Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

log txt


  • This topic is locked This topic is locked
2 replies to this topic

#1 BC5300Vet

BC5300Vet

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 29 March 2012 - 09:33 AM

ComboFix 12-03-29.01 - Principale 29/03/2012 11.51.13.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1471.909 [GMT 2:00]
Eseguito da: c:\documents and settings\Principale\Desktop\ComboFix.exe
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
I seguenti file sono stati disabilitati durante la scansione:
c:\docume~1\ALLUSE~1\DATIAP~1\esoeso32qwe.dat
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\BB31817AC617EBE10D69DADB67E2424.exe.tmp
c:\documents and settings\All Users\Dati applicazioni\esoeso32qwe.dat.vir
c:\documents and settings\Principale\Menu Avvio\Programmi\Esecuzione automatica\ctfmon.lnk
c:\windows\IsUn0410.exe
c:\windows\system32\SET3D.tmp
c:\windows\system32\SET49.tmp
c:\windows\system32\SET52.tmp
c:\windows\system32\SET53.tmp
c:\windows\system32\SET54.tmp
c:\windows\system32\SET57.tmp
c:\windows\system32\setb6.tmp
.
----- File Replicators -----
.
c:\documents and settings\Principale\asjykgex.exe
c:\documents and settings\Principale\awmcvike.exe
c:\documents and settings\Principale\brpvhvtf.exe
c:\documents and settings\Principale\bsbqtxhv.exe
c:\documents and settings\Principale\cduatfoc.exe
c:\documents and settings\Principale\ctcgnquc.exe
c:\documents and settings\Principale\dafoxfhj.exe
c:\documents and settings\Principale\damyfkit.exe
c:\documents and settings\Principale\ddjejife.exe
c:\documents and settings\Principale\dsynhnqr.exe
c:\documents and settings\Principale\earnkyzu.exe
c:\documents and settings\Principale\gvfrniih.exe
c:\documents and settings\Principale\httjrdkh.exe
c:\documents and settings\Principale\idvyhnio.exe
c:\documents and settings\Principale\itskyjyj.exe
c:\documents and settings\Principale\iyfjvwvs.exe
c:\documents and settings\Principale\jqofaiub.exe
c:\documents and settings\Principale\jwcmeehp.exe
c:\documents and settings\Principale\kdsqdbds.exe
c:\documents and settings\Principale\ldbuwafj.exe
c:\documents and settings\Principale\lhfcmclw.exe
c:\documents and settings\Principale\ltpntzvc.exe
c:\documents and settings\Principale\lvxpgxjq.exe
c:\documents and settings\Principale\mderajvs.exe
c:\documents and settings\Principale\mnvrudsx.exe
c:\documents and settings\Principale\mxbtyvlx.exe
c:\documents and settings\Principale\pctlpozk.exe
c:\documents and settings\Principale\pyiryxqx.exe
c:\documents and settings\Principale\rvwpcrsl.exe
c:\documents and settings\Principale\srzaimuv.exe
c:\documents and settings\Principale\tewjsuwm.exe
c:\documents and settings\Principale\ugkileda.exe
c:\documents and settings\Principale\uxfxattf.exe
c:\documents and settings\Principale\vbzmtzyg.exe
c:\documents and settings\Principale\vgjuottb.exe
c:\documents and settings\Principale\xlsbawea.exe
c:\documents and settings\Principale\yowgcwmj.exe
c:\documents and settings\Principale\zrgfuvpp.exe
c:\documents and settings\Principale\zxteuwkx.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2012-02-28 al 2012-03-29 )))))))))))))))))))))))))))))))))))
.
.
2012-03-29 07:15 . 2012-03-29 07:15 -------- d-----w- c:\windows\system32\wbem\Repository
2012-03-29 07:12 . 2012-03-29 07:14 -------- d-s---w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-15 08:33 . 2011-05-19 07:06 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:57 . 2004-08-19 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-15 07:53 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2006-07-27 09:13 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2010-02-12 17:18 . 2010-02-12 17:18 2270704 ----a-w- c:\programmi\QUAD_Registry_Cleaner_Installer.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mRouterConfig"="c:\programmi\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" [2006-03-02 290816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomcatStartup"="c:\programmi\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"StatusClient"="c:\programmi\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"SoundMAXPnP"="c:\programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1368064]
"HPHUPD05"="c:\programmi\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2004-04-01 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2004-05-05 491520]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-05-04 176128]
"HP Software Update"="c:\programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
"HP Component Manager"="c:\programmi\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"VTTrayp"="VTtrayp.exe" [2005-03-13 147456]
"VTTimer"="VTTimer.exe" [2005-03-09 53248]
"RaidTool"="c:\programmi\VIA\RAID\raid_tool.exe" [2005-04-28 589824]
"PC Suite for Smartphones"="c:\programmi\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-12-25 548864]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"TkBellExe"="c:\programmi\real\realplayer\update\realsched.exe" [2011-11-10 273528]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2007-9-22 303104]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Belkin 802.11g Wireless PCI Card Configuration Utility.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Belkin 802.11g Wireless PCI Card Configuration Utility.lnk
backup=c:\windows\pss\Belkin 802.11g Wireless PCI Card Configuration Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Principale^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\Principale\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Principale^Menu Avvio^Programmi^Esecuzione automatica^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Principale\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Principale^Menu Avvio^Programmi^Esecuzione automatica^Piylzq2tOn.lnk]
path=c:\documents and settings\Principale\Menu Avvio\Programmi\Esecuzione automatica\Piylzq2tOn.lnk
backup=c:\windows\pss\Piylzq2tOn.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-10 17:51 39792 ----a-w- c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]
2006-10-24 07:14 360448 ----a-w- c:\programmi\Browser Mouse\mouse32a.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-04-13 10:09 49152 ----a-w- c:\programmi\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:14 1695232 ----a-w- c:\programmi\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 15:38 421888 ----a-w- c:\programmi\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-12-07 21:57 30208 ------w- c:\programmi\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RichVideo"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Programmi\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programmi\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Sony Ericsson\\Mobile4\\Sync Manager\\DXP SyncML.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Veetle\\Player\\VeetleNet.exe"=
.
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"c:\programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\c:\progra~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS --> c:\progra~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS [?]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [14/11/2006 12.51.22 39048]
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-08-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-03-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1644491937-484061587-725345543-1004.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2011-09-27 12:40]
.
2012-03-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-484061587-725345543-1004.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2011-09-27 12:40]
.
2012-03-29 c:\windows\Tasks\User_Feed_Synchronization-{E6D7F34A-A264-4B9E-866B-1FBD12167FA4}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.virgilio.it/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\programmi\Malwarebytes' Anti-Malware\mbam.exe
HKU-Default-Run-CTFMON.EXE - c:\docume~1\alluse~1\datiap~1\esoeso32qwe.dat
AddRemove-Digital Camera - c:\windows\IsUn0410.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-29 11:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
Ora fine scansione: 2012-03-29 11:58:50
ComboFix-quarantined-files.txt 2012-03-29 09:58
.
Pre-Run: 61.487.611.904 byte disponibili
Post-Run: 61.753.556.992 byte disponibili
.
WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - BD43C73390048D1EEBA61F63F2977C5D

Edit: Moved topic from Introductions to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:30 PM

Posted 02 April 2012 - 10:29 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Nothing suspicious was found on your ComboFix log.

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs and let me know what problem persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:30 PM

Posted 08 April 2012 - 08:30 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users