Jump to content

Recommended Posts

Hi,

 

last week I run the Malwarebytes program and I saw that the computer try to contact automatically a site in the USA

A deep scan with Avast antivirus give me the information that a Solimba-D are found in the sistem.

 

I run the ComboFix program and the follow is the log.

Have I a virus or a some othe malware in my system?

 

Thank you for the attention

Regards

Giuseppe Ziggiotto

 

ComboFix 14-01-04.03 - giuseppe 07/01/2014   8.03.20.2.1 - x86
Eseguito da: c:\documents and settings\giuseppe\Desktop\Nuova cartella\Pippo.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\TEMP
c:\documents and settings\giuseppe\Impostazioni locali\Dati applicazioni\assembly\tmp
c:\documents and settings\giuseppe\WINDOWS
c:\windows\IsUn0407.exe
c:\windows\IsUn0410.exe
c:\windows\system32\SETA.tmp
c:\windows\system32\UNWISE.EXE
.
.
(((((((((((((((((((((((((   Files Creati Da 2013-12-07 al 2014-01-07  )))))))))))))))))))))))))))))))))))
.
.
2014-01-03 12:30 . 2014-01-03 12:30    --------    d-sh--w-    c:\windows\system32\config\systemprofile\IETldCache
2014-01-03 10:24 . 2014-01-03 10:24    --------    d-----w-    c:\programmi\Malwarebytes' Anti-Malware
2014-01-03 10:24 . 2013-04-04 13:50    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-01-03 10:21 . 2014-01-03 10:21    --------    d-----w-    c:\windows\ERUNT
2014-01-03 09:51 . 2014-01-03 09:51    --------    d-----w-    c:\programmi\Enigma Software Group
2014-01-03 09:50 . 2014-01-03 10:53    --------    d-----w-    c:\windows\220FB0354744483A9A0B41DF77061583.TMP
2014-01-03 09:50 . 2014-01-03 09:50    --------    d-----w-    c:\programmi\File comuni\Wise Installation Wizard
2014-01-03 09:23 . 2014-01-03 09:31    --------    d-----w-    c:\documents and settings\giuseppe\Dati applicazioni\eCyber
2014-01-03 09:21 . 2014-01-07 07:00    --------    d-----w-    c:\programmi\iSafe
2014-01-03 09:21 . 2014-01-07 06:54    --------    d-----w-    c:\documents and settings\giuseppe\Dati applicazioni\iSafe
2014-01-03 09:07 . 2014-01-03 09:11    --------    d-----w-    C:\AdwCleaner
2014-01-02 08:20 . 2014-01-02 08:20    3041792    ----a-w-    c:\programmi\GS.Enabler
2014-01-02 08:20 . 2014-01-02 08:20    146768    ----a-w-    c:\programmi\GSSvc.dll
2014-01-02 08:18 . 2014-01-02 08:18    --------    d-----w-    c:\documents and settings\All Users\Dati applicazioni\InstallMate
2013-12-17 07:15 . 2013-12-17 07:15    --------    d-----w-    c:\documents and settings\giuseppe\Dati applicazioni\Scilab
2013-12-17 07:12 . 2013-12-17 07:15    --------    d-----w-    c:\programmi\scilab-5.4.1
2013-12-11 08:06 . 2013-12-11 09:07    --------    d-----w-    c:\programmi\Mozilla Thunderbird
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 08:44 . 2012-04-06 06:10    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-12-11 08:44 . 2011-05-25 05:51    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-03 15:37 . 2008-10-29 08:13    1422944    ----a-w-    c:\documents and settings\All Users\Dati applicazioni\Microsoft\VisualStudio\9.0\1040\ResourceCache.dll
2013-12-03 14:53 . 2008-10-29 08:13    18464    -c--a-w-    c:\documents and settings\All Users\Dati applicazioni\Microsoft\VSA\9.0\1040\ResourceCache.dll
2013-11-30 09:58 . 2013-03-14 14:29    178304    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-11-30 09:58 . 2013-03-14 14:29    70384    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-11-30 09:58 . 2013-03-14 14:29    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-11-30 09:58 . 2011-03-14 08:23    774392    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-11-30 09:58 . 2010-01-28 09:06    54832    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2013-11-30 09:58 . 2010-01-28 09:06    57672    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-11-30 09:58 . 2010-01-28 09:06    403440    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2013-11-30 09:58 . 2010-01-28 09:06    35656    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-11-30 09:58 . 2011-03-14 08:22    43152    ----a-w-    c:\windows\avastSS.scr
2013-11-30 09:58 . 2010-01-28 09:06    269216    ----a-w-    c:\windows\system32\aswBoot.exe
2013-11-30 09:57 . 2012-04-11 13:31    26136    ----a-w-    c:\windows\system32\drivers\aswKbd.sys
2013-11-13 02:59 . 2007-08-02 12:00    150528    ------w-    c:\windows\system32\imagehlp.dll
2013-11-11 16:04 . 2013-11-11 16:04    64512    ----a-w-    c:\windows\system32\richtx32.oca
2013-11-11 16:04 . 2013-11-11 16:04    53248    ----a-w-    c:\windows\system32\COMCT232.oca
2013-11-11 16:04 . 2013-11-11 16:04    241152    ----a-w-    c:\windows\system32\COMCTL32.oca
2013-11-11 16:04 . 2013-11-11 16:04    36352    ----a-w-    c:\windows\system32\COMDLG32.oca
2013-11-11 16:04 . 2013-11-11 16:04    25600    ----a-w-    c:\windows\system32\MSCOMM32.oca
2013-11-07 05:38 . 2007-08-02 12:00    591360    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-11-06 01:36 . 2008-05-05 05:25    7680    ----a-w-    c:\windows\system32\xpsp4res.dll
2013-10-30 02:52 . 2007-08-02 12:00    1879040    ------w-    c:\windows\system32\win32k.sys
2013-10-29 07:57 . 2007-08-02 12:00    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-10-29 07:57 . 2007-08-02 12:00    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-10-29 07:57 . 2007-08-02 12:00    18944    ----a-w-    c:\windows\system32\corpol.dll
2013-10-29 07:57 . 2007-08-02 12:00    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-10-29 00:45 . 2007-08-02 12:00    385024    ----a-w-    c:\windows\system32\html.iec
2013-10-23 23:45 . 2007-08-02 12:00    172032    ----a-w-    c:\windows\system32\scrrun.dll
2013-10-12 15:56 . 2007-08-02 12:00    279552    ----a-w-    c:\windows\system32\oakley.dll
2013-10-09 13:12 . 2007-08-02 12:00    287744    ----a-w-    c:\windows\system32\gdi32.dll
2012-07-19 09:21 . 2012-07-19 09:21    431888    ----a-r-    c:\programmi\File comuni\riched20.dll
2009-10-19 17:59 . 2013-12-20 14:28    47104    ----a-w-    c:\programmi\mozilla firefox\components\FFComm.dll
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2013-12-27 15:15    752448    ----a-w-    c:\programmi\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{10921475-03CE-4E04-90CE-E2E7EF20C814}"= "c:\programmi\IObit\IObit Uninstaller\UninstallExplorer32.dll" [2013-12-27 752448]
.
[HKEY_CLASSES_ROOT\clsid\{10921475-03ce-4e04-90ce-e2e7ef20c814}]
[HKEY_CLASSES_ROOT\UninstallExplorer32.ExplorerBtn]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-30 09:58    321752    ----a-w-    c:\programmi\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20    64792    ----a-w-    c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20    64792    ----a-w-    c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20    64792    ----a-w-    c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20    64792    ----a-w-    c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20    64792    ----a-w-    c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20    64792    ----a-w-    c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20    64792    ----a-w-    c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20    64792    ----a-w-    c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20    64792    ----a-w-    c:\programmi\File comuni\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\documents and settings\giuseppe\Dati applicazioni\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\documents and settings\giuseppe\Dati applicazioni\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\documents and settings\giuseppe\Dati applicazioni\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\documents and settings\giuseppe\Dati applicazioni\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="c:\programmi\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S7UB Start"="c:\programmi\File comuni\Siemens\S7ubtoox\s7ubtstx.exe" [2009-03-09 102453]
"VirtualCloneDrive"="c:\programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-03-20 198160]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SoundMan"="SOUNDMAN.EXE" [2002-02-05 46592]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-03 98304]
"APSDaemon"="c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2013-07-02 254336]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2013-11-01 152392]
"AvastUI.exe"="c:\programmi\AVAST Software\Avast\AvastUI.exe" [2013-11-30 3568312]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\giuseppe\Menu Avvio\Programmi\Esecuzione automatica\
Dropbox.lnk - c:\documents and settings\giuseppe\Dati applicazioni\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1255453234-431326629-4036974792-1014\Scripts\Logon\0\0]
"Script"=logon.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\File comuni\\Siemens\\SQLANY\\dbsrv9.exe"=
"c:\\CCStudio_v3.3\\cc\\bin\\TraceCntrl.exe"=
"c:\\CCStudio_v3.3\\cc\\bin\\cc_app.exe"=
"c:\\CCStudio_v3.3\\cc\\bin\\TraceServer.exe"=
"c:\\CCStudio_v3.3\\cc\\bin\\TraceCompMgr.exe"=
"c:\\OrCAD\\OrCAD_15.7\\updates.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\bin\\cdsdoc.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\bin\\cdsinfo.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\bin\\cdsmps.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\bin\\cdsMsgServer.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\bin\\cdsNameServer.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\bin\\cdsOaPathUtil.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\bin\\cdsRemshClient.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\bin\\cdsRunHidden.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\bin\\cdsUnzip.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\bin\\cdswhich.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\bin\\cdsZip.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\bin\\cds_root.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\bin\\clsAdminTool.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\bin\\clsbd.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\bin\\clu.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\bin\\dregprint.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\bin\\emsMkError.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\bin\\mpsinfo.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\bin\\msgHelp.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\bin\\nmp.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\bin\\nmppath.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\bin\\obServer.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\bin\\switchversion.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\bin\\van.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\bin\\versionviewer.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\capture\\capture.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\capture\\comp16.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\capture\\pcadi.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\capture\\pspiceexplorersrvr.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\capture\\pstswp.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\capture\\regsvr32.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\capture\\sch2cap.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\capture\\SETBROWS.EXE"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\cdsdoc\\bin\\cdsdocIndexer.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\cdsdoc\\bin\\obServer.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\fet\\bin\\mkdefcfg.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\fet\\bin\\versiontool.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\jre\\bin\\java.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\jre\\bin\\javaw.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\jre\\bin\\jpicpl32.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\jre\\bin\\jucheck.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\jre\\bin\\jusched.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\jre\\bin\\keytool.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\jre\\bin\\kinit.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\jre\\bin\\klist.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\jre\\bin\\ktab.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\jre\\bin\\orbd.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\jre\\bin\\policytool.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\jre\\bin\\rmid.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\jre\\bin\\rmiregistry.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\jre\\bin\\servertool.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\jre\\bin\\tnameserv.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\jre\\javaws\\javaws.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\pspice\\pspiceexplorersrvr.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\verity\\bin\\cdsdocIndexer.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\verity\\_nti40\\bin\\merge.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\verity\\_nti40\\bin\\mkvdk.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\verity\\_nti40\\bin\\search.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\verity\\_nti40\\bin\\setup.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\verity\\_nti40\\bin\\v_uninst.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\verity\\_nti40\\filters\\callback.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\verity\\_nti40\\filters\\filter.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\verity\\_nti40\\filters\\htmlini.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\verity\\_nti40\\filters\\htmserv.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\verity\\_nti40\\filters\\index.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\verity\\_nti40\\filters\\jstree.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\verity\\_nti40\\filters\\jvtree.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\verity\\_nti40\\filters\\kvoop.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\verity\\_nti40\\filters\\regsvr32.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\verity\\_nti40\\filters\\summary.exe"=
"c:\\OrCAD\\OrCAD_15.7\\tools\\verity\\_nti40\\filters\\viewers\\amovie.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [14/03/2013 15.29.28 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [14/03/2013 15.29.29 178304]
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [02/10/2010 7.54.33 26248]
R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [02/10/2010 7.54.45 20616]
R0 WinRoute;WinRoute;\SystemRoot\\SystemRoot\system32\drivers\winroute.sys --> \SystemRoot\\SystemRoot\system32\drivers\winroute.sys [?]
R1 actelsvc;actelsvc;c:\windows\system32\drivers\actelsvc.sys [25/02/2013 10.11.07 5120]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [11/04/2012 14.31.23 26136]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [14/03/2011 9.23.26 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28/01/2010 10.06.36 403440]
R1 iSafeNetFilter;iSafeNetFilter;\??\c:\programmi\iSafe\iSafeNetFilter.sys --> c:\programmi\iSafe\iSafeNetFilter.sys [?]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\programmi\IObit\Advanced SystemCare 7\ASCService.exe [05/11/2013 8.16.21 881440]
R2 almservice;Automation License Manager Service;c:\programmi\File comuni\Siemens\SWS\almsrv\almsrvx.exe [22/01/2009 1.19.02 1200128]
R2 altio;altio;c:\programmi\Altium Designer Summer 09\System\Drivers\altio.sys [31/05/2004 15.20.04 3200]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28/01/2010 10.06.36 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [14/03/2013 15.29.28 70384]
R2 Cadence License Manager;Cadence License Manager;c:\orcad\license_manager\lmgrd.exe [03/06/2008 7.40.03 1294336]
R2 cypjam;CypJam;c:\windows\system32\drivers\cypjam.sys [18/02/2011 10.27.33 10148]
R2 dpmconv;dpmconv;c:\windows\system32\drivers\dpmconv.sys [16/04/2009 12.39.52 266752]
R2 Dpmtrcdd;Dpmtrcdd;c:\windows\system32\drivers\dpmtrcdd.sys [16/04/2009 12.42.12 28363]
R2 DriverX;DriverX;c:\windows\system32\drivers\DRIVERX.SYS [20/05/2009 17.51.26 234140]
R2 drpkiont;drpkiont;c:\windows\system32\drpkiont.sys [22/10/2004 5.57.40 3968]
R2 KvEnumSrv;Kvaser Network Enumerator Service;c:\programmi\Kvaser\Drivers\KvEnumSrv.exe [20/05/2013 20.13.16 176688]
R2 MBAMScheduler;MBAMScheduler;c:\programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe [03/01/2014 11.24.28 418376]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [07/03/2011 9.46.36 35088]
R2 PEDRV;P&E Microcomputer System PCI Driver.;c:\windows\system32\drivers\pedrv.sys [16/10/2009 22.28.12 28080]
R2 s7asysvx;S7 Global Services;c:\programmi\Siemens\Step7\S7BIN\s7asysvx.exe [09/03/2009 23.46.28 69685]
R2 S7ODPX2X;SIMATIC MPI/PROFIBUS DPX2 Driver;c:\windows\system32\drivers\s7odpx2x.sys [27/03/2009 10.23.04 77312]
R2 s7oiehsx;SIMATIC IEPG Help Service;c:\programmi\File comuni\Siemens\S7IEPG\s7oiehsx.exe [27/03/2009 10.38.54 1576008]
R2 S7opcsrtx;PROFINET IO RT-Protocol (LLDP);c:\windows\system32\drivers\s7opcsrtx.sys [27/03/2009 10.24.02 31232]
R2 s7snsrtx;PROFINET IO RT-Protocol;c:\windows\system32\drivers\s7snsrtx.sys [24/02/2009 17.39.58 73088]
R2 S7TraceServiceX;S7TraceServiceX;c:\programmi\File comuni\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe [27/03/2009 10.38.56 240712]
R2 sdiont;sdiont;c:\windows\system32\drivers\Sdiont.sys [24/05/1999 18.25.18 4576]
R2 TeamViewer8;TeamViewer 8;c:\programmi\TeamViewer\Version8\TeamViewer_Service.exe [07/02/2013 14.33.23 5087584]
R2 TomTomHOMEService;TomTomHOMEService;c:\programmi\TomTom HOME 2\TomTomHOMEService.exe [27/08/2009 16.05.04 92008]
R2 vcanv;Virtual CAN Bus Driver;c:\windows\system32\drivers\vcanv.sys [23/10/2003 11.37.34 32912]
R2 VICHW11;P&E BDM Cable Driver II;c:\windows\system32\drivers\vichw11.sys [16/10/2009 22.28.22 9984]
R2 vsnl2ada;SIMATIC MPI/PROFIBUS FDL Transport Driver;c:\windows\system32\drivers\vsnl2ada.sys [03/02/2009 18.43.40 115654]
R2 xdsfast1;XDSFast1_ISA_Bus_Driver;c:\windows\system32\xdsfast1.sys [22/10/2004 5.57.40 6112]
R3 AlertDrv;AlertDrv;c:\windows\system32\drivers\alertdrv.sys [21/04/2011 7.18.09 4211]
R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [02/10/2010 7.54.30 122504]
R3 kcanv;Kvaser Virtual CAN Driver;c:\windows\system32\drivers\kcanv.sys [09/09/2013 7.49.30 54064]
R3 kvnetenum;Kvaser Network Enumerator;c:\windows\system32\drivers\kvnetenum.sys [09/09/2013 7.49.31 27344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [03/01/2014 11.24.26 22856]
R3 NmPar;Unusable Parallel Port;c:\windows\system32\drivers\NmPar.sys [09/04/2008 8.28.44 80512]
R3 nmserial;PCI Serial Port;c:\windows\system32\drivers\NmSerial.sys [04/04/2008 6.30.00 70016]
R3 sdusb2em;SD USB Emulator (sdusb2em.sys);c:\windows\system32\drivers\sdusb2em.sys [17/05/2004 8.19.08 29568]
S2 0b39367f;GS.Supporter;c:\windows\system32\rundll32.exe [02/08/2007 13.00.00 33280]
S2 DXPNetworkSecurityService;Altium Designer Private License Server;c:\programmi\Altium Designer\DXPSecurityService.exe [28/07/2009 13.45.46 5709824]
S2 flagyuwr;Network Config;c:\windows\system32\svchost.exe -k netsvcs [02/08/2007 13.00.00 14336]
S2 FP3BLOADER;Actel FlashPro3 Firmware Loader;c:\windows\system32\DRIVERS\fp3bload.sys --> c:\windows\system32\DRIVERS\fp3bload.sys [?]
S2 kaawpyyf;Task Helper;c:\windows\system32\svchost.exe -k netsvcs [02/08/2007 13.00.00 14336]
S2 LiveUpdateSvc;LiveUpdate;c:\programmi\IObit\LiveUpdate\LiveUpdate.exe [05/11/2013 8.16.57 2151200]
S2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [03/01/2014 11.24.28 701512]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe [09/10/2013 10.58.16 3275136]
S2 SkypeUpdate;Skype Updater;c:\programmi\Skype\Updater\Updater.exe [23/10/2013 8.15.08 172192]
S2 WinRServ;Softex WinRoute Service;c:\programmi\Softex\Winroute\WinRServ.exe [02/06/2008 10.34.13 63920]
S2 wxcksov;System Boot;c:\windows\system32\svchost.exe -k netsvcs [02/08/2007 13.00.00 14336]
S3 CyUsb;Cypress Generic USB Driver;c:\windows\system32\DRIVERS\CyUsb.sys --> c:\windows\system32\DRIVERS\CyUsb.sys [?]
S3 E1USB;Renesas E-Series USB Driver;c:\windows\system32\drivers\E1usb.sys [02/06/2008 16.28.37 46976]
S3 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [02/10/2010 7.54.33 14216]
S3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [26/07/2005 13.42.00 43968]
S3 kcanl;Kvaser Leaf Family Driver;c:\windows\system32\drivers\kcanl.sys [09/09/2013 7.49.29 233488]
S3 libusb0;LibUsb-Win32 - Kernel Driver v1.2.2.0;c:\windows\system32\drivers\libusb0.sys [23/11/2012 13.02.49 35008]
S3 lowcdc;Low-Speed CDC Transfer Interface;c:\windows\system32\drivers\lowcdc.sys [20/08/2012 15.43.04 6528]
S3 netSTICK_com;netSTICK_com;c:\windows\system32\drivers\netStick_com.sys [24/10/2011 10.52.10 61067]
S3 netSTICK_usb;netSTICK_usb;c:\windows\system32\drivers\netStick_usb.sys [24/10/2011 10.48.39 47249]
S3 PortTalk;PortTalk;c:\windows\system32\Drivers\PortTalk.sys --> c:\windows\system32\Drivers\PortTalk.sys [?]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [06/05/2011 12.51.34 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [06/05/2011 12.51.26 11104]
S3 s7oefs_x;SIMATIC MPI/EFS Driver;c:\windows\system32\drivers\s7oefs_x.sys [18/10/2002 1.34.14 30512]
S3 S7opciax;S7opciax;c:\windows\system32\drivers\S7opciax.sys [18/12/2003 14.18.24 215112]
S3 s7oupc2x;SIMATIC PC Adapter USB Driver;c:\windows\system32\drivers\s7oupc2x.sys [29/08/2007 18.24.06 12333]
S3 sdusbemu;SD USB Emulator (sdusbemu.sys);c:\windows\system32\drivers\sdusbemu.sys [02/06/2008 17.56.11 19843]
S3 umpusbvista;Texas Instruments USB Serial Driver;c:\windows\system32\drivers\umpusbvista.sys [20/05/2009 17.49.57 47744]
S3 vcanx;vcanx;c:\windows\system32\drivers\vcanx.sys [16/10/2009 7.56.20 134272]
S3 XDS560;Texas Instruments XDS560 Device Driver;c:\windows\system32\drivers\xds560.sys [22/10/2004 5.58.48 28296]
S3 XilinxFirmwareLoader;XilinxFirmwareLoader;c:\windows\system32\drivers\xusbdfwu.sys [10/06/2009 14.05.27 17280]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
kaawpyyf
wxcksov
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-01-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 08:44]
.
2013-12-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2014-01-07 c:\windows\Tasks\avast! Emergency Update.job
- c:\programmi\AVAST Software\Avast\AvastEmUpdate.exe [2012-09-12 09:58]
.
.
------- Scansione supplementare -------
.


uInternet Settings,ProxyServer = 192.168.10.13:8080
uInternet Settings,ProxyOverride = 192.168.*;<local>;*.local
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.10.100


FF - ProfilePath - c:\documents and settings\giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\w4ar6s00.default\
FF - prefs.js: browser.startup.homepage - www.google.it
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 192.168.10.13
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-12-03 09:13; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\programmi\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-12-27 17:15; ascsurfingprotection@iobit.com; c:\documents and settings\giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\w4ar6s00.default\extensions\ascsurfingprotection@iobit.com
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-DeinstKey - c:\programmi\Cypress\ISR Programming Software\Uninst.isu
AddRemove-GSD Editor 5.0 - c:\windows\IsUn0407.exe
AddRemove-HASP Device Drivers - c:\windows\system32\UNWISE.EXE
AddRemove-S-1992458010 - c:\documents and settings\all users\dati applicazioni\quickset\gs.enabler\gs.enabler.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-07 08:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
.
C:\avast! sandbox
.
Scansione completata con successo
Files nascosti: 1
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(872)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Ora fine scansione: 2014-01-07  08:31:32
ComboFix-quarantined-files.txt  2014-01-07 07:31
.
Pre-Run: 64.024.899.584 byte disponibili
Post-Run: 64.435.179.520 byte disponibili
.
- - End Of File - - 36C16F29F6E453A599CAF2A05C4AE62F
828E02D5C4A4FBE53441EE9DBEE51F43
 

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Hello miaooaim

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.