Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Tutorial ComboFix

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Tutorial ComboFix

Unread postby nire » October 14th, 2010, 2:42 pm

Ciao!!!
Non so se posso usare questo forum, ma ho usato il programma ComboFix per scansionare il mio pc e su un sito mi hanno detto poi di far analizzare il file di log su questo forum....
Mi potete aiurare?
GRAZIE

ComboFix 10-10-12.03 - Irene 14/10/2010 20.01.19.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.511.286 [GMT 2:00]
Eseguito da: c:\documents and settings\Irene\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-14EF-9D7C08000A00}
FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Irene\Dati applicazioni\Desktopicon
c:\documents and settings\Irene\Dati applicazioni\Desktopicon\eBay.ico
c:\documents and settings\Irene\Dati applicazioni\Desktopicon\uninst.exe
c:\documents and settings\Irene\Dati applicazioni\download2
c:\documents and settings\Irene\Dati applicazioni\download2\svcnost.exe
c:\documents and settings\Irene\Dati applicazioni\hotfix.exe
c:\documents and settings\Irene\Preferiti\Videos.url

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS
-------\Service_SSHNAS


((((((((((((((((((((((((( Files Creati Da 2010-09-14 al 2010-10-14 )))))))))))))))))))))))))))))))))))
.

2010-10-13 22:49 . 2010-10-14 18:00 197 ----a-w- c:\documents and settings\Irene\Dati applicazioni\jsfhjjsd.bat
2010-10-13 22:42 . 2010-10-13 22:42 -------- d-----r- c:\documents and settings\LocalService\Preferiti
2010-10-13 22:41 . 2010-10-13 22:41 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-10-13 18:04 . 2001-08-30 21:07 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-10-13 18:04 . 2004-08-19 13:39 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-10-13 18:04 . 2004-08-03 20:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-10-13 18:04 . 2004-08-03 20:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-10-10 12:30 . 2010-10-10 12:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AVS4YOU
2010-10-10 12:30 . 2010-10-10 12:30 -------- d-----w- c:\documents and settings\Irene\Dati applicazioni\AVS4YOU
2010-10-10 12:29 . 2010-06-30 14:33 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-10-10 12:29 . 2010-06-30 14:33 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-10-10 12:29 . 2010-10-10 13:00 -------- d-----w- c:\programmi\File comuni\AVSMedia
2010-10-10 12:29 . 2010-10-10 13:00 -------- d-----w- c:\programmi\AVS4YOU
2010-09-30 23:04 . 2010-09-30 23:04 -------- d-----w- c:\programmi\iPod
2010-09-30 23:00 . 2010-09-30 23:00 -------- d-----w- c:\programmi\Bonjour
2010-09-15 22:18 . 2010-09-30 23:05 -------- d-----w- c:\programmi\iTunes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Skype"="c:\programmi\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-30 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-23 335872]
"SoundMAXPnP"="c:\programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1368064]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"Adobe Photo Downloader"="c:\programmi\Adobe\Adobe Photoshop Lightroom\apdproxy.exe" [2007-02-06 61440]
"Motive SmartBridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"AppleSyncNotifier"="c:\programmi\File comuni\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2010-09-24 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-30 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2010-5-3 217088]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-02-06 14:30 61440 ----a-r- c:\programmi\Adobe\Adobe Photoshop Lightroom\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 00:10 421160 ----a-w- c:\programmi\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2007-05-17 21:45 279912 ----a-w- c:\programmi\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17 421888 ----a-w- c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 03:23 149280 ----a-w- c:\programmi\Java\jre6\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Programmi\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6367:UDP"= 6367:UDP:UDP
"6514:UDP"= 6514:UDP:eDK
"16514:TCP"= 16514:TCP:TCP

R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [03/05/2010 20.21.00 8192]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\programmi\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe --> c:\programmi\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [?]
.
Contenuto della cartella 'Scheduled Tasks'

2010-10-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Irene\Dati applicazioni\Mozilla\Firefox\Profiles\n1ve05zh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\programmi\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Irene\Dati applicazioni\Facebook\npfbplugin_1_0_3.dll

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-download - c:\documents and settings\Irene\Dati applicazioni\download2\svcnost.exe
MSConfigStartUp-AppleSyncNotifier - c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-maigq - c:\documents and settings\irene\impostazioni locali\dati applicazioni\maigq.exe
AddRemove-eBay Icon - c:\documents and settings\Irene\Dati applicazioni\Desktopicon\uninst.exe



[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vsdatant]
"ImagePath"=""
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2552)
c:\progra~1\ALICET~1\SMARTB~1\SBHook.dll
c:\windows\system32\SSSensor.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programmi\Sygate\SPF\smc.exe
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Microsoft LifeCam\MSCamS32.exe
c:\programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
c:\programmi\CDBurnerXP\NMSAccessU.exe
c:\programmi\Analog Devices\SoundMAX\SMAgent.exe
c:\programmi\RealVNC\VNC4\WinVNC4.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
c:\programmi\Skype\Phone\Skype.exe
c:\programmi\Alice ti aiuta\bin\mpbtn.exe
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\PC Connectivity Solution\ServiceLayer.exe
c:\programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\programmi\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Ora fine scansione: 2010-10-14 20:17:42 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-10-14 18:17

Pre-Run: 17.431.412.736 byte disponibili
Post-Run: 18.062.053.376 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=signature(49e149e0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
signature(49e149e0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 376A4FABE4A23FE830FDA187ADF1CF79
nire
Active Member
 
Posts: 1
Joined: October 14th, 2010, 2:34 pm
Advertisement
Register to Remove

Re: Tutorial ComboFix

Unread postby NonSuch » October 14th, 2010, 3:39 pm

We are sorry but this is an English language forum and we do not have the resources to support other languages. However, we can suggest the following forums where you can find support:

http://www.tomshw.it/forum/sicurezza/

http://forum.swzone.it/forumdisplay.php?f=28

Best of luck to you.

This topic is now closed.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 21 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware