Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Combofix - my first use!


  • This topic is locked This topic is locked
No replies to this topic

#1 Guest_matman981_*

Guest_matman981_*

  • Guests
  • OFFLINE
  •  

Posted 30 May 2011 - 02:56 PM

Hi guys,

It is the first time I use Combofix and I am not a technical user so it is quite difficult for me to understand the details. I used it because, since last Friday, I've some problems with my computer. I use Windows 7 and last Friday I got some problems with Skype (like many other users). I uninstalled Skype and tried to install it again, but, since then, I've problems to install any software. In addition, Internet Explorer doesn't work (I use Mozilla but, still, I noticed that Explorer is out of work) and I cannot open many webpages on Mozilla... I suspect a virus or something similar!

So I tried to use Combofix and this is my Combofix's log.txt (unfortunately some words are in Italian--hope it is still clear)

ComboFix 11-05-30.04 - Matteo 30/05/2011 21:27:31.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.39.1040.18.2039.1380 [GMT 2:00]
Eseguito da: c:\users\Matteo\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\OfferBox
c:\program files\OfferBox\offerboxffx@offerbox.com\components\OfferBoxXpCom.dll
c:\users\Matteo\AppData\Roaming\OfferBox
c:\users\Matteo\AppData\Roaming\OfferBox\config.dat
c:\users\Matteo\AppData\Roaming\OfferBox\config.xml
c:\windows\fveupdate.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2011-04-28 al 2011-05-30 )))))))))))))))))))))))))))))))))))
.
.
2011-05-30 19:35 . 2011-05-30 19:35 -------- d-----w- c:\users\Matteo\AppData\Local\temp
2011-05-30 19:35 . 2011-05-30 19:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-30 18:37 . 2011-05-30 18:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-05-23 13:55 . 2011-05-23 13:55 77824 ----a-r- c:\users\Matteo\AppData\Roaming\Microsoft\Installer\{C454FB57-6576-4A65-94C8-B59FB0484826}\AtlIcons.exe
2011-05-23 13:55 . 2011-05-23 13:55 26866 ----a-r- c:\users\Matteo\AppData\Roaming\Microsoft\Installer\{C454FB57-6576-4A65-94C8-B59FB0484826}\misc.exe
2011-05-23 13:55 . 2011-05-23 13:55 -------- d-----w- c:\users\Matteo\AppData\Roaming\Scientific Software
2011-05-23 13:55 . 2011-05-23 13:55 -------- d-----w- c:\program files\Scientific Software
2011-05-23 06:29 . 2011-05-23 06:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-12 13:02 . 2011-05-30 17:43 -------- d-----w- c:\program files\MP3Gain
2011-05-08 09:13 . 2011-05-08 09:13 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-08 09:13 . 2011-05-08 09:13 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-08 09:13 . 2011-05-08 09:13 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-08 09:13 . 2011-05-08 09:13 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-08 09:13 . 2011-05-08 09:13 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-08 09:13 . 2011-05-08 09:13 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-08 09:13 . 2011-05-08 09:13 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-08 09:13 . 2011-05-08 09:13 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-08 08:57 . 2011-04-18 07:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AA4B2841-501A-4512-9D6D-40F0059E3638}\mpengine.dll
2011-05-08 08:56 . 2010-06-08 06:02 1233920 ----a-w- c:\windows\system32\msxml3.dll
2011-05-08 08:56 . 2011-03-03 05:29 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-05-08 08:56 . 2011-03-03 05:27 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-05-08 08:56 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll
2011-05-08 08:56 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll
2011-05-08 08:56 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2011-05-08 08:39 . 2010-12-23 05:28 850432 ----a-w- c:\windows\system32\sbe.dll
2011-05-08 08:39 . 2010-12-23 05:28 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-05-08 08:39 . 2010-12-23 05:28 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-05-08 08:39 . 2010-12-23 05:24 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-05-08 08:37 . 2010-09-01 04:26 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 08:16 . 2009-07-13 23:11 680448 ----a-w- c:\windows\system32\adtschema.dll
2011-05-08 09:13 . 2011-05-08 09:13 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ATFPUOverlayIcon]
@="{3239DBC1-B76D-4dc7-8B29-D99CBA3C7336}"
[HKEY_CLASSES_ROOT\CLSID\{3239DBC1-B76D-4dc7-8B29-D99CBA3C7336}]
2009-09-15 16:36 147888 ----a-w- c:\program files\Toshiba\TFPU\TFPUOverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-29 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-29 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-29 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-28 7625248]
"TFPUPWDBankService"="c:\program files\TOSHIBA\TFPU\TFPUPWDBank.exe" [2009-09-15 888752]
"TFPUService"="c:\program files\TOSHIBA\TFPU\TFPUTaskMonitor.exe" [2009-09-15 784304]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 385024]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
.
c:\users\Matteo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]
2009-07-22 11:40 83336 ----a-w- c:\program files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 13:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 20:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\Drivers\BUSB2902.sys [2009-10-30 384576]
R3 BUSB_AUDIO_WDM;BEHRINGER USB WDM AUDIO;c:\windows\system32\drivers\busbwdm.sys [2009-10-30 39488]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 30272]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 13120]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-09-11 1811704]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-10 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-09-14 659328]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
S3 netw5v32;Driver scheda Intel® Wireless WiFi Link serie 5000 per Windows Vista a 32 bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
.
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
FF - ProfilePath - c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\mu2fdqah.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKCU-Run-downloadhq - c:\program files\DownloadHQ\downloadhq.exe
AddRemove-FormatFactory - c:\users\Matteo\Desktop\FormatFactory\uninst.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2011-05-30 21:38:36
ComboFix-quarantined-files.txt 2011-05-30 19:38
.
Pre-Run: 96.744.919.040 byte disponibili
Post-Run: 96.521.113.600 byte disponibili
.
- - End Of File - - 0AF33226FE1DCF58E467B526F5C0C35D




hope some one could help to understand what I should do... thank you so much for your help!!!

best

Edited by hamluis, 30 May 2011 - 03:48 PM.
Moved from AV, Firewall to Malware Removal Logs.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users