Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DDS Log


  • This topic is locked This topic is locked
2 replies to this topic

#1 ste70

ste70

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 04 March 2011 - 02:20 AM

Hi, this is my first time on this forum, hello to everybody!

I ran combofix on my PC, as it became uncredibly slow. Now it is much better, even if I think not completely OK. I post the LOG file, can you help me with it?

Thanks, bye!

ComboFix 11-03-03.02 - Principale 04/03/2011 7.48.02.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.511.347 [GMT 1:00]
Eseguito da: c:\documents and settings\Principale\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Creati Da 2011-02-04 al 2011-03-04 )))))))))))))))))))))))))))))))))))
.

2011-02-25 18:29 . 2011-02-25 18:29 -------- d-----w- c:\documents and settings\Principale\Dati applicazioni\Sonic
2011-02-25 18:26 . 2011-02-25 18:26 -------- d-----w- c:\documents and settings\Principale\Dati applicazioni\Leadertech
2011-02-20 18:52 . 2011-02-20 18:52 -------- d-----w- c:\programmi\File comuni\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 20:40 . 2010-09-03 05:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 18:19 . 2011-01-18 09:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-21 14:44 . 2004-08-31 07:52 440832 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-31 07:52 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 14:04 . 2004-08-31 07:53 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-31 07:52 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:53 . 2004-08-31 07:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:53 . 2004-08-31 07:52 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:53 . 2004-08-31 07:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2004-08-31 07:52 735744 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-31 07:52 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2004-08-31 07:52 739840 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:14 . 2004-08-31 07:52 2196480 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 15:14 . 2004-08-19 15:34 2073088 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 14:30 . 2004-08-31 07:52 33280 ----a-w- c:\windows\system32\csrsrv.dll
.

((((((((((((((((((((((((((((( SnapShot@2011-03-03_15.48.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-04 06:27 . 2011-03-04 06:27 16384 c:\windows\Temp\Perflib_Perfdata_670.dat
+ 2011-03-04 06:27 . 2011-03-04 06:27 16384 c:\windows\Temp\Perflib_Perfdata_5cc.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Principale\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2009-06-13 133104]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2011-01-26 15026056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\programmi\Apoint\Apoint.exe" [2003-11-07 114688]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-10 339968]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 45056]
"SonyPowerCfg"="c:\programmi\Sony\VAIO Power Management\SPMgr.exe" [2004-06-29 180224]
"HKSERV.EXE"="c:\programmi\Sony\HotKey Utility\HKserv.exe" [2004-06-29 122880]
"VAIO Update 2"="c:\programmi\Sony\VAIO Update 2\VAIOUpdt.exe" [2004-06-29 147456]
"PDService.exe"="c:\programmi\Utimaco\SafeGuard PrivateDisk\pdservice.exe" [2004-07-06 40960]
"Acrobat Assistant 7.0"="c:\programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AdobeCS4ServiceManager"="c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-10-20 198160]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2010-02-22 417792]
"LogMeIn GUI"="c:\programmi\LogMeIn\x86\LogMeInSystray.exe" [2010-01-27 63048]
"WireLessMouse"="c:\programmi\SilverCrest Combo Set Driver\StartAutorun.exe" [2005-11-30 94208]
"WireLessKeyboard"="c:\programmi\SilverCrest Combo Set Driver\StartAutorun.exe" [2005-11-30 94208]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-10-29 249064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Acrobat.lnk - c:\windows\Installer\{AC76BA86-1034-4700-7760-000000000002}\SC_Acrobat.exe [2009-6-12 25214]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-06-02 14:06 87424 ----a-w- c:\windows\system32\LMIinit.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Macromedia\\FreeHand 10\\FreeHand 10.exe"=
"c:\\Programmi\\Macromedia\\Fireworks MX\\Fireworks.exe"=
"c:\\Programmi\\Sony\\VAIO Media 3.1\\Vc.exe"=
"c:\\Programmi\\Sony\\VAIO Media 3.1\\VmpClient.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programmi\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\Macromedia\\Flash MX\\Flash.exe"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\programmi\Microsoft ActiveSync\rapimgr.exe"= c:\programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmi\Microsoft ActiveSync\wcescomm.exe"= c:\programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmi\Microsoft ActiveSync\WCESMgr.exe"= c:\programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Principale\\Documenti\\Downloads\\utorrent (1).exe"=
"g:\\Sito web\\castiglione\\xampp\\apache\\bin\\httpd.exe"=
"g:\\Sito web\\castiglione\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Programmi\\Ipswitch\\WS_FTP Professional\\wsftpgui.exe"=
"d:\\siti Locali\\castiglione\\xampp\\apache\\bin\\httpd.exe"=
"d:\\siti Locali\\castiglione\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 PrivateDisk;PrivateDisk;c:\windows\system32\drivers\privatediskm.sys [06/07/2004 13.07.06 45627]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\programmi\LogMeIn\x86\rainfo.sys [27/01/2010 11.22.02 12856]
S4 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [04/01/2010 15.03.03 135664]
S4 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\programmi\File comuni\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe [02/09/2004 13.29.58 118877]
S4 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\programmi\File comuni\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM --> c:\programmi\File comuni\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contenuto della cartella 'Scheduled Tasks'

2010-07-21 c:\windows\Tasks\Console servizio Fax.job
- c:\windows\system32\fxsclnt.exe [2009-06-12 17:14]

2011-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-153377294-3810977094-3018004612-1005Core1cb0d98f31f9bd0.job
- c:\documents and settings\Principale\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-06-13 14:55]

2011-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-153377294-3810977094-3018004612-1005UA.job
- c:\documents and settings\Principale\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-06-13 14:55]

2011-03-04 c:\windows\Tasks\User_Feed_Synchronization-{C80AC404-3842-4022-AB0F-BB769A53CA9D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.club-vaio.com/en
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\programmi\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward &Links - c:\programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\programmi\Google\GoogleToolbar1.dll/cmcache.html
IE: Converti destinazione link in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti destinazione link in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti nel file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti selezione in Adobe PDF - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in file PDF esistente - c:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Si&milar Pages - c:\programmi\Google\GoogleToolbar1.dll/cmsimilar.html
Trusted Zone: assicom.com \webmail
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
TCP: {610C48D1-0C8A-4A48-8F02-776EEDF52CAE} = 208.67.222.222,208.67.220.220
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-04 07:56
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{05AF50AA-22D7-AA1D-A4F48F393CAE2202}\{78C6AA3D-BD77-7FA2-B188C82FA3887936}\{102B7915-3D5B-6524-E77B0FDDDBDD9024}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,6c,7d,51,
0d,9a,00,4b,d1,06,01,cb,13,99,bd,0e,03,b2,f3,79,b0,1e,3a,e2,b2,e9,2c,3f,b0,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{156E5059-1974-1C21-234A49AFACAB4059}\{B90FCDFF-5527-F999-5BDD8AB8903FEB58}\{85FE2661-9FF6-1F38-3936C76FCE54F605}*]
"SE4K5INHHR1EDZYY15BVZC6TKG1"=hex:01,00,01,00,00,00,00,00,7e,c3,c3,8e,86,b4,21,
5e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1A68D668-6DF3-702D-2A0852A803C1488D}\{D6F2E9CD-48BA-CDDC-BEA31B576464FCAF}\{421B9E29-5D23-2966-C9D7C1E976BC0884}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,6c,7d,51,
0d,9a,00,4b,d1,06,01,cb,13,99,bd,0e,03,b2,f3,79,b0,1e,3a,e2,b2,e9,2c,3f,b0,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{61F22E4F-B27F-AFC4-A522A9C3D24CB12E}\{1AB70131-6AEF-F29E-373C8656BA527ED6}\{4909E9D0-65F5-FEDD-EF93FC8CC6374EF9}*]
"SE4K5INHHR1EDZYY15BVZC6TKG1"=hex:01,00,01,00,00,00,00,00,7e,c3,c3,8e,86,b4,21,
5e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|˙˙˙˙Ŕ•€|ů•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(604)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(2300)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
.
Ora fine scansione: 2011-03-04 08:03:34
ComboFix-quarantined-files.txt 2011-03-04 07:03
ComboFix2.txt 2011-03-03 15:53

Pre-Run: 4.600.610.816 byte disponibili
Post-Run: 4.582.191.104 byte disponibili

- - End Of File - - EBC9B96D30A2F5C58DDCC222A2DF3FB4

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:20 PM

Posted 11 March 2011 - 07:40 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:20 PM

Posted 17 March 2011 - 05:50 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users