This post is more than 5 years old
1 Message
0
6247
Need help with log of ComboFix
Some time ago, my pc started to show some bad signs, like programs closing by themselves, sound stopping to work, slow internet and videos freezing,I use ESET Nod32 antivirus 4 and it didnt find anything, i also used CCleaner and nothing changed, so i decided to use Combofix, I don't know how to interpret the log, if someone could do it for me, i would like to know if it did find something and if so, what should i do. Perhaps it's not a virus or spyware problem, so i need someone to analyze the log for me :)
Here is the log:
ComboFix 12-08-21.02 - Wilson 21/08/2012 19:43:04.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.55.1046.18.3327.2349 [GMT -3:00]
Executando de: C:\Users\Wilson\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
ADS - drivers: deleted 204 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
C:\ProgramData\Antes_e_Depois_da_Fama.html.exe
C:\ProgramData\autoconfig.log
C:\ProgramData\F0374A8BD7.sys
C:\ProgramData\FaveladoNaPraia.html.exe
C:\ProgramData\gbpsvs.dll
C:\programdata\Iexplorenet.exe
C:\ProgramData\ini.bat
C:\ProgramData\systoped.exe
(((((((((((((((( Arquivos/Ficheiros criados de 2012-07-21 to 2012-08-21 ))))))))))))))))))))))))))))
2012-08-21 22:47:37 . 2012-08-21 22:47:37 -------- d-----w- C:\Users\William\AppData\Local\temp
2012-08-21 22:47:37 . 2012-08-21 22:47:37 -------- d-----w- C:\Users\Public\AppData\Local\temp
2012-08-21 22:47:37 . 2012-08-21 22:47:37 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-08-21 15:17:03 . 2012-08-01 22:51:06 7023536 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{73215280-2AF3-417B-860B-2D30538C2F11}\mpengine.dll
2012-08-20 20:35:53 . 2012-08-20 20:44:32 -------- d-----w- C:\Program Files\Left4Dead
2012-08-20 00:40:40 . 2012-08-20 00:40:40 -------- d-----w- C:\Users\Wilson\AppData\Roaming\Malwarebytes
2012-08-20 00:40:33 . 2012-08-20 00:40:33 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-20 00:40:32 . 2012-08-20 00:40:35 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2012-08-20 00:40:32 . 2012-07-03 16:46:44 22344 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-08-16 15:45:38 . 2012-08-16 15:45:38 -------- d-----w- C:\Program Files\Dxtory Software
2012-08-16 15:45:38 . 2011-05-24 02:23:52 3166720 ----a-w- C:\Windows\system32\DxtoryCodec.dll
2012-08-16 15:40:53 . 2012-08-16 15:45:39 -------- d-----w- C:\Users\Wilson\AppData\Local\Dxtory Software
2012-08-16 15:15:01 . 2012-07-18 17:47:53 2345984 ----a-w- C:\Windows\system32\win32k.sys
2012-08-16 15:15:00 . 2012-07-04 21:14:34 41984 ----a-w- C:\Windows\system32\browcli.dll
2012-08-16 15:15:00 . 2012-07-04 21:14:34 102912 ----a-w- C:\Windows\system32\browser.dll
2012-08-16 15:14:58 . 2012-05-14 04:33:42 769024 ----a-w- C:\Windows\system32\localspl.dll
2012-08-12 18:30:19 . 2012-08-12 18:30:19 -------- d-----w- C:\Program Files\Tibia OTBR
2012-08-10 21:34:23 . 2012-08-10 21:34:23 -------- d-----w- C:\Program Files\Common Files\Skype
2012-08-06 21:44:36 . 2012-08-06 22:48:02 -------- d-----w- C:\Program Files\Eligium
2012-08-06 19:40:34 . 2012-08-06 19:40:34 -------- d-----w- C:\Users\Wilson\AppData\Local\IsolatedStorage
2012-08-06 19:40:34 . 2012-08-06 19:40:34 -------- d-----w- C:\temp
2012-08-06 19:40:31 . 2012-08-06 19:40:31 -------- d-----w- C:\Users\Wilson\AppData\Local\Level Up!
2012-08-06 19:40:31 . 2012-08-06 19:40:31 -------- d-----w- C:\ProgramData\levelup downloader
2012-08-01 15:48:16 . 2012-08-01 15:48:16 -------- d-----w- C:\Program Files\RTEQ
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
2012-08-15 15:33:07 . 2012-06-10 22:48:05 426184 ----a-w- C:\Windows\system32\FlashPlayerApp.exe
2012-08-15 15:33:07 . 2011-09-26 15:03:21 70344 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2012-06-06 23:59:42 . 2012-06-06 23:59:42 1070152 ----a-w- C:\Windows\system32\MSCOMCTL.OCX
2012-06-06 05:05:52 . 2012-07-11 16:07:44 1390080 ----a-w- C:\Windows\system32\msxml6.dll
2012-06-06 05:05:52 . 2012-07-11 16:07:44 1236992 ----a-w- C:\Windows\system32\msxml3.dll
2012-06-06 05:03:06 . 2012-07-11 16:07:55 805376 ----a-w- C:\Windows\system32\cdosys.dll
2012-06-02 22:19:33 . 2012-06-21 09:46:37 53784 ----a-w- C:\Windows\system32\wuauclt.exe
2012-06-02 22:19:33 . 2012-06-21 09:46:37 45080 ----a-w- C:\Windows\system32\wups2.dll
2012-06-02 22:19:32 . 2012-06-21 09:46:27 35864 ----a-w- C:\Windows\system32\wups.dll
2012-06-02 22:19:23 . 2012-06-21 09:46:27 577048 ----a-w- C:\Windows\system32\wuapi.dll
2012-06-02 22:19:17 . 2012-06-21 09:46:37 1933848 ----a-w- C:\Windows\system32\wuaueng.dll
2012-06-02 22:12:32 . 2012-06-21 09:46:37 2422272 ----a-w- C:\Windows\system32\wucltux.dll
2012-06-02 22:12:13 . 2012-06-21 09:46:27 88576 ----a-w- C:\Windows\system32\wudriver.dll
2012-06-02 18:19:42 . 2012-06-21 09:46:03 171904 ----a-w- C:\Windows\system32\wuwebv.dll
2012-06-02 18:12:20 . 2012-06-21 09:46:03 33792 ----a-w- C:\Windows\system32\wuapp.exe
2012-06-02 04:45:04 . 2012-07-11 16:07:38 67440 ----a-w- C:\Windows\system32\drivers\ksecdd.sys
2012-06-02 04:45:03 . 2012-07-11 16:07:39 134000 ----a-w- C:\Windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40:59 . 2012-07-11 16:07:39 369336 ----a-w- C:\Windows\system32\drivers\cng.sys
2012-06-02 04:40:39 . 2012-07-11 16:07:38 225280 ----a-w- C:\Windows\system32\schannel.dll
2012-06-02 04:39:10 . 2012-07-11 16:07:39 219136 ----a-w- C:\Windows\system32\ncrypt.dll
2012-05-31 15:25:14 . 2011-08-30 22:59:30 237072 ------w- C:\Windows\system32\MpSigStub.exe
2012-05-30 23:55:01 . 2011-09-01 15:24:55 2516 --sha-w- C:\ProgramData\KGyGaAvL.sys
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-07 23:07:04 2145000]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 14:07:54 252296]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2011-08-08 14:22:50 1692960 ----a-w- C:\Program Files\GbPlugin\gbieh.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKLM\~\startupfolder\C:^Users^Wilson^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RGSC - Atalho.lnk]
path=C:\Users\Wilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RGSC - Atalho.lnk
backup=C:\Windows\pss\RGSC - Atalho.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2012-02-02 15:55:22 3209216 ----a-w- C:\Program Files\Ares\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-06-27 15:29:26 1996200 ----a-w- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-07-03 16:46:44 462920 ----a-w- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2012-03-08 21:50:28 4280184 ----a-w- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
2008-11-14 17:35:36 305064 ----a-r- C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-08-20 19:28:13 1353080 ----a-w- C:\Program Files\Steam\Steam.exe
R2 SkypeUpdate;Skype Updater;C:\Program Files\Skype\Updater\Updater.exe
R3 1394hub;1394 Enabled Hub;C:\Windows\System32\svchost.exe
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
R3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\system32\Wat\WatAdminSvc.exe
S0 GbpKm;Gbp KernelMode;C:\Windows\system32\drivers\gbpkm.sys
S1 ehdrv;ehdrv;C:\Windows\system32\DRIVERS\ehdrv.sys
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe
S2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys
S2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
S2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys
S2 GbpSv;Gbp Service;C:\PROGRA~1\GbPlugin\GbpSv.exe
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
S2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
S2 regi;regi;C:\Windows\system32\drivers\regi.sys
S2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;C:\Windows\system32\dllhost.exe
S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt86win7.sys
S3 SymSnapService;SymSnapService;C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
Conteúdo da pasta 'Tarefas Agendadas'
2012-08-21 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 22:48:06 . 2012-08-15 15:33:30]
2012-08-01 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1137951749-1888033764-1924211240-1001Core.job
- C:\Users\Wilson\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-01 23:39:50 . 2011-09-01 23:39:48]
2012-08-21 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1137951749-1888033764-1924211240-1001UA.job
- C:\Users\Wilson\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-01 23:39:50 . 2011-09-01 23:39:48]
2012-08-21 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1137951749-1888033764-1924211240-1004Core.job
- C:\Users\William\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-22 19:50:19 . 2011-09-22 19:50:17]
2012-08-21 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1137951749-1888033764-1924211240-1004UA.job
- C:\Users\William\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-22 19:50:19 . 2011-09-22 19:50:17]
------- Scan Suplementar -------
uStart Page = hxxp://www.google.com.br/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
Trusted Zone: com.cn\*.cga
Trusted Zone: ogdev.net
Trusted Zone: sdo.com
- - - - ORFÃOS REMOVIDOS - - - -
MSConfigStartUp-iexplorenet - C:\ProgramData\iexplorenet.exe
MSConfigStartUp-msns - C:\ProgramData\msns.exe
MSConfigStartUp-systoped - C:\ProgramData\systoped.exe
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
[HKEY_USERS\S-1-5-21-1137951749-1888033764-1924211240-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
[HKEY_USERS\S-1-5-21-1137951749-1888033764-1924211240-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
[HKEY_USERS\S-1-5-21-1137951749-1888033764-1924211240-1001\Software\SecuROM\License information*]
"datasecu"=hex:4a,44,70,ea,ae,08,33,23,4f,6a,8a,c5,18,b5,27,09,4e,a4,d6,2f,da,
5e,d9,ca,fa,bf,b5,bc,1b,23,e9,9a,0e,49,f6,0f,50,58,7f,8e,ea,6a,6b,9c,a9,3c,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
- - - - - - - > 'winlogon.exe'(656)
C:\Program Files\GbPlugin\gbieh.dll
Tempo para conclusão: 2012-08-21 19:49:14
ComboFix-quarantined-files.txt 2012-08-21 22:49:13
ComboFix2.txt 2012-02-18 10:59:11
Pré-execução: 287.878.496.256 bytes disponíveis
Pós execução: 288.472.498.176 bytes disponíveis
- - End Of File - - F16F17F37D552A6A3E0F9C2E43C715CD
_____________
I would like to apologize for my bad english, and thanks for your help.
ky331
3 Apprentice
3 Apprentice
•
15.2K Posts
1
August 21st, 2012 17:00
Combofix comes with a disclaimer from its author --- that it is an extremely powerful tool, which should not be run except under the supervision of a malware-removal expert.
By running combofix, and other tools "haphazardly", it's possible you may have inflicted additional damage to your system
Be advised that one-on-one Malware Analysis/Removal is no longer done at the Dell Forums.
Bugbatter
20.5K Posts
0
August 21st, 2012 18:00
Hi Alestorm,
Just to add to ky331's good advice, if you would prefer to post on a forum for Spanish language, there are trained helpers here: http://www.forospyware.com/
Good luck!