safesurf virus problem

**zoniq** · 2010-09-15, 16:17

DDS (Ver_10-03-17.01) - NTFSX64
Run by zoniq at 16:13:55,36 on st 15. 09. 2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1033.18.4095.2810 [GMT 2:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre6\bin\java.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\zoniq\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mLocal Page = c:\windows\syswow64\blank.htm
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "c:\program files (x86)\daemon tools lite\DTLite.exe" -autorun
uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
mRun: [DivXUpdate] "c:\program files (x86)\divx\divx update\DivXUpdate.exe" /CHECKNOW
dRun: [YXE7DXCQ37] c:\windows\temp\Stm.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
AppInit_DLLs-X64: avgrssta.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\zoniq\appdata\roaming\mozilla\firefox\profiles\u8fwv41d.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files (x86)\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files (x86)\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\np_gp.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\program files (x86)\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2010-7-19 269904]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2010-7-19 35536]
R1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2010-7-19 317520]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files (x86)\avg\avg9\avgemc.exe [2010-7-19 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-7-19 308136]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-2-19 1153368]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-8-2 12672]
R3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2008-1-17 18816]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-3-2 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2010-9-5 1436424]
S3 HTCAND64;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 32768]
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [2010-5-1 189664]
S3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-18 1255736]

=============== Created Last 30 ================

2010-09-15 13:49:48 0 d-----w- c:\users\zoniq\appdata\roaming\Malwarebytes
2010-09-15 13:49:23 0 d-----w- c:\programdata\Malwarebytes
2010-09-15 13:49:22 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-15 13:49:22 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-09-15 05:23:59 0 d-----w- C:\_OTL
2010-09-11 16:00:50 0 d--h--w- C:\$AVG
2010-09-11 15:59:55 0 d-----w- c:\program files (x86)\Runic Games
2010-09-11 15:50:09 0 d-----w- c:\users\zoniq\appdata\roaming\runic games
2010-09-10 17:20:12 0 d-----w- c:\program files (x86)\Mozilla Firefox 4.0 Beta 5
2010-09-08 17:36:34 0 d-----w- c:\program files (x86)\common files\PX Storage Engine
2010-09-08 17:36:30 0 d-----w- c:\program files\DivX
2010-09-08 17:36:19 0 d-----w- c:\program files (x86)\common files\DivX Shared
2010-09-08 17:35:56 0 d-----w- c:\program files (x86)\DivX
2010-09-08 17:35:35 0 d-----w- c:\programdata\DivX
2010-09-05 11:16:01 0 d-----w- c:\program files\common files\ChaosGroup
2010-09-05 11:15:59 0 d-----w- c:\program files\plugins
2010-09-05 11:15:59 0 d-----w- c:\program files\Chaos Group
2010-09-05 10:46:08 0 d-----w- c:\programdata\FLEXnet
2010-09-05 10:03:40 0 d-----w- c:\program files\common files\Macrovision Shared
2010-09-05 10:02:36 0 d-----w- c:\program files\common files\Autodesk Shared
2010-09-05 10:02:36 0 d-----w- c:\program files\Autodesk
2010-09-05 10:01:01 0 d-----w- c:\program files (x86)\common files\Autodesk Shared
2010-09-05 10:00:48 0 d-----w- c:\program files (x86)\Autodesk
2010-09-05 09:54:50 0 d-----w- c:\users\zoniq\appdata\roaming\Autodesk
2010-09-05 09:54:50 0 d-----w- c:\programdata\Autodesk
2010-09-02 14:45:16 0 d-----w- c:\program files (x86)\Microsoft
2010-09-02 14:45:01 0 d-----w- c:\program files (x86)\Windows Live SkyDrive
2010-09-02 14:44:39 0 d-----w- c:\windows\PCHEALTH
2010-09-02 14:44:25 0 d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2010-09-02 14:37:57 0 d-----w- c:\program files (x86)\common files\Windows Live
2010-09-02 14:36:24 0 d-----w- c:\programdata\NVIDIA Corporation
2010-08-27 16:50:21 0 d-----w- c:\program files (x86)\Team17
2010-08-25 14:55:40 0 d-----w- c:\program files (x86)\NVIDIA Corporation
2010-08-25 14:37:59 861184 ----a-w- c:\windows\system32\oleaut32.dll
2010-08-25 14:37:59 571904 ----a-w- c:\windows\syswow64\oleaut32.dll
2010-08-24 16:27:03 0 d-----w- c:\programdata\Stardock
2010-08-24 15:43:12 174080 ----a-w- c:\windows\system32\binkw32.dll
2010-08-24 15:43:08 174080 ----a-w- c:\windows\system\binkw32.dll
2010-08-24 15:18:18 0 d-----w- c:\windows\syswow64\webe
2010-08-24 14:38:48 0 d-----w- c:\program files (x86)\common files\Steam
2010-08-24 14:38:46 0 d-----w- c:\program files (x86)\Steam
2010-08-18 17:39:32 0 d-----w- c:\programdata\McAfee

==================== Find3M ====================

2010-08-15 20:32:18 817664 ----a-w- c:\windows\syswow64\Help64.exe
2010-08-02 17:27:53 312480 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-08-02 17:27:52 43168 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-07-29 15:43:16 423656 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-07-29 15:43:16 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-07-29 15:43:16 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-07-29 15:43:16 145184 ----a-w- c:\windows\syswow64\java.exe
2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-07-27 14:03:24 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-25 07:39:58 834544 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-19 20:13:57 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2010-07-19 20:13:57 13048 ----a-w- c:\windows\system32\avgrssta.dll
2010-07-19 20:13:56 35536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2010-07-19 20:13:53 269904 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2010-07-09 14:27:02 159336 ----a-w- c:\windows\system32\nvvsvc.exe
2010-07-09 14:27:02 1585256 ----a-w- c:\windows\system32\nvsvc64.dll
2010-07-09 14:27:02 15314024 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 14:27:02 116328 ----a-w- c:\windows\system32\nvmctray.dll
2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-19 07:05:01 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:53:18 52224 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2010-06-19 06:23:50 37376 ----a-w- c:\windows\syswow64\rtutils.dll
2010-06-19 04:32:34 3122688 ----a-w- c:\windows\system32\win32k.sys
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 16:14:40,16 ===============

Thread: safesurf virus problem

Thread Tools

Display

Threaded View

Posting Permissions