Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

could you analyze my combofix log?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

could you analyze my combofix log?

Unread postby Albarba » December 15th, 2013, 7:38 am

It was several days that browser open site and windows frequently.

Now I deleted AVG and Firefox mozilla and run Combofix.
Thank you in advance for your help

This is log

ComboFix 13-12-13.01 - home 16/12/2013 12.22.04.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1013.440 [GMT 1:00]
Eseguito da: F:\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Creati Da 2013-11-16 al 2013-12-16 )))))))))))))))))))))))))))))))))))
.
.
2013-12-19 18:38 . 2013-12-19 18:38 -------- d-----r- c:\documents and settings\LocalService\Preferiti
2013-12-19 18:37 . 2013-12-19 18:37 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2013-12-17 12:19 . 2013-12-17 12:19 -------- d-----w- c:\documents and settings\home\Dati applicazioni\Canon
2013-12-17 12:11 . 2013-12-17 12:11 -------- d-----w- c:\documents and settings\home\Impostazioni locali\Dati applicazioni\CANON_INC
2013-12-17 12:03 . 2013-12-17 12:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ZoomBrowser
2013-12-17 12:02 . 2013-12-17 12:04 -------- d-----w- c:\programmi\Canon
2013-12-17 11:53 . 2013-12-17 11:53 -------- d-----w- c:\programmi\File comuni\Canon
2013-12-17 10:57 . 2001-08-30 22:07 5632 ----a-w- c:\windows\system32\ptpusb.dll
2013-12-17 10:57 . 2008-04-13 18:13 159232 ----a-w- c:\windows\system32\ptpusd.dll
2013-12-16 10:47 . 2013-12-16 10:47 -------- d-----w- c:\documents and settings\home\Impostazioni locali\Dati applicazioni\cache
2013-12-16 10:47 . 2013-12-16 11:12 -------- d-----w- c:\documents and settings\home\Impostazioni locali\Dati applicazioni\Mobogenie
2013-12-16 10:47 . 2013-12-16 10:47 -------- d-----w- C:\Users
2013-12-16 10:47 . 2013-12-16 10:47 -------- d-----w- c:\programmi\DivX
2013-12-16 10:46 . 2013-12-16 10:46 -------- d-----w- c:\documents and settings\home\Dati applicazioni\0D0S1L2Z1P1B0T1P1B2Z
2013-12-16 10:46 . 2013-12-16 10:46 -------- d-----w- c:\programmi\Lame For Audacity
2013-12-16 10:46 . 2013-12-16 10:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DivX
2013-12-16 10:46 . 2013-12-16 11:10 -------- d-----w- c:\programmi\Haali
2013-12-16 10:46 . 2013-12-16 11:08 -------- d-----w- c:\programmi\DSP-worx
2013-12-16 10:46 . 2013-12-16 10:46 -------- d-----w- c:\documents and settings\home\Dati applicazioni\LavFilters
2013-12-16 10:46 . 2013-12-16 10:46 -------- d-----w- c:\documents and settings\home\Dati applicazioni\CDXReader
2013-12-16 10:44 . 2013-12-16 11:16 -------- d-----w- c:\documents and settings\home\Dati applicazioni\mysearchdial
2013-11-17 15:30 . 2013-11-17 15:30 -------- d-----w- c:\programmi\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-08 10:10 . 2012-12-13 09:39 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2013-10-31 09:49 . 2012-12-16 17:46 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b5b901e2-6e04-4b31-bd54-3ffb8264dfda}"= "c:\programmi\MoreFunGames\prxtbMor0.dll" [2013-11-06 226592]
.
[HKEY_CLASSES_ROOT\clsid\{b5b901e2-6e04-4b31-bd54-3ffb8264dfda}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{b5b901e2-6e04-4b31-bd54-3ffb8264dfda}]
2013-11-06 11:59 226592 ----a-w- c:\programmi\MoreFunGames\prxtbMor0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b5b901e2-6e04-4b31-bd54-3ffb8264dfda}"= "c:\programmi\MoreFunGames\prxtbMor0.dll" [2013-11-06 226592]
.
[HKEY_CLASSES_ROOT\clsid\{b5b901e2-6e04-4b31-bd54-3ffb8264dfda}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B5B901E2-6E04-4B31-BD54-3FFB8264DFDA}"= "c:\programmi\MoreFunGames\prxtbMor0.dll" [2013-11-06 226592]
.
[HKEY_CLASSES_ROOT\clsid\{b5b901e2-6e04-4b31-bd54-3ffb8264dfda}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Del1445609"="del" [X]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\BitComet\\BitComet.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Gruppi peer-to-peer Windows
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"7736:TCP"= 7736:TCP:BitComet 7736 TCP
"7736:UDP"= 7736:UDP:BitComet 7736 UDP
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [15/10/2012 3.48.52 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21/09/2012 3.46.00 245048]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [21/09/2012 3.46.06 182072]
R2 AUS;Auto Update Service;c:\programmi\lsm\aus.exe [07/07/2013 18.11.40 287744]
R2 IduService;Intel(R) Desktop Utilities Service;c:\programmi\Intel\Intel Desktop Utilities\iduServ.exe [11/01/2010 0.05.10 131248]
R2 Iprip;Listener RIP;c:\windows\System32\svchost.exe -k netsvcs [14/04/2008 13.00.00 14336]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\programmi\RealNetworks\RealDownloader\rndlresolversvc.exe [29/11/2012 20.31.04 38608]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\programmi\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [05/01/2012 16.42.34 75624]
S2 Log S.M.;Log Session Manager;c:\programmi\lsm\LSM.exe [07/07/2013 18.11.40 425984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-12-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-16 09:49]
.
2013-12-16 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2000478354-1677128483-725345543-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2012-11-30 14:30]
.
2013-12-15 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2000478354-1677128483-725345543-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2012-11-30 14:30]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://start.mysearchdial.com/?f=1&a=ds ... 687782&ir=
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=ds ... 687782&ir=
IE: Aggiungi a PDF esistente - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Aggiungi destinazione link a PDF esistente - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti destinazione link in Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti in Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-16 12:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(4040)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2013-12-16 12:26:40
ComboFix-quarantined-files.txt 2013-12-16 11:26
ComboFix2.txt 2013-12-16 11:02
ComboFix3.txt 2013-11-24 10:31
ComboFix4.txt 2013-11-17 16:24
.
Pre-Run: 131.778.342.912 byte disponibili
Post-Run: 131.784.867.840 byte disponibili
.
- - End Of File - - 3D164ABD572368A187CFC0D1BE926189
828E02D5C4A4FBE53441EE9DBEE51F43
Albarba
Active Member
 
Posts: 1
Joined: December 15th, 2013, 7:27 am
Advertisement
Register to Remove

Re: could you analyze my combofix log?

Unread postby Cypher » December 15th, 2013, 9:04 am

ComboFix Log posted - no other log.

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.

ComboFix is not a tool that is intended to be used without the direct supervision of a qualified expert. To use ComboFix on your own, especially without the Recovery Console installed for XP or access to the Recovery Environment for Vista or Windows 7, is to court disaster for your computer. Please stop all attempts at self-fixes for your system's issues as that may only confuse the issue further and cause additional problems as well.

The instructions for running DDS found HERE, state how we need you to post the logs, so we can help you.
Please follow the instructions, start a new topic and post your logs, include your ComboFix log in the same post.


This topic is now closed
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 325 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware