Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combo fix log


  • This topic is locked This topic is locked
3 replies to this topic

#1 maximoff

maximoff

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 23 May 2010 - 08:05 AM

Hi everyone
I had a virus on my computer... usually I format my partition with Norton Ghost but now i recived a warning message booting my computer. I solved it formatting with Windows XP cd but I don't know if there is yet some malware. Can you say me if there is malwares or virus? Thanks; Sorry for my english...

I used Combo fix and this is the log:


ComboFix 10-05-22.03 - Administrator 23/05/2010 14.19.02.1.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1536.1222 [GMT 2:00]
Eseguito da: c:\documents and settings\Roby\Documenti\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Roby\Dati applicazioni\Microsoft\HTML Help\hh.dat
c:\windows\system32\AbaleZip.dll

.
((((((((((((((((((((((((( Files Creati Da 2010-04-23 al 2010-05-23 )))))))))))))))))))))))))))))))))))
.

2010-05-23 12:17 . 2010-05-23 12:17 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-05-23 06:38 . 2010-05-23 06:38 -------- d-----w- c:\documents and settings\Roby\Dati applicazioni\Sony Corporation
2010-05-23 06:35 . 2007-07-19 16:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2010-05-23 06:34 . 2010-05-23 06:35 -------- d-----w- c:\windows\Logs
2010-05-23 06:32 . 2010-05-23 06:32 -------- d-----w- c:\programmi\Sony
2010-05-23 06:32 . 2010-05-23 06:32 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Sony Corporation
2010-05-23 05:58 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-05-16 12:15 . 2010-05-16 12:15 -------- d-----r- C:\Sandbox
2010-05-08 16:09 . 2010-05-08 16:09 -------- d-----w- c:\documents and settings\Roby\Dati applicazioni\it.vodafone.desktopwidget.75C5D0AC8E830B80BD4FBC0B32A23F0123E8C097.1
2010-05-08 16:02 . 2010-05-08 15:58 38784 ----a-w- c:\documents and settings\Roby\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-08 16:02 . 2010-05-08 16:02 -------- d-----w- c:\programmi\Widget vodafone.it
2010-05-08 16:01 . 2010-05-08 16:01 -------- d-----w- c:\programmi\File comuni\Adobe AIR
2010-05-08 15:45 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-08 15:45 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-08 15:45 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-08 15:45 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-08 15:45 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-08 15:45 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-08 15:45 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-08 15:45 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-08 15:45 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-08 15:44 . 2010-05-08 15:44 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Alwil Software
2010-04-24 08:07 . 2010-04-24 08:07 -------- d-----w- C:\downloads

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-23 12:14 . 2008-08-18 17:00 -------- d-----w- c:\documents and settings\Roby\Dati applicazioni\Orbit
2010-05-23 12:13 . 2008-08-18 12:41 -------- d-----w- c:\documents and settings\Roby\Dati applicazioni\MxBoost
2010-05-23 06:12 . 2008-08-18 12:31 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-05-16 12:20 . 2008-08-17 17:34 27262976 ----a-w- C:\VIRTPART.DAT
2010-05-16 12:19 . 2008-08-17 16:39 -------- d-----w- c:\programmi\CCleaner
2010-05-16 11:41 . 2008-08-17 16:54 -------- d-----w- c:\documents and settings\Roby\Dati applicazioni\Skype
2010-05-16 11:40 . 2009-01-23 09:13 -------- d-----w- c:\programmi\Orbitdownloader
2010-05-16 11:32 . 2008-08-18 17:26 -------- d-----w- c:\documents and settings\Roby\Dati applicazioni\skypePM
2010-05-12 09:21 . 2009-10-10 10:20 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-08 15:58 . 2010-05-23 12:16 38784 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-08 15:44 . 2008-08-17 09:41 -------- d-----w- c:\programmi\Alwil Software
2010-04-24 08:01 . 2008-08-18 12:40 -------- d-----w- c:\programmi\Maxthon2
2010-04-24 07:40 . 2009-04-25 11:44 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2010-04-10 07:39 . 2006-03-02 12:00 79292 ----a-w- c:\windows\system32\perfc010.dat
2010-04-10 07:39 . 2006-03-02 12:00 478808 ----a-w- c:\windows\system32\perfh010.dat
2010-04-10 07:08 . 2010-04-10 07:08 -------- d-----w- c:\programmi\File comuni\Skype
2010-03-10 06:15 . 2006-03-02 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:16 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2006-03-02 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2004-03-11 11:27 . 2008-08-17 16:58 40960 ----a-w- c:\programmi\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\programmi\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"PMBVolumeWatcher"="c:\programmi\Sony\PMB\PMBVolumeWatcher.exe" [2009-11-04 597792]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoStartMenuMyMusic"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programmi\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe"=
"c:\\Programmi\\Maxthon2\\Maxthon.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitdm.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitnet.exe"=

R1 GhPciScan;GhostPciScanner;c:\programmi\Symantec\Norton Ghost 2003\GhPciScan.sys [17/12/2003 15.41.38 5632]
R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 19.19.58 13592]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17/08/2008 15.48.12 717296]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [08/05/2010 17.45.14 164048]
S1 atitray;atitray;c:\programmi\Ray Adams\ATI Tray Tools\atitray.sys [22/05/2007 11.04.54 18088]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [08/05/2010 17.45.14 19024]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\programmi\Sony\PMB\PMBDeviceInfoProvider.exe [24/10/2009 3.18.54 360224]
S3 DtvAudio;DtvAudio;c:\windows\system32\drivers\DtvAudio.sys [17/08/2008 11.14.06 9216]
S3 DtvVideo;DtvVideo;c:\windows\system32\drivers\DtvVideo.sys [17/08/2008 11.13.59 23680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'

2010-05-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Scansione supplementare -------
.
DPF: {8A8D269D-7630-4E85-B582-733B7DC47611} - hxxp://81.27.135.115/auchan/SPLauncherProj.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-23 14:22
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(624)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\l3codeca.acm
c:\windows\system32\sirenacm.dll
c:\windows\system32\ac3acm.acm
c:\windows\system32\lameACM.acm
.
Ora fine scansione: 2010-05-23 14:23:33
ComboFix-quarantined-files.txt 2010-05-23 12:23

Pre-Run: 47.892.627.456 byte disponibili
Post-Run: 47.943.012.352 byte disponibili

- - End Of File - - 255C6A38402042240164F2F9E67A4CA7

Edited by maximoff, 23 May 2010 - 08:06 AM.


BC AdBot (Login to Remove)

 


#2 maximoff

maximoff
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 23 May 2010 - 09:02 AM

[quote name='maximoff' date='May 23 2010, 01:05 PM' post='1769111']
Hi everyone...


Sorry.... only now i red it should be better not post combofix log unless requested

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:59 AM

Posted 25 May 2010 - 10:17 PM

Hello maximoff,



Your English is fine, and I can read the logs....what language is it please? smile.gif

Yes, it's really not good to run ComboFix without someone to guide you.

How is your computer running now, please?

Please download Malwarebytes Anti-Malware and save it to your desktop.MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Thanks,
tea

Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:59 AM

Posted 01 June 2010 - 09:19 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users