Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix not working after new HD partition created


  • This topic is locked This topic is locked
11 replies to this topic

#1 501824678

501824678

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 11 March 2013 - 07:53 AM

Dear ALL,
 
does anyone could help me?
 
I've been using combofix since 2008 without problems on my pc and laptops running Windows XP home/Pro edition.
In only one case combofix has stopped working when it comes to ..."however, scan times for badly...." see image attached. and I cannot use combofix anymore, this occur when I create a new partition on my HD usually set for Linux operating system.

Even if I delete the linux partition and merge it on the NTFS partition combofix does not work anymore...I have to poweroff the pc and boot it again, no possibility with CTRL ALT CANC

 

any idea?

thanks a lot

 

Attached Files


Edited by 501824678, 11 March 2013 - 07:55 AM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:36 PM

Posted 14 March 2013 - 07:49 PM

Are you still looking for help with this issue?
Posted Image
m0le is a proud member of UNITE

#3 501824678

501824678
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 15 March 2013 - 04:14 AM

Yes, the problem still remains in the same manner that has been facing in this last 4 years. It seems that Combofix doesn't like new HD partitions created  with linux filesystem. The procedure stops at "however, scan times for badly...."  step. 

The computer hangs and I can reboot only pushing on power button

Regarding  other antiremoval tools, they are working fine.



#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:36 PM

Posted 16 March 2013 - 06:46 PM

Please note: ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for private use. Please read Combofix's Disclaimer.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Okay, are you able to run DDS?

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
  • Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

    Information on A/V control HERE

Edited by m0le, 16 March 2013 - 06:48 PM.

Posted Image
m0le is a proud member of UNITE

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:36 PM

Posted 18 March 2013 - 07:51 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le


Posted Image
m0le is a proud member of UNITE

#6 501824678

501824678
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 19 March 2013 - 06:18 AM

Hi m0le,

 

sorry for my late response

 

I tried 3 times to run DDS, same situation, it hangs on "Please wait..." . I was only able to move the cursor, system blocked and need to push the power bottom to restart



#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:36 PM

Posted 19 March 2013 - 07:25 PM

We need to check a reason why Combofix might hang. Try this script below

 

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

NoMBR::



Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)


CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Posted Image
m0le is a proud member of UNITE

#8 501824678

501824678
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 20 March 2013 - 04:22 AM

Victory !!!  :clapping:  :clapping:  :clapping:

 

combofix has completed his procudure.

Please note that it has recognized a rootkit activity just after "attempting to creat a system restore point" and pc has to be rebooted

After that it has continued his job fine, during "Combofix his preparing Log report, do not use any programs..." a MS window alerts that "PEV.exe  had encountered a problem and needs to close Runtime to terminate in an unusual way" I closed this window and Combofix has displayed the log report here below

thanks a lot for your kind help and attention

 

G

 

 

 

ComboFix 13-03-20.01 - Ghera 20/03/2013   9.45.34.3.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.39.1040.18.1918.1586 [GMT 1:00]
Eseguito da: c:\documents and settings\Ghera\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Ghera\Desktop\CFScript.txt
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0410.exe
c:\windows\unin0410.exe
.
.
(((((((((((((((((((((((((   Files Creati Da 2013-02-20 al 2013-03-20  )))))))))))))))))))))))))))))))))))
.
.
2013-03-19 15:30 . 2013-03-19 15:30 -------- d-----w- c:\documents and settings\Ghera\Dati applicazioni\inkscape
2013-03-19 15:26 . 2013-03-19 15:29 -------- d-----w- c:\programmi\Inkscape
2013-03-19 11:54 . 2013-03-19 11:58 -------- d-----w- c:\documents and settings\Fermare il Declino\Dati applicazioni\SoftMaker
2013-03-13 09:40 . 2013-03-17 11:54 -------- d-----w- c:\documents and settings\Ghera\.bluefish
2013-03-13 09:15 . 2013-03-13 09:15 -------- d-----w- c:\documents and settings\Ghera\Dati applicazioni\JGsoft
2013-03-13 09:15 . 2013-03-13 09:16 -------- d-----w- c:\programmi\seRapid
2013-03-13 09:15 . 2013-03-13 09:15 -------- d-----w- c:\programmi\Just Great Software
2013-03-13 09:08 . 2013-03-13 09:08 -------- d-----w- c:\documents and settings\Ghera\Dati applicazioni\Examine32
2013-03-13 09:08 . 2013-03-13 09:08 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Examine32
2013-03-13 09:07 . 2013-03-13 09:08 -------- d-----w- c:\programmi\Examine32 Text Search - evaluation version
2013-03-13 09:07 . 2012-10-30 04:10 100624 ----a-w- c:\windows\system32\ExMenu.dll
2013-03-12 17:40 . 2013-03-12 17:40 -------- d-----w- C:\found.001
2013-03-12 17:02 . 2013-03-12 17:02 -------- d-----w- C:\found.000
2013-03-11 15:22 . 2013-03-11 15:21 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-11 15:22 . 2013-03-11 15:21 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-08 07:26 . 2012-06-02 14:18 214256 ----a-w- c:\windows\system32\muweb.dll
2013-03-08 07:19 . 2013-03-08 07:54 -------- d-----w- c:\programmi\mac
2013-03-06 10:13 . 2013-03-06 10:13 -------- d-----w- c:\documents and settings\Fermare il Declino\Dati applicazioni\LibreOffice
2013-03-03 20:29 . 2013-03-03 20:29 -------- d-----w- c:\documents and settings\Fermare il Declino\Dati applicazioni\Malwarebytes
2013-03-03 10:10 . 2013-03-03 10:10 -------- d-----w- c:\documents and settings\Ghera\Dati applicazioni\Nero
2013-03-03 09:21 . 2013-03-03 09:21 -------- d-----w- c:\documents and settings\User\Impostazioni locali\Dati applicazioni\PCHealth
2013-03-03 09:17 . 2013-03-03 09:17 -------- d-----w- c:\documents and settings\User\Dati applicazioni\Nero
2013-03-03 07:58 . 2013-03-03 07:58 -------- d-----w- c:\programmi\MSXML 4.0
2013-03-02 15:04 . 2013-03-02 15:04 -------- d-----w- c:\documents and settings\Fermare il Declino\Dati applicazioni\Nero
2013-03-02 14:51 . 2013-03-02 15:02 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nero
2013-03-02 14:51 . 2013-03-02 14:52 -------- d-----w- c:\programmi\File comuni\Nero
2013-03-02 14:50 . 2013-03-02 15:02 -------- d-----w- c:\programmi\Nero
2013-03-02 08:48 . 2013-03-02 08:48 -------- d-----w- c:\programmi\Synaptics
2013-03-02 08:48 . 2012-11-06 10:20 1048576 ----a-w- c:\windows\system32\syndata.bin
2013-03-02 08:48 . 2012-11-06 10:20 142648 ----a-w- c:\windows\system32\SynTPCo14.dll
2013-03-02 08:48 . 2012-11-06 10:20 348600 ----a-w- c:\windows\system32\drivers\SynTP.sys
2013-03-02 08:48 . 2012-11-06 10:20 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2013-03-02 08:28 . 2013-03-02 08:28 -------- d-----w- c:\documents and settings\Fermare il Declino\Dati applicazioni\toshiba
2013-03-02 08:28 . 2013-03-02 08:28 -------- d-sh--w- c:\documents and settings\Fermare il Declino\PrivacIE
2013-03-02 07:59 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2013-03-02 07:58 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2013-03-02 07:58 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2013-03-02 07:58 . 2007-07-19 17:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2013-03-02 07:58 . 2007-05-16 15:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2013-03-02 07:17 . 2013-03-02 07:17 -------- d-----w- c:\documents and settings\Fermare il Declino\Dati applicazioni\ElevatedDiagnostics
2013-03-01 20:46 . 2013-03-01 20:46 -------- d-----w- c:\documents and settings\Fermare il Declino\Impostazioni locali\Dati applicazioni\QtWeb.NET
2013-02-28 19:48 . 2013-03-10 14:25 -------- d-----w- c:\documents and settings\Fermare il Declino\Dati applicazioni\uTorrent
2013-02-28 19:46 . 2006-03-02 11:00 19456 -c--a-w- c:\windows\system32\dllcache\simptcp.dll
2013-02-28 19:46 . 2006-03-02 11:00 19456 ----a-w- c:\windows\system32\simptcp.dll
2013-02-28 19:46 . 2008-04-13 17:13 36352 -c--a-w- c:\windows\system32\dllcache\iprip.dll
2013-02-28 19:46 . 2008-04-13 17:13 36352 ----a-w- c:\windows\system32\iprip.dll
2013-02-28 18:47 . 2013-02-28 17:23 13432 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys
2013-02-28 18:47 . 2013-02-28 17:22 16504 ----a-w- c:\windows\system32\drivers\pssnap.sys
2013-02-27 15:31 . 2013-03-09 22:32 -------- d-----w- c:\windows\system32\LogFiles
2013-02-26 14:38 . 2013-02-26 14:38 -------- d-----w- c:\documents and settings\Fermare il Declino\Impostazioni locali\Dati applicazioni\Identities
2013-02-26 14:37 . 2013-02-26 14:37 -------- d-----w- c:\documents and settings\Fermare il Declino\Impostazioni locali\Dati applicazioni\Adobe
2013-02-26 07:20 . 2013-02-26 07:20 -------- d-----w- c:\windows\ServicePackFiles
2013-02-26 07:07 . 2013-03-11 10:52 -------- d-----w- c:\documents and settings\Administrator
2013-02-25 19:03 . 2013-03-08 14:24 -------- d-----w- c:\documents and settings\Fermare il Declino\Dati applicazioni\Skype
2013-02-25 16:28 . 2013-02-25 16:28 -------- d-----w- c:\documents and settings\Fermare il Declino\Dati applicazioni\Greenshot
2013-02-25 16:28 . 2013-02-25 16:28 -------- d-----w- c:\documents and settings\Fermare il Declino\Impostazioni locali\Dati applicazioni\Greenshot
2013-02-25 14:37 . 2013-03-10 19:30 -------- d-----w- c:\programmi\Mozilla Maintenance Service
2013-02-25 13:55 . 2008-04-13 18:14 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2013-02-25 13:54 . 2001-08-30 22:08 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2013-02-25 13:54 . 2008-04-13 18:14 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2013-02-25 13:54 . 2001-08-30 22:08 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2013-02-25 13:54 . 2001-08-30 22:08 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2013-02-25 13:54 . 2001-08-30 22:08 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2013-02-25 13:54 . 2001-08-17 19:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2013-02-25 13:54 . 2008-04-13 08:34 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2013-02-25 13:54 . 2008-04-13 10:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2013-02-25 13:54 . 2008-04-13 08:34 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2013-02-25 13:53 . 2008-04-13 18:13 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2013-02-25 13:53 . 2008-04-13 10:36 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2013-02-25 13:53 . 2008-04-13 08:35 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2013-02-25 13:53 . 2001-08-30 19:46 35402 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2013-02-25 13:53 . 2001-08-17 20:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2013-02-25 13:51 . 2008-04-13 08:34 12415 -c--a-w- c:\windows\system32\dllcache\wadv01nt.sys
2013-02-25 13:51 . 2008-04-13 10:43 14208 -c--a-w- c:\windows\system32\dllcache\wacompen.sys
2013-02-25 13:51 . 2001-08-17 19:13 16925 -c--a-w- c:\windows\system32\dllcache\w940nd.sys
2013-02-25 13:51 . 2001-08-17 19:13 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys
2013-02-25 13:51 . 2001-08-17 19:13 19528 -c--a-w- c:\windows\system32\dllcache\w840nd.sys
2013-02-25 13:51 . 2001-08-17 20:28 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
2013-02-25 13:51 . 2001-08-17 20:28 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
2013-02-25 13:50 . 2001-08-17 20:28 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2013-02-25 13:50 . 2001-08-17 19:14 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
2013-02-25 13:50 . 2001-08-17 20:49 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
2013-02-25 13:50 . 2008-04-13 10:40 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys
2013-02-25 13:50 . 2008-04-13 10:36 42240 -c--a-w- c:\windows\system32\dllcache\viaagp.sys
2013-02-25 13:50 . 2008-04-13 18:13 54784 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2013-02-25 13:50 . 2008-04-13 18:13 11325 -c--a-w- c:\windows\system32\dllcache\vchnt5.dll
2013-02-25 13:50 . 2001-08-17 20:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2013-02-25 13:49 . 2001-08-17 20:28 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2013-02-25 13:49 . 2001-08-17 20:28 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2013-02-25 13:49 . 2001-08-17 20:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2013-02-25 13:49 . 2001-08-17 20:28 224802 -c--a-w- c:\windows\system32\dllcache\usr1807a.sys
2013-02-25 13:49 . 2001-08-17 20:28 794399 -c--a-w- c:\windows\system32\dllcache\usr1806v.sys
2013-02-25 13:49 . 2001-08-17 20:28 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys
2013-02-25 13:48 . 2001-08-17 20:28 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys
2013-02-25 13:48 . 2008-04-13 10:46 121984 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys
2013-02-25 13:48 . 2008-04-13 10:45 20608 -c--a-w- c:\windows\system32\dllcache\usbuhci.sys
2013-02-25 13:48 . 2008-04-13 10:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2013-02-25 13:48 . 2008-04-13 10:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2013-02-25 13:48 . 2008-04-13 10:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2013-02-25 13:48 . 2008-04-13 10:56 12800 -c--a-w- c:\windows\system32\dllcache\usb8023x.sys
2013-02-25 13:48 . 2008-04-13 17:48 32384 -c--a-w- c:\windows\system32\dllcache\usb101et.sys
2013-02-25 13:48 . 2001-08-30 22:08 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2013-02-25 13:48 . 2001-08-30 22:08 28672 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll
2013-02-25 13:48 . 2001-08-30 22:08 27136 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll
2013-02-25 13:48 . 2001-08-30 22:08 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
2013-02-25 13:47 . 2001-08-30 22:08 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll
2013-02-25 13:47 . 2001-08-17 20:58 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys
2013-02-25 13:47 . 2001-08-30 22:08 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll
2013-02-25 13:47 . 2001-08-30 22:08 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2013-02-25 13:47 . 2001-08-30 22:08 212480 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2013-02-25 13:47 . 2001-08-30 22:08 216576 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2013-02-25 13:46 . 2001-08-17 20:52 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2013-02-25 13:46 . 2008-04-13 10:36 44672 -c--a-w- c:\windows\system32\dllcache\uagp35.sys
2013-02-25 13:46 . 2001-08-17 20:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2013-02-25 13:46 . 2001-08-17 19:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2013-02-25 13:46 . 2001-08-30 22:08 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2013-02-25 13:46 . 2001-08-17 19:51 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
2013-02-25 13:45 . 2001-08-30 22:07 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
2013-02-25 13:45 . 2001-08-17 19:51 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2013-02-25 13:45 . 2001-08-30 22:07 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2013-02-25 13:45 . 2001-08-17 19:12 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
2013-02-25 13:45 . 2001-08-30 22:07 43008 -c--a-w- c:\windows\system32\dllcache\tp4res.dll
2013-02-25 13:45 . 2008-04-13 18:14 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe
2013-02-25 13:45 . 2001-08-30 22:08 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll
2013-02-25 13:44 . 2001-08-30 19:10 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 09:48 . 2012-09-09 17:39 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 09:48 . 2012-09-09 17:39 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-11 15:21 . 2012-09-09 20:24 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-11 15:21 . 2012-09-09 20:24 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-24 18:20 . 2013-01-25 11:35 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-01-31 12:53 . 2013-01-31 14:16 55416 ----a-w- c:\windows\system32\drivers\psmounterex.sys
2013-01-26 03:55 . 2008-04-14 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-16 08:41 . 2013-01-16 08:41 5248 ----a-w- c:\windows\system32\giveio.sys
2013-01-07 07:24 . 2008-04-13 18:55 2073472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-07 07:24 . 2008-04-14 12:00 2196736 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 10:09 . 2008-04-14 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2008-04-14 12:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2008-04-14 12:00 1297408 ----a-w- c:\windows\system32\quartz.dll
2012-12-26 20:04 . 2009-07-18 20:46 920064 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:04 . 2009-07-18 20:45 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-12-26 20:04 . 2009-07-18 20:45 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-12-24 07:02 . 2009-07-18 20:45 385024 ----a-w- c:\windows\system32\html.iec
2013-03-10 16:39 . 2013-03-10 16:39 263064 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-06 22:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
2012-10-05 18:54 188416 --sha-r- c:\windows\system32\winDCE32.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-18 . 0CF0382F318E5349DC94DB9120D34A6D . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^RAMASST.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\RAMASST.lnk
backup=c:\windows\pss\RAMASST.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2013-02-19 09:53 162856 ----a-w- c:\programmi\PDF24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2012-11-06 10:20 2383160 ----a-w- c:\programmi\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
2005-04-12 09:14 65536 ----a-w- c:\programmi\Toshiba\TOSCDSPD\TOSCDSPD.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Opera\\opera.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitdm.exe"=
"c:\\Programmi\\Orbitdownloader\\orbitnet.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\XBMC\\XBMC.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Gruppi peer-to-peer Windows
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [28/02/2013 19.47.16 16504]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\programmi\HWiNFO32\HWiNFO32.SYS [27/08/2012 20.38.40 21624]
R2 Iprip;Listener RIP;c:\windows\System32\svchost.exe -k netsvcs [14/04/2008 13.00.00 14336]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [18/11/2012 8.50.11 211200]
S2 SkypeUpdate;Skype Updater;c:\programmi\Skype\Updater\Updater.exe [08/01/2013 12.55.20 161536]
S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [21/08/2012 3.33.20 53952]
S3 PSMounterEx;Macrium Reflect Image Explorer Driver;c:\windows\system32\drivers\psmounterex.sys [31/01/2013 15.16.34 55416]
S3 PSVolAcc;PSVolAcc;c:\windows\system32\drivers\PSVolAcc.sys [28/02/2013 19.47.16 13432]
S3 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\programmi\mac\ReflectService.exe [09/11/2011 0.42.42 224920]
S4 NAUpdate;@c:\programmi\Nero\Update\NASvc.exe,-200;c:\programmi\Nero\Update\NASvc.exe [25/03/2010 14.39.22 490280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ   p2psvc p2pimsvc p2pgasvc PNRPSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-13 08:59 1629648 ----a-w- c:\programmi\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-03-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-09 09:48]
.
2013-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2012-12-15 09:49]
.
2013-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2012-12-15 09:49]
.
.
------- Scansione supplementare -------
.
TCP: DhcpNameServer = 212.216.112.112 212.216.112.112
FF - ProfilePath - c:\documents and settings\Ghera\Dati applicazioni\Mozilla\Firefox\Profiles\jm0cjj7z.default\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKLM-Run-Fax Machine - (no file)
SafeBoot-sglfb.sys
SafeBoot-tga.sys
MSConfigStartUp-Google Update - c:\documents and settings\Ghera\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
.
.
.
**************************************************************************
.
disk not found C:\
.
please note that you need administrator rights to perform deep scan
scansione processi nascosti ... 
.
scansione entrate autostart nascoste ... 
.
Scansione files nascosti ... 
.
Scansione completata con successo
Files nascosti: 
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"v5Setup"="07-QG1Z-HCUU-12FT-ECCU-M45T-K5WAE9H"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(388)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2013-03-20  09:54:38
ComboFix-quarantined-files.txt  2013-03-20 08:54
.
Pre-Run: 25.395.347.456 byte disponibili
Post-Run: 25.783.762.944 byte disponibili
.
- - End Of File - - 2A6FB24003398EA8700D7DBC468C1ACB


#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:36 PM

Posted 20 March 2013 - 08:18 PM

Sometimes the MBR scan causes Combofix to hang, the script above stopped it running that scan.

Problem solved then?
Posted Image
m0le is a proud member of UNITE

#10 501824678

501824678
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 21 March 2013 - 03:59 AM

Yes, problem solved. thanks a lot



#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:36 PM

Posted 21 March 2013 - 08:00 PM

No problem :)
Posted Image
m0le is a proud member of UNITE

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:02:36 PM

Posted 27 March 2013 - 08:57 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users