Results 1 to 2 of 2

Thread: virtumonde problem

  1. 2008-09-01, 19:25 #1
    sncvsrtoip
    sncvsrtoip is offline
    Junior Member
    Join Date
    Sep 2008
    Posts
    2

    Default virtumonde problem

    I have a problem with virtumonde and virtumonde.prx. Spybot detects 2 virtumonde and 5 virtumonde.prx and remove them but i next 20 minutes or more i cant use google or some other sites. Once again spybot detect virtumonde and virtumonde.prx and remove them but problem occur constantly.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:24:42, on 2008-09-01
    Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\ASWLSVC.exe
    C:\WINDOWS\ATKKBService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\ASWL2K.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Miranda IM\miranda32.exe
    C:\Program Files\Azureus\Azureus.exe
    C:\Program Files\Opera\opera.exe
    C:\WINDOWS\system32\sndvol32.exe
    C:\Program Files\English Translator 3\ET.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.onet.pl/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [28c7b93a] rundll32.exe "C:\WINDOWS\system32\cetqunag.dll",b
    O4 - HKLM\..\Run: [BM2bf48aa6] Rundll32.exe "C:\WINDOWS\system32\ofeymdqo.dll",s
    O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1691] command /c del "C:\WINDOWS\system32\ofeymdqo.dll_old"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3150] cmd /c del "C:\WINDOWS\system32\ofeymdqo.dll_old"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\RunOnce: [SpybotDeletingB5293] command /c del "C:\WINDOWS\system32\ofeymdqo.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD8144] cmd /c del "C:\WINDOWS\system32\ofeymdqo.dll_old"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint – Dodaj do listy drukowania - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint – Drukuj - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint – Drukuj z dużą szybkością - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint – Podgląd - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

    --
    End of file - 6549 bytes
  2. 2008-09-01, 20:50 #2
    sncvsrtoip
    sncvsrtoip is offline
    Junior Member
    Join Date
    Sep 2008
    Posts
    2

    Default

    ComboFix 08-08-31.01 - SNC 2008-09-01 20:29:51.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.620 [GMT 2:00]
    Running from: C:\Documents and Settings\SNC\Pulpit\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\SNC\Dane aplikacji\macromedia\Flash Player\#SharedObjects\GKBQV8VY\bin.clearspring.com
    C:\Documents and Settings\SNC\Dane aplikacji\macromedia\Flash Player\#SharedObjects\GKBQV8VY\bin.clearspring.com\clearspring.sol
    C:\Documents and Settings\SNC\Dane aplikacji\macromedia\Flash Player\#SharedObjects\GKBQV8VY\interclick.com
    C:\Documents and Settings\SNC\Dane aplikacji\macromedia\Flash Player\#SharedObjects\GKBQV8VY\interclick.com\ud.sol
    C:\Documents and Settings\SNC\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
    C:\Documents and Settings\SNC\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
    C:\Documents and Settings\SNC\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
    C:\Documents and Settings\SNC\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
    C:\test.txt
    C:\WINDOWS\BM2bf48aa6.txt
    C:\WINDOWS\BM2bf48aa6.xml
    C:\WINDOWS\system32\aeijppsn.ini
    C:\WINDOWS\system32\arkovmeb.dll
    C:\WINDOWS\system32\bemvokra.ini
    C:\WINDOWS\system32\bilcbqbw.exe
    C:\WINDOWS\system32\bnwqhiyy.ini
    C:\WINDOWS\system32\byXPHaAr.dll
    C:\WINDOWS\system32\ccpfeclb.ini
    C:\WINDOWS\system32\cetqunag.dll
    C:\WINDOWS\system32\egsusffo.exe
    C:\WINDOWS\system32\eicjadxm.ini
    C:\WINDOWS\system32\fkkmemwl.exe
    C:\WINDOWS\system32\ganuqtec.ini
    C:\WINDOWS\system32\ggdpgdps.ini
    C:\WINDOWS\system32\iyxdprgl.ini
    C:\WINDOWS\system32\kchhluth.exe
    C:\WINDOWS\system32\mdm.exe
    C:\WINDOWS\system32\nsppjiea.dll
    C:\WINDOWS\system32\oouqvxpj.ini
    C:\WINDOWS\system32\oxdbkxpw.ini
    C:\WINDOWS\system32\plugin1.dat
    C:\WINDOWS\system32\rAaHPXyb.ini
    C:\WINDOWS\system32\rAaHPXyb.ini2
    C:\WINDOWS\system32\rmaexaep.ini
    C:\WINDOWS\system32\vtnmugql.exe

    .
    ((((((((((((((((((((((((( Files Created from 2008-08-01 to 2008-09-01 )))))))))))))))))))))))))))))))
    .

    2008-09-01 18:35 . 2008-09-01 18:35 <DIR> d-------- C:\Program Files\Trend Micro
    2008-08-31 21:35 . 2008-08-31 21:42 <DIR> d-------- C:\Program Files\Phun
    2008-08-31 21:02 . 2008-08-31 21:02 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-08-31 16:27 . 2006-10-14 05:09 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
    2008-08-31 16:27 . 2006-10-14 05:09 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione
    2008-08-31 16:27 . 2006-10-14 05:09 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
    2008-08-31 16:27 . 2006-10-14 05:09 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
    2008-08-31 16:27 . 2006-10-14 05:09 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty
    2008-08-31 16:27 . 2006-10-14 05:09 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
    2008-08-31 16:27 . 2006-10-14 05:09 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
    2008-08-31 16:27 . 2008-08-31 16:27 <DIR> d-------- C:\Documents and Settings\Administrator
    2008-08-26 18:40 . 2008-08-27 15:16 <DIR> d--h----- C:\$AVG8.VAULT$
    2008-08-26 16:39 . 2008-09-01 14:15 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
    2008-08-26 16:39 . 2008-08-26 16:39 <DIR> d-------- C:\Program Files\AVG
    2008-08-26 16:39 . 2008-08-26 16:39 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\avg8
    2008-08-26 16:39 . 2008-08-30 14:00 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
    2008-08-26 16:39 . 2008-08-26 16:39 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
    2008-08-26 16:39 . 2008-08-26 16:39 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
    2008-08-23 17:23 . 2008-08-31 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
    2008-08-23 15:02 . 2008-08-23 15:02 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
    2008-08-23 01:20 . 2008-08-23 01:20 <DIR> d-------- C:\Program Files\Microids
    2008-08-22 23:43 . 2008-08-22 23:45 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
    2008-08-16 13:28 . 2008-08-16 13:28 <DIR> d-------- C:\Program Files\xp-AntiSpy

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-01 18:19 --------- d-----w C:\Documents and Settings\SNC\Dane aplikacji\Azureus
    2008-09-01 18:18 --------- d-----w C:\Program Files\English Translator 3
    2008-08-28 23:53 --------- d-----w C:\Program Files\eMule
    2008-08-23 15:23 --------- d-----w C:\Program Files\Lavasoft
    2008-08-23 15:23 --------- d-----w C:\Documents and Settings\SNC\Dane aplikacji\Lavasoft
    2008-08-23 15:17 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
    2008-08-23 13:15 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-08-23 11:40 --------- d-----w C:\Program Files\iPlus
    2008-08-23 11:40 --------- d-----w C:\Documents and Settings\SNC\Dane aplikacji\iPlus
    2008-08-21 19:27 --------- d-----w C:\Program Files\FlashGet
    2008-08-20 12:44 --------- d-----w C:\Program Files\Opera
    2008-08-18 01:08 --------- d-----w C:\Program Files\Fraps
    2008-08-17 23:51 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
    2008-08-17 23:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-08-16 11:30 --------- d-----w C:\Program Files\Azureus
    2008-08-16 11:28 359,040 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-07-22 21:47 --------- d-----w C:\Program Files\SpeedFan
    2008-07-22 11:19 --------- d-----w C:\Program Files\Miranda IM
    2008-07-11 19:53 --------- d-----w C:\Documents and Settings\SNC\Dane aplikacji\OpenOffice.org2
    2008-07-11 19:49 --------- d-----w C:\Program Files\OpenOffice.org 2.4
    2008-06-09 18:52 49,720 ----a-w C:\Documents and Settings\SNC\Dane aplikacji\GDIPFONTCACHEV1.DAT
    .

    ------- Sigcheck -------

    2008-08-16 13:28 359040 28f288e08a098df3c0eb6aa813bb41fd C:\WINDOWS\system32\dllcache\tcpip.sys
    2008-08-16 13:28 359040 28f288e08a098df3c0eb6aa813bb41fd C:\WINDOWS\system32\drivers\tcpip.sys

    2004-08-03 23:44 1033728 8adb319f83f32495b27b79b3cf391e0d C:\WINDOWS\explorer.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:55 1667584]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-23 13:27 7286784]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:44 15360]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    --a------ 2004-08-03 23:44 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    --a------ 2007-04-04 00:29 165784 C:\Program Files\DAEMON Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
    --a------ 2004-01-14 03:10 409600 C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPlusManager]
    --a------ 2008-05-30 14:26 409600 C:\Program Files\iPlus\iPlusChecker.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --------- 2004-08-04 01:55 1667584 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2006-01-12 17:40 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2006-09-01 16:57 282624 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    --a------ 2005-01-12 04:01 32768 C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
    -ra------ 2005-10-26 17:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    --------- 2008-08-18 18:41 1832272 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
    --a------ 2006-05-24 20:31 1372160 C:\Program Files\TGTSoft\StyleXP\StyleXP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    --a--c--- 2005-08-19 05:07 737369 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    -ra------ 2005-07-22 10:00 81920 C:\WINDOWS\SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\Program Files\\Miranda IM\\miranda32.exe"=
    "C:\\Program Files\\Soulseek\\slsk.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
    "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-30 14:00]
    R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-30 14:00]
    R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 14:00]
    R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-26 16:39]
    R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 20:54]
    R3 GTEDGWModem;Option NV GTEDGWModem;C:\WINDOWS\system32\DRIVERS\GTEDG.sys [2006-02-24 15:55]
    R3 OptionWWSC;GT EDGE SIM Card Reader;C:\WINDOWS\system32\DRIVERS\GTEDGSC.sys [2006-02-24 15:55]
    R3 SynMini;USB2.0 1.3M Web Cam;C:\WINDOWS\system32\Drivers\SynMini.sys [2005-10-03 11:26]
    R3 SynScan;USB2.0 1.3M Web Cam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2005-10-03 11:26]
    S1 tvtool;tvtool;C:\Program Files\TVTool\tvtool.sys [1996-04-03 20:33]
    S3 GTEDGWWNIC;Option NV GTEDGWWNIC;C:\WINDOWS\system32\DRIVERS\GTEDGNet.sys [2006-02-24 15:55]
    S3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2005-06-22 09:50]
    S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-03 00:10]
    S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-05-01 13:16]
    S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-05-01 13:17]
    S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-05-01 13:17]
    S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-05-01 13:18]
    S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-05-01 13:15]
    S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-05-01 13:18]
    S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-05-01 13:15]
    S3 wampapache;wampapache;c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe [2007-09-05 09:59]
    S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld []
    S4 msvsmon80;Visual Studio 2005 Remote Debugger;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 07:01]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04e02a12-a682-11dc-9780-0018f33c6e03}]
    \Shell\AutoRun\command - d.com
    \Shell\explore\Command - d.com
    \Shell\open\Command - d.com
    .
    Contents of the 'Scheduled Tasks' folder
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-28c7b93a - C:\WINDOWS\system32\cetqunag.dll
    HKLM-Run-BM2bf48aa6 - C:\WINDOWS\system32\ofeymdqo.dll
    Notify-vtUlLFwX - vtUlLFwX.dll
    MSConfigStartUp-AVG7_CC - C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    MSConfigStartUp-DAEMON Tools-1033 - C:\Program Files\D-Tools\daemon.exe
    MSConfigStartUp-EdHTML - C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe
    MSConfigStartUp-Google Desktop Search - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe


    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\SNC\Dane aplikacji\Mozilla\Firefox\Profiles\7pmdrgiu.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.onet.pl/
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-01 20:38:10
    Windows 5.1.2600 Dodatek Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\ASWLSVC.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\ASWL2K.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2008-09-01 20:44:14 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-09-01 18:43:48

    Pre-Run: 2,636,247,040 bajtów wolnych
    Post-Run: 3,030,466,560 bajt˘w wolnych

    232
    ------------------------------------

    Do NOT run 'FIXES' before helpers have analyzed HJT log
    File Sharing, otherwise known as Peer To Peer. (P2P)
    Last edited by tashi; 2008-09-02 at 00:00. Reason: Mod: FYI links
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules