Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

combofix log


  • This topic is locked This topic is locked
2 replies to this topic

#1 dorhi

dorhi

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:11 AM

Posted 22 November 2010 - 12:39 AM

hello,I don't know how to analyze this log,someone can help me?

thanks



ComboFix 10-11-21.01 - משפחת סיני 11/22/2010 7:12.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1255.972.1037.18.1023.698 [GMT 2:00]
Running from: c:\documents and settings\משפחת סיני\My Documents\Downloads\Programs\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\XSxS

.
((((((((((((((((((((((((( Files Created from 2010-10-22 to 2010-11-22 )))))))))))))))))))))))))))))))
.

2010-11-21 19:44 . 2010-11-21 19:44 -------- d-----r- C:\comment.htt
2010-11-21 19:44 . 2010-11-21 19:44 -------- d-----w- c:\documents and settings\משפחת סיני\Local Settings\Application Data\Help
2010-11-21 19:00 . 2010-11-21 19:00 2 --shatr- c:\windows\winstart.bat
2010-11-21 13:32 . 2010-11-21 13:35 -------- d-----w- c:\documents and settings\משפחת סיני\Local Settings\Application Data\NPE
2010-11-17 17:12 . 2010-11-17 17:12 -------- d-----w- c:\documents and settings\משפחת סיני\Application Data\Ashampoo
2010-11-17 17:12 . 2010-11-17 17:12 -------- d-----w- c:\documents and settings\משפחת סיני\Local Settings\Application Data\ashampoo
2010-11-17 17:12 . 2010-11-17 17:12 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo
2010-11-16 14:43 . 2010-11-13 09:44 94040 ----a-w- c:\windows\system32\drivers\idmtdi.sys
2010-11-16 12:06 . 2010-11-16 12:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-11-16 12:06 . 2010-11-16 12:06 -------- d--h--r- c:\documents and settings\משפחת סיני\Application Data\SecuROM
2010-11-14 16:12 . 2010-11-14 16:12 -------- d-----w- c:\documents and settings\משפחת סיני\Local Settings\Application Data\OLYMPUS
2010-11-14 16:11 . 2010-11-14 16:11 -------- d-----w- c:\program files\OLYMPUS
2010-11-14 16:11 . 2010-11-14 16:11 -------- d-----w- c:\program files\DIFX
2010-11-14 16:06 . 2005-09-23 07:07 95744 ----a-r- c:\windows\system32\atl80.dll
2010-11-14 16:06 . 2005-09-23 07:05 626688 ----a-r- c:\windows\system32\msvcr80.dll
2010-11-14 16:06 . 2005-09-23 07:05 548864 ----a-r- c:\windows\system32\msvcp80.dll
2010-11-14 16:06 . 2005-09-23 09:16 1079808 ----a-r- c:\windows\system32\mfc80u.dll
2010-11-12 13:08 . 2010-11-12 13:08 -------- d-----w- c:\documents and settings\משפחת סיני\Application Data\Nero
2010-11-12 13:08 . 2010-11-12 13:08 -------- d-----w- c:\documents and settings\משפחת סיני\Local Settings\Application Data\Xenocode
2010-11-11 19:10 . 2010-11-11 19:33 -------- d-----w- c:\documents and settings\משפחת סיני\Application Data\IObit
2010-11-10 12:31 . 2000-05-24 13:02 299520 ----a-w- c:\windows\uninst.exe
2010-11-10 12:31 . 2010-11-10 12:31 -------- d-----w- c:\documents and settings\משפחת סיני\WINDOWS
2010-11-10 07:36 . 2010-11-10 07:36 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2010-11-10 06:39 . 2001-09-18 13:47 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-11-10 05:42 . 2010-11-10 05:42 -------- d-----w- c:\documents and settings\משפחת סיני\Local Settings\Application Data\PCHealth
2010-11-09 17:09 . 2010-08-26 11:08 13312 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-11-09 15:37 . 2010-11-09 15:37 -------- d-sh--w- c:\documents and settings\משפחת סיני\IECompatCache
2010-11-06 09:37 . 2010-11-06 09:37 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2010-11-04 11:53 . 2010-11-04 11:53 -------- d-----w- c:\documents and settings\משפחת סיני\Application Data\Sunbelt
2010-11-04 11:53 . 2010-11-04 11:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt
2010-11-03 15:10 . 2010-11-03 15:10 -------- d-----w- c:\documents and settings\משפחת סיני\Local Settings\Application Data\Moonchild Productions
2010-11-03 15:10 . 2010-11-03 15:10 -------- d-----w- c:\documents and settings\משפחת סיני\Application Data\Moonchild Productions
2010-11-03 14:48 . 2010-11-03 14:50 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-11-03 14:48 . 2010-11-03 14:50 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-11-03 14:48 . 2010-11-03 14:50 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-11-03 14:39 . 2010-07-09 22:38 10604128 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys
2010-11-03 14:39 . 2010-07-09 22:38 10604128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-11-03 14:39 . 2010-07-09 22:38 6343040 -c--a-w- c:\windows\system32\dllcache\nv4_disp.dll
2010-11-03 14:39 . 2010-07-09 22:38 6343040 ----a-w- c:\windows\system32\nv4_disp.dll
2010-11-03 14:20 . 2010-11-11 19:45 -------- d-----w- c:\documents and settings\Administrator
2010-11-01 20:58 . 2010-11-01 20:58 -------- d-----w- c:\documents and settings\משפחת סיני\Local Settings\Application Data\Thinstall
2010-11-01 20:58 . 2010-11-01 20:58 -------- d-----w- c:\documents and settings\משפחת סיני\Application Data\Thinstall
2010-10-26 14:01 . 2010-10-26 14:01 -------- d-----w- c:\program files\ESET
2010-10-26 14:01 . 2010-10-26 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-10-24 13:47 . 2010-09-10 05:51 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-10-24 13:47 . 2010-09-10 05:51 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-10-24 13:47 . 2010-09-10 05:51 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-10-24 13:47 . 2010-09-10 05:51 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-10-24 13:47 . 2010-09-10 05:51 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-10-24 13:47 . 2010-09-10 05:51 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-10-24 13:47 . 2010-09-10 05:51 11080192 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-10-24 10:01 . 2010-10-24 10:01 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-10-24 09:53 . 2010-10-24 09:53 -------- d-sh--w- c:\documents and settings\משפחת סיני\PrivacIE
2010-10-24 09:52 . 2010-10-24 09:52 -------- d-sh--w- c:\documents and settings\משפחת סיני\IETldCache
2010-10-23 20:14 . 2010-10-23 21:09 -------- d-----w- c:\documents and settings\משפחת סיני\Application Data\Auslogics
2010-10-23 20:13 . 2010-11-21 13:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-10-23 20:04 . 2010-11-12 12:24 -------- d-----w- c:\program files\RoeiBajayo
2010-10-23 19:10 . 2010-10-23 19:11 -------- dc-h--w- c:\windows\ie8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-18 18:00 . 2010-10-18 18:00 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-10-14 17:09 . 2010-10-14 17:09 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-10-07 12:56 . 2010-10-07 12:56 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-09-18 10:22 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:52 . 2006-03-02 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:52 . 2006-03-02 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:52 . 2006-03-02 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 02:50 . 2010-09-27 13:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 00:29 . 2010-09-27 13:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-14 08:00 . 2010-09-26 20:24 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-09-10 05:51 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:51 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:51 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-03 14:20 . 2010-09-30 17:09 359016 ----a-w- c:\windows\vncutil.exe
2010-09-03 14:20 . 2010-09-26 21:32 84584 ----a-w- c:\windows\SOUNDMAN.EXE
2010-09-03 14:20 . 2010-09-26 21:32 1833576 ----a-w- c:\windows\SkyTel.exe
2010-09-03 14:20 . 2010-09-26 21:32 891496 ----a-w- c:\windows\system32\RTSndMgr.CPL
2010-09-03 14:20 . 2010-09-26 21:32 1489512 ----a-w- c:\windows\RtlUpd.exe
2010-09-03 14:20 . 2010-09-26 21:32 9721960 ----a-w- c:\windows\RTLCPL.EXE
2010-09-03 14:20 . 2010-09-30 17:09 54888 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-09-03 14:20 . 2010-09-26 21:32 6139496 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-09-03 14:20 . 2010-09-30 17:09 129640 ----a-w- c:\windows\RtkAudioService.exe
2010-09-03 14:20 . 2010-09-26 21:31 19573352 ----a-w- c:\windows\RTHDCPL.EXE
2010-09-03 14:19 . 2010-09-26 21:31 2180712 ----a-w- c:\windows\MicCal.exe
2010-09-03 14:19 . 2010-09-26 21:31 64104 ----a-w- c:\windows\ALCMTR.EXE
2010-09-03 14:19 . 2010-09-26 21:31 285288 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2010-09-03 14:19 . 2010-09-26 21:31 2815592 ----a-w- c:\windows\ALCWZRD.EXE
2010-09-01 11:51 . 2006-03-02 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2006-03-02 12:00 1852672 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:03 . 2006-03-02 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:53 . 2006-03-02 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 9216 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2006-03-02 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2010-11-03 14:41 65632 ----a-w- d:\program files\Internet Download Manager\IDMShellExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-09-03 19573352]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus Yaron'S Team\egui.exe" [2010-08-12 2215064]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\אבטחה\SuperAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- d:\program files\אבטחה\SuperAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29/07/2010 13:31 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [03/08/2010 13:28 95896]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [16/11/2010 16:43 94040]
R1 SASDIFSV;SASDIFSV;d:\program files\אבטחה\SuperAntiSpyware\sasdifsv.sys [17/02/2010 20:25 12872]
R1 SASKUTIL;SASKUTIL;d:\program files\אבטחה\SuperAntiSpyware\SASKUTIL.SYS [10/05/2010 20:41 67656]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus Yaron'S Team\ekrn.exe [12/08/2010 14:16 810144]
S1 a2injectiondriver;a2injectiondriver;\??\d:\program files\אבטחה\Emsisoft Anti-Malware\a2dix86.sys --> d:\program files\אבטחה\Emsisoft Anti-Malware\a2dix86.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [30/09/2010 19:09 1691480]
S3 BS_LOAD;BS_LOAD;\??\c:\windows\system32\drivers\BS_LOAD.SYS --> c:\windows\system32\drivers\BS_LOAD.SYS [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [29/09/2010 15:31 27064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe --> c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.il/
uInternet Connection Wizard,ShellNext = iexplore
IE: Download all links with IDM - d:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - d:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - d:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Translate with &Babylon - d:\program files\Babylon\Utils\BabylonIEPI.dll/Translate.htm
TCP: {E1C55CC8-4EF4-41AD-B5C7-ECFD770339A4} = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\documents and settings\משפחת סיני\Application Data\Mozilla\Firefox\Profiles\shk7j4rw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.il/
FF - component: c:\documents and settings\משפחת סיני\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: d:\program files\Java\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\Java\bin\new_plugin\npjp2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
d:\program files\FireFox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
d:\program files\FireFox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
d:\program files\FireFox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
d:\program files\FireFox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
d:\program files\FireFox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
d:\program files\FireFox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
d:\program files\FireFox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
d:\program files\FireFox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
d:\program files\FireFox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
d:\program files\FireFox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
d:\program files\FireFox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-22 07:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1409082233-583907252-682003330-1004\Software\Microsoft\  M*i*c*r*o*s*o*f*t* *M*a*n*a*g*e*m*e*n*t* *C*o*n*s*o*l*e*\Recent File List]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"File1"="c:\\WINDOWS\\system32\\services.msc"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(764)
d:\program files\אבטחה\SuperAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2010-11-22 07:21:54
ComboFix-quarantined-files.txt 2010-11-22 05:21

Pre-Run: 71,018,708,992 bytes free
Post-Run: 71,178,330,112 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - CC498F95D03534DEA94FE1D924DFBD07

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:11 PM

Posted 30 November 2010 - 08:16 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:11 PM

Posted 05 December 2010 - 08:21 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users