2009-09-29 13:41 . 2005-10-28 18:26 -------- d--h--w- c:\documents and settings\HelpAssistant\Risorse di stampa
2009-09-29 13:41 . 2005-10-28 16:31 -------- d--h--w- c:\documents and settings\HelpAssistant\Modelli
2009-09-29 13:41 . 2009-10-08 12:38 -------- d-----w- c:\documents and settings\HelpAssistant

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-07 14:07 . 2007-01-10 23:11 -------- d-----w- c:\programmi\StopDialers
2009-10-07 14:04 . 2008-05-18 10:27 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Skype
2009-10-07 12:28 . 2008-05-18 10:29 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\skypePM
2009-10-04 12:12 . 2008-01-06 08:33 -------- d-----w- c:\programmi\programmi antivirus anti spyware
2009-10-03 21:07 . 2008-05-04 17:10 -------- d-----w- c:\programmi\eMule
2009-09-17 13:17 . 2009-02-11 18:16 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-09-11 06:06 . 2009-06-10 13:04 1925024 ----a-w- c:\programmi\install_flash_player.exe
2009-09-10 05:28 . 2005-11-07 08:34 -------- d-----w- c:\programmi\Google
2009-09-09 06:25 . 2005-10-31 09:45 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Canon
2009-05-16 19:48 . 2009-05-16 19:48 556184 ----a-w- c:\programmi\GoogleEarthSetup.exe
2009-02-11 18:09 . 2009-02-11 18:09 4865408 ----a-w- c:\programmi\Silverlight.2.0.exe
2009-01-02 16:13 . 2009-01-02 16:07 66111918 ------w- c:\programmi\WinCmapTools_v418_06-09-08.exe
2008-10-25 11:03 . 2008-10-25 11:02 4829184 ----a-w- c:\programmi\aq-kri-joh.exe
2008-08-30 12:56 . 2008-08-30 12:49 134060411 ----a-w- c:\programmi\OOo_2.4.1_Win32Intel_install_wJRE_it.exe
2008-06-28 16:29 . 2008-06-28 16:29 642796 ----a-w- c:\programmi\XviD-1.1.3-28062007.exe
2008-06-21 10:53 . 2008-06-21 10:53 551932 ----a-w- c:\programmi\MDView3DNSInstaller6.2.exe
2008-06-18 17:27 . 2008-04-20 18:15 823296 ----a-w- c:\programmi\winmx353.exe
2008-05-30 16:36 . 2008-05-30 16:35 13324288 ----a-w- c:\programmi\IKEAHomePlanner1_9_7.exe
2008-05-25 07:48 . 2008-05-25 07:48 5503880 ----a-w- c:\programmi\msjavx86.exe
2008-05-25 07:32 . 2008-05-25 07:33 462581 ----a-w- c:\programmi\html2pop3232win32.zip
2008-05-24 16:51 . 2008-05-24 16:50 24064656 ----a-w- c:\programmi\AdbeRdr812_it_IT.exe
2008-05-24 09:01 . 2008-05-24 09:01 7726360 ----a-w- c:\programmi\Google_Earth_CZXV.exe
2008-05-18 10:26 . 2008-05-18 10:25 22300968 ----a-w- c:\programmi\SkypeSetup.exe
2008-05-10 18:39 . 2008-05-10 18:39 156028 ----a-w- c:\programmi\libmp3lame-win-3.97.zip
2008-05-10 18:34 . 2008-05-10 18:34 2228534 ----a-w- c:\programmi\audacity-win-1.2.6.exe
2008-05-10 18:25 . 2008-05-10 18:25 15895117 ----a-w- c:\programmi\PDFCreator-0_9_5_setup.exe
2008-04-25 08:08 . 2008-04-25 08:05 74966424 ----a-w- c:\programmi\jdk-6u6-windows-i586-p.exe
2008-04-25 08:05 . 2008-04-25 08:05 382352 ----a-w- c:\programmi\jdk-6u6-windows-i586-p-iftw.exe
2008-04-21 08:36 . 2008-04-21 08:36 382352 ----a-w- c:\programmi\xpiinstall.exe
2008-04-20 15:30 . 2008-04-20 15:30 3861320 ----a-w- c:\programmi\eMule0.48a-Installer2.exe
2008-04-18 18:07 . 2008-04-18 18:05 59782440 ----a-w- c:\programmi\iTunesSetup.exe
2008-04-13 09:30 . 2008-04-13 09:31 329264 ----a-w- c:\programmi\RealPlayer11GOLD_it.exe
2008-04-13 09:13 . 2008-04-13 09:12 5832512 ----a-w- c:\programmi\Firefox Setup 2.0.0.13.exe
2007-03-06 19:40 . 2007-03-06 19:40 672544 ----a-w- c:\programmi\commanderftp.exe
2006-04-27 22:58 . 2006-04-27 22:58 1163643 ----a-w- c:\programmi\wrar342.exe
2006-04-11 23:01 . 2006-04-11 23:01 1007598 ----a-w- c:\programmi\DriveRescue1.9d.zip
2005-11-27 12:44 . 2005-11-27 12:44 6456368 ----a-w- c:\programmi\Nokia_Conn_Cable_Driver_150_6_eng_us.exe
2005-11-05 09:45 . 2005-11-05 09:45 8076120 ----a-w- c:\programmi\930-ita-xp.exe
2005-11-05 09:27 . 2005-11-05 09:27 608928 ----a-w- c:\programmi\GoogleToolbarInstaller.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 09:58 1107200 ----a-w- c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"="c:\programmi\VIA\RAID\raid_tool.exe" [2005-04-26 589824]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"PCSuiteTrayApplication"="c:\programmi\Nokia\Nokia PC Suite 6\Launch Application 2.exe" [2004-11-25 143360]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2008-03-28 413696]
"OM_Monitor"="c:\programmi\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 40960]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-04-13 185896]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-04-24 148888]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"ANIWZCS2Service"="c:\programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-29 49152]
"D-Link AirPlus G"="c:\programmi\D-Link\AirPlus G\AirGCFG.exe" [2006-11-17 1552384]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-04 2023704]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2005-03-07 53248]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2005-03-11 147456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\Utente\Menu Avvio\Programmi\Esecuzione automatica\
Stop Dialers.lnk - c:\programmi\StopDialers\StopDialers.exe [2004-3-25 273408]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Device Detector 3.lnk - c:\programmi\OLYMPUS\DeviceDetector\DevDtct2.exe [2008-5-10 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-04 14:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [04/10/2009 16.30.48 108552]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [04/10/2009 16.30.42 335240]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [04/10/2009 14.37.23 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [04/10/2009 14.37.23 297752]
S2 gupdate1c9d65f66261ec2;Servizio di Google Update (gupdate1c9d65f66261ec2);c:\programmi\Google\Update\GoogleUpdate.exe [16/05/2009 21.49.17 133104]
S3 PAC207;Trust 100K Series Webcam;c:\windows\system32\drivers\PFC027.SYS [25/10/2008 10.39.24 618112]
.
Contenuto della cartella 'Scheduled Tasks'

2009-06-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]

2009-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-05-16 19:49]

2009-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-05-16 19:49]
.
.
------- Scansione supplementare -------
.
IE: {{DA002853-42D9-4A47-A236-896D32BB7EC7} - c:\windows\system32\Wintel\VIDEOC~1.EXE
TCP: {BD02C1F0-1D84-441E-807C-63702B8DCB9F} = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\slgsn6z5.default\
FF - component: c:\programmi\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\programmi\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\programmi\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\programmi\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\programmi\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npMDView3D.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl
Notify-WgaLogon - (no file)
AddRemove-Cabri II - c:\programmi\Cabri\DISINST
AddRemove-{EA9B4B99-8279-4DB5-BA96-4B2DE44414B2} - c:\windows\system32\Wintel\VIDEOC~1.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-08 14:44
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
RaidTool = c:\programmi\VIA\RAID\raid_tool.exe???D?

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Ora fine scansione: 2009-10-08 14.46.13
ComboFix-quarantined-files.txt 2009-10-08 12:46

Pre-Run: 43.010.088.960 byte disponibili
Post-Run: 42.986.590.208 byte disponibili

205 --- E O F --- 2009-02-01 22:38

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,961 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:32 AM

Posted 08 October 2009 - 11:02 AM

Hello paolopucci

Please note the message text in blue at the top of the Am I infected? What do I do? forum.

ComboFix logs should not to be posted outside the HijackThis Logs and Malware Removal forum and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for general public or personal use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. That's the decision by the creator and we will abide by that decision.

Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". When you have done that, post your combofix and DDS/HijackThis log in the HijackThis Logs and Malware Removal forum for assistance by the HJT Team Experts.

Alternatively you can start a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results but do not repost your combofix log. Then if needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed. If you have any questions, please PM me or another Moderator.
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users