|
|
|
|||||||
| Notices |
 |
|
|
Thread Tools | Display Modes |
02-04-2009, 07:57 PM
|
#571 |
|
Newbie
Join Date: Apr 2009
Age: 19
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
 OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
Hey guys, i have the same issue with no being able to enter any antivirus pages, microsoft, and sometimes my computer starts running very slow, and eventually freezes up (dont know if those are happening from the same issues). Anyway, i did read through most posts, did ombofix, checked hosts file etc., made a HJT, but still the problem is there. Ill post my resulsts, maybe you will find something i didnt see
 HJT results: Code:
Logfile of HijackThis v1.99.1 Scan saved at 15:24, on 2009-04-02 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmer\Creative\Shared Files\CTAudSvc.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe C:\Programmer\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmer\DAEMON Tools\daemon.exe C:\Programmer\Logitech\SetPoint\SetPoint.exe C:\Programmer\Fælles filer\Logitech\KhalShared\KHALMNPR.EXE C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programmer\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe C:\WINDOWS\system32\wscntfy.exe C:\Programmer\iPod\bin\iPodService.exe C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Programmer\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Programmer\Skype\Phone\Skype.exe C:\Programmer\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Programmer\Windows Live\Messenger\msnmsgr.exe C:\Programmer\Windows Live\Contacts\wlcomm.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Steam] "d:\spil\steam\steam.exe" -silent O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmer\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\programmer\bonjour\mdnsnsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1233968389796 O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/.../en/crlocx.ocx O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FLLESF~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Programmer\Fælles filer\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Programmer\Creative\Shared Files\CTAudSvc.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Programmer\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Code:
ComboFix 09-03-31.01 - Lasse K 2009-04-02 14:48:14.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1030.18.2814.2363 [GMT 2:00]
Kører fra: c:\documents and settings\Lasse K\Skrivebord\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\Lasse K\Skrivebord\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Dannede nyt systemgendannelsespunkt
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Forrige Kørsel -------
.
c:\documents and settings\Lasse K\Menuen Start\Programmer\Start\lsass.exe
.
((((((((((((((((((((((((((((( Filer skabt fra 2009-03-02 til 2009-04-02 )))))))))))))))))))))))))))))))))))
.
2009-04-01 01:59 . 2009-04-01 01:59 <DIR> d-------- C:\!KillBox
2009-04-01 01:45 . 2009-04-01 01:46 <DIR> d-------- c:\programmer\Spybot - Search & Destroy
2009-04-01 01:45 . 2009-04-01 01:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-01 01:24 . 2009-04-01 01:24 4,706 --a------ c:\windows\system32\PerfStringBackup.TMP
2009-04-01 01:20 . 2009-04-01 01:20 <DIR> d-------- c:\programmer\AskBarDis
2009-04-01 01:10 . 2009-04-01 01:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-04-01 00:57 . 2009-04-01 01:20 <DIR> d-------- c:\programmer\Opera
2009-04-01 00:21 . 2009-04-01 01:20 <DIR> d-------- c:\programmer\Malwarebytes' Anti-Malware
2009-04-01 00:21 . 2009-04-01 00:21 <DIR> d-------- c:\documents and settings\Lasse K\Application Data\Malwarebytes
2009-04-01 00:21 . 2009-04-01 00:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-12 02:54 . 2008-04-14 18:05 221,184 --a------ c:\windows\system32\wmpns.dll
2009-03-12 01:48 . 2009-03-12 01:48 <DIR> d-------- c:\programmer\iTunes
2009-03-12 01:48 . 2009-03-12 01:48 <DIR> d-------- c:\programmer\iPod
2009-03-12 01:48 . 2009-03-12 01:48 <DIR> d-------- c:\programmer\Bonjour
2009-03-12 01:48 . 2009-03-12 01:48 <DIR> d-------- c:\documents and settings\Lasse K\Application Data\Apple Computer
2009-03-12 01:48 . 2009-03-12 01:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-03-12 01:48 . 2008-04-17 14:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2009-03-12 01:48 . 2008-04-17 14:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-12 01:47 . 2009-03-12 01:48 <DIR> d-------- c:\programmer\QuickTime
2009-03-12 01:47 . 2009-03-12 01:48 <DIR> d-------- c:\programmer\Fælles filer\Apple
2009-03-12 01:47 . 2009-03-12 01:47 <DIR> d-------- c:\programmer\Apple Software Update
2009-03-12 01:47 . 2009-03-12 01:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-12 01:47 . 2009-03-12 01:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-03-11 19:25 . 2009-03-11 19:33 139,264 --a------ c:\windows\War3Unin.exe
2009-03-11 19:25 . 2009-03-11 21:32 64,821 --a------ c:\windows\War3Unin.dat
2009-03-11 19:25 . 2009-03-11 19:33 2,829 --a------ c:\windows\War3Unin.pif
2009-03-07 20:23 . 2009-03-21 20:18 <DIR> d-------- c:\documents and settings\Lasse K\Application Data\FrostWire
2009-03-07 20:22 . 2009-03-07 20:22 <DIR> d-------- c:\programmer\Java
2009-03-07 20:22 . 2009-03-07 20:22 <DIR> d-------- c:\programmer\Fælles filer\Java
2009-03-07 20:22 . 2008-06-10 03:32 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-07 20:21 . 2009-03-13 18:13 <DIR> d-------- c:\programmer\FrostWire
2009-03-06 20:07 . 2009-03-06 20:08 <DIR> d-------- c:\programmer\Windows Live
2009-03-06 20:07 . 2009-03-06 20:07 <DIR> d-------- c:\programmer\Microsoft
2009-03-04 21:03 . 2009-03-04 21:03 <DIR> d-------- c:\documents and settings\Lasse K\Application Data\The Creative Assembly
2009-03-03 17:13 . 2009-03-04 02:06 <DIR> d-------- c:\programmer\Steam
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-02 12:46 --------- d-----w c:\documents and settings\Lasse K\Application Data\Skype
2009-04-02 12:16 --------- d-----w c:\documents and settings\Lasse K\Application Data\skypePM
2009-04-01 23:34 --------- d-----w c:\documents and settings\Lasse K\Application Data\uTorrent
2009-03-12 00:54 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-28 19:30 --------- d-----w c:\programmer\Teamspeak2_RC2
2009-02-28 19:30 --------- d-----w c:\documents and settings\Lasse K\Application Data\teamspeak2
2009-02-21 17:20 --------- d-----w c:\programmer\Windows Live SkyDrive
2009-02-21 17:16 --------- d-----w c:\programmer\Fælles filer\Windows Live
2009-02-18 14:40 --------- d-----w c:\programmer\MSBuild
2009-02-18 14:40 --------- d-----w c:\programmer\Microsoft Works
2009-02-18 14:39 --------- d-----w c:\programmer\Microsoft.NET
2009-02-18 14:38 --------- d-----w c:\programmer\Microsoft Visual Studio 8
2009-02-17 16:59 --------- d-----w c:\programmer\Fælles filer\Skype
2009-02-17 16:59 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-02-17 16:59 --------- d-----r c:\programmer\Skype
2009-02-16 15:05 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-02-15 20:00 --------- d-----w c:\documents and settings\Lasse K\Application Data\Ventrilo
2009-02-15 13:45 --------- d-----w c:\programmer\NOS
2009-02-15 01:10 --------- d-----w c:\programmer\Fælles filer\Adobe
2009-02-13 02:20 --------- d-----w c:\programmer\uTorrent
2009-02-12 19:15 --------- d-----w c:\documents and settings\Lasse K\Application Data\Logitech
2009-02-12 19:15 --------- d-----w c:\documents and settings\All Users\Application Data\Logitech
2009-02-12 19:14 --------- d-----w c:\programmer\Fælles filer\Logitech
2009-02-12 18:58 --------- d-----w c:\programmer\Fælles filer\Logishrd
2009-02-12 03:09 --------- d-----w c:\programmer\Ventrilo
2009-02-12 03:08 --------- d-----w c:\programmer\Fælles filer\Wise Installation Wizard
2009-02-11 14:52 --------- d-----w c:\programmer\Fælles filer\Blizzard Entertainment
2009-02-11 03:38 --------- d-----w c:\programmer\Fælles filer\InstallShield
2009-02-11 01:55 --------- d-----w c:\programmer\DAEMON Tools
2009-02-11 01:53 646,392 ----a-w c:\windows\system32\drivers\sptd.sys
2009-02-09 14:07 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 13:16 --------- d-----w c:\programmer\Windows Media Connect 2
2009-02-08 12:23 --------- d-----w c:\documents and settings\Lasse K\Application Data\dvdcss
2009-02-07 15:00 --------- d-----w c:\programmer\Reference Assemblies
2009-02-07 14:51 --------- d-----w c:\documents and settings\Lasse K\Application Data\vlc
2009-02-07 14:50 86,016 ----a-w c:\windows\system32\OpenAL32.dll
2009-02-07 14:49 --------- d--h--w c:\programmer\InstallShield Installation Information
2009-02-07 14:49 --------- d-----w c:\programmer\Futuremark
2009-02-07 14:45 --------- d-----w c:\documents and settings\All Users\Application Data\Creative
2009-02-07 03:27 --------- d-----w c:\programmer\VideoLAN
2009-02-07 03:13 444,952 ----a-w c:\windows\system32\wrap_oal.dll
2009-02-07 03:13 --------- d-----w c:\programmer\OpenAL
2009-02-07 03:12 --------- d-----w c:\programmer\Fælles filer\Creative Labs Shared
2009-02-07 03:12 --------- d-----w c:\programmer\Creative
2009-02-07 02:52 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2009-02-07 02:50 --------- d-----w c:\programmer\AGEIA Technologies
2009-02-07 02:26 --------- d-----w c:\documents and settings\Lasse K\Application Data\Creative
2009-02-07 00:57 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-02-07 00:57 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-02-07 00:57 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-02-07 00:57 --------- d-----w c:\documents and settings\All Users\Application Data\LogiShrd
2009-02-07 00:56 --------- d-----w c:\programmer\Logitech
2009-02-07 00:56 --------- d-----w c:\documents and settings\Lasse K\Application Data\InstallShield
2009-02-07 00:49 --------- d-----w c:\programmer\NVIDIA Corporation
2009-02-07 00:38 --------- d-----w c:\programmer\microsoft frontpage
2009-02-07 00:36 --------- d-----w c:\programmer\Onlinetjenester
2009-02-07 00:36 --------- d-----w c:\programmer\Fælles filer\Tjenester
2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2008-04-14 16:05 93,440 --sha-r c:\windows\system32\jpvsm.dll
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\programmer\AskBarDis\bar\bin\askBar.dll" [BU]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools"="c:\programmer\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"Skype"="c:\programmer\Skype\Phone\Skype.exe" [2009-02-04 23975720]
"msnmsgr"="c:\programmer\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Steam"="d:\spil\steam\steam.exe" [2009-03-04 1410296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"Adobe Reader Speed Launcher"="c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"GrooveMonitor"="c:\programmer\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\programmer\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\programmer\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\programmer\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-10-08 c:\windows\system32\Ctxfihlp.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Logitech SetPoint.lnk - c:\programmer\Logitech\SetPoint\SetPoint.exe [2009-02-12 692224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Spil\\UT2004\\System\\UT2004.exe"=
"d:\\Spil\\Zero Hour\\game.dat"=
"d:\\Spil\\World of Warcraft TBC\\WoW-3.0.8.9506-to-3.0.9.9551-enGB-downloader.exe"=
"c:\\Programmer\\Ventrilo\\Ventrilo.exe"=
"c:\\Programmer\\uTorrent\\utorrent.exe"=
"c:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmer\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\FrostWire\\FrostWire.exe"=
"d:\\Spil\\Warcraft 3\\Warcraft III.exe"=
"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmer\\iTunes\\iTunes.exe"=
"d:\\Spil\\World of Warcraft TBC\\BackgroundDownloader.exe"=
"c:\\Programmer\\Skype\\Phone\\Skype.exe"=
"d:\\Spil\\Steam\\steamapps\\tst_snapper\\counter-strike\\hl.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"2134:TCP"= 2134:TCP:tnejgsfl
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2008-10-08 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-08 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-08 72728]
S2 rcvzqh;Boot Shell;c:\windows\system32\svchost.exe -k netsvcs [2003-04-25 14336]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\programmer\Fælles filer\Creative Labs Shared\Service\CTAELicensing.exe [2009-02-07 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2008-10-08 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-08 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-08 72728]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
rcvzqh
.
Indhold af mappen 'Planlagte Opgaver'
2009-03-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
2009-03-31 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe []
2009-04-02 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe []
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
uInternet Settings,ProxyOverride = *.local
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvLsp.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-02 14:49:07
Windows 5.1.2600 Service Pack 3 NTFS
scanner skjulte processer ...
scanner skjulte autostarter ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
scanner skjulte filer ...
scanning gennemført med succes
skjulte filer: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rcvzqh]
"ServiceDll"="c:\windows\system32\jpvsm.dll"
.
--------------------- DLLs startet under kørende Processer ---------------------
- - - - - - - > 'lsass.exe'(796)
c:\windows\system32\nvLsp.dll
.
Gennemført tid: 2009-04-02 14:49:44
ComboFix-quarantined-files.txt 2009-04-02 12:49:42
ComboFix2.txt 2009-04-01 00:25:06
ComboFix3.txt 2009-03-31 23:54:08
ComboFix4.txt 2009-03-31 23:37:46
Pre-Kørsel: 19,646,558,208 byte ledig
Post-Kørsel: 19,913,162,752 byte ledig
221 --- E O F --- 2009-03-13 00:01:38
As i said, i might have done something wrong, hope you can see where Some sentences might be in Danish, ask if you need translated! Regards Last edited by bakuryu; 03-04-2009 at 01:01 AM.. |
|
|
|
03-04-2009, 01:18 AM
|
#572 |
|
ƒ(ψ)=Θº×φ
 
Join Date: May 2006
Location: India
Age: 23
Posts: 6,621
Thanks: 19
Thanked 645 Times in 603 Posts
Rep Power: 87
  OS:
 |
Re: Cannot access Antivirus Sites/Google/Avast etc.
Open notepad and copy+paste the following text and save the file as CFScript.txt in the same directory where combofix is present. Then drag and drop the CFScript.txt file over combofix, and combofix should delete those files.
Code:
File:: c:\windows\system32\jpvsm.dll Registry:: [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rcvzqh] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost find the value named netsvcs, double click to edit, find the line containing rcvzqh and delete only that line, click OK and close the edit window. Open command prompt and type : Code:
netsh firewall set portopening protocol=TCP port=2134 mode=DISABLE profile=ALL domain=ALL
__________________
Please don't click here |
|
|
|
|
03-04-2009, 01:54 AM
|
#573 |
|
Newbie
Join Date: Apr 2009
Age: 19
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
[/quote]Open command prompt and type :
Code:
netsh firewall set portopening protocol=TCP port=2134 mode=DISABLE profile=ALL domain=ALL How do you do this? What is command promt? |
|
|
|
|
03-04-2009, 08:06 AM
|
#574 |
|
Junior Member (25+)
Join Date: Mar 2009
Age: 22
Posts: 57
Thanks: 13
Thanked 2 Times in 2 Posts
Rep Power: 0
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
Snapper,
Start > Run and type in cmd then press Enter. |
|
|
|
|
03-04-2009, 07:27 PM
|
#575 | |
|
Junior Member (25+)
Join Date: Mar 2009
Posts: 31
Thanks: 1
Thanked 0 Times in 0 Posts
Rep Power: 0
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
Quote:
i didn't see c:\WINDOWS\SYSTEM32\pqhxenye.dll in autoruns. if ever avg finds another malware that it can't delete/vault can i use the same method that we did there with combofix to fix it? |
|
|
|
|
|
03-04-2009, 08:28 PM
|
#576 |
|
Newbie
Join Date: Apr 2009
Posts: 2
Thanks: 1
Thanked 0 Times in 0 Posts
Rep Power: 0
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
Hey ppl, I am facin the same issue.. I am posting logs from both HJT and combofix..
Pls help. HJT LOG: Code:
Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\system32\VTTimer.exe D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe D:\WINDOWS\system32\ctfmon.exe D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe D:\WINDOWS\system32\inetsrv\inetinfo.exe D:\WINDOWS\System32\tcpsvcs.exe D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe D:\WINDOWS\System32\svchost.exe D:\PROGRA~1\AVG\AVG8\avgam.exe D:\PROGRA~1\AVG\AVG8\avgrsx.exe D:\PROGRA~1\AVG\AVG8\avgnsx.exe D:\Program Files\AVG\AVG8\avgcsrvx.exe D:\WINDOWS\system32\wscntfy.exe D:\Program Files\AVG\AVG8\avgcsrvx.exe D:\WINDOWS\explorer.exe D:\Program Files\eLitecore\Cyberoam Client for 24Online\CyberoamClient.exe D:\Documents and Settings\Rahul Mohandas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\Documents and Settings\Rahul Mohandas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\Documents and Settings\Rahul Mohandas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\Documents and Settings\Rahul Mohandas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\WINDOWS\System32\svchost.exe D:\Documents and Settings\Rahul Mohandas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\Documents and Settings\Rahul Mohandas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\Documents and Settings\Rahul Mohandas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = India News | Indian Business, Finance News | Sports: Cricket India | Bollywood, Tamil, Telugu Movies | Astrology, Indian Recipes R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\MICROS~1\Office12\GRA8E1~1.DLL O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Download All with FlashGet - D:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - D:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{A211AAA6-01DA-4811-8D8F-8A3FEAC4E2AE}: NameServer = 202.179.76.245,202.71.136.67 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\MICROS~1\Office12\GR99D3~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - D:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe Combofox LOGS: . Code:
((((((((((((((((((((((((( Files Created from 2009-03-03 to 2009-04-03 )))))))))))))))))))))))))))))))
.
2009-04-03 12:09 . 2009-04-03 12:09 <DIR> d-------- d:\documents and settings\Rahul Mohandas\Application Data\Simply Super Software
2009-04-03 12:09 . 2009-04-03 12:09 <DIR> d-------- d:\documents and settings\All Users\Application Data\Simply Super Software
2009-04-03 12:09 . 2006-05-25 15:52 162,304 --a------ d:\windows\system32\ztvunrar36.dll
2009-04-03 12:09 . 2003-02-02 20:06 153,088 --a------ d:\windows\system32\unrar3.dll
2009-04-03 12:09 . 2005-08-26 01:50 77,312 --a------ d:\windows\system32\ztvunace26.dll
2009-04-03 12:09 . 2002-03-06 01:00 75,264 --a------ d:\windows\system32\unacev2.dll
2009-04-03 12:09 . 2006-06-19 13:01 69,632 --a------ d:\windows\system32\ztvcabinet.dll
2009-04-03 11:24 . 2009-04-03 11:24 <DIR> d-------- d:\program files\CCleaner
2009-04-02 23:06 . 2009-04-03 13:07 <DIR> d--h----- D:\$AVG8.VAULT$
2009-04-02 23:00 . 2009-04-02 23:00 <DIR> d-------- d:\windows\system32\drivers\Avg
2009-04-02 23:00 . 2009-04-03 00:22 <DIR> d-------- d:\documents and settings\Rahul Mohandas\Application Data\AVGTOOLBAR
2009-04-02 23:00 . 2009-04-03 12:34 324,872 --a------ d:\windows\system32\drivers\avgldx86.sys
2009-04-02 23:00 . 2009-04-03 12:35 107,272 --a------ d:\windows\system32\drivers\avgtdix.sys
2009-04-02 23:00 . 2009-04-03 12:34 12,552 --a------ d:\windows\system32\drivers\avgrkx86.sys
2009-04-02 23:00 . 2009-04-03 12:35 10,520 --a------ d:\windows\system32\avgrsstx.dll
2009-04-02 22:59 . 2009-04-02 22:59 <DIR> d-------- d:\program files\AVG
2009-04-02 22:59 . 2009-04-03 12:34 <DIR> d-------- d:\documents and settings\All Users\Application Data\avg8
2009-04-01 03:21 . 2009-04-01 03:27 <DIR> d-------- d:\program files\Gabest
2009-03-27 02:20 . 2009-03-27 02:20 3,072 --ahs---- D:\Thumbs.db
2009-03-17 21:35 . 2009-04-03 18:10 7,680 --ahs---- d:\windows\Thumbs.db
2009-03-16 08:33 . 2009-03-16 08:33 <DIR> d-------- d:\windows\system32\logs
2009-03-14 21:59 . 2009-03-14 21:59 <DIR> d-------- d:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-14 21:58 . 2009-04-01 23:41 <DIR> d-------- d:\program files\SUPERAntiSpyware
2009-03-14 21:58 . 2009-04-01 23:41 <DIR> d-------- d:\documents and settings\Rahul Mohandas\Application Data\SUPERAntiSpyware.com
2009-03-14 20:18 . 2009-03-14 20:18 <DIR> d-------- d:\program files\Trend Micro
2009-03-14 15:56 . 2009-03-16 19:22 <DIR> d-------- d:\documents and settings\Rahul Mohandas\Application Data\dvdcss
2009-03-14 12:37 . 2009-03-14 12:37 <DIR> d-------- d:\program files\Malwarebytes' Anti-Malware
2009-03-14 12:37 . 2009-03-14 12:37 <DIR> d-------- d:\documents and settings\Rahul Mohandas\Application Data\Malwarebytes
2009-03-14 12:37 . 2009-03-14 12:37 <DIR> d-------- d:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-14 12:37 . 2009-02-11 10:19 38,496 --a------ d:\windows\system32\drivers\mbamswissarmy.sys
2009-03-14 12:37 . 2009-02-11 10:19 15,504 --a------ d:\windows\system32\drivers\mbam.sys
2009-03-14 12:12 . 2009-03-14 12:12 577,024 --a--c--- d:\windows\system32\dllcache\user32.dll
2009-03-14 12:11 . 2009-03-14 12:11 <DIR> d-------- d:\windows\ERUNT
2009-03-14 12:01 . 2009-03-14 12:25 <DIR> d-------- D:\SDFix
2009-03-14 11:40 . 2009-04-02 22:51 <DIR> d-------- d:\documents and settings\All Users\Application Data\SiteAdvisor
2009-03-14 11:36 . 2009-04-02 22:58 <DIR> d-------- d:\program files\McAfee
2009-03-14 11:35 . 2009-04-02 22:58 <DIR> d-------- d:\documents and settings\All Users\Application Data\McAfee
2009-03-10 23:20 . 2009-03-10 23:20 <DIR> d-------- d:\program files\enable Tuner
2009-03-10 22:56 . 2009-03-10 22:56 <DIR> d-------- d:\program files\Guitar Pro 5
2009-03-09 20:16 . 2009-03-09 20:16 <DIR> d-------- d:\documents and settings\Rahul Mohandas\Application Data\Codemasters
2009-03-09 20:14 . 2009-03-09 20:14 <DIR> d----c--- d:\windows\system32\DRVSTORE
2009-03-09 20:14 . 2009-03-09 20:14 <DIR> d-------- d:\documents and settings\Rahul Mohandas\Application Data\InstallShield
2009-03-09 20:14 . 2009-03-09 20:14 <DIR> d-------- d:\documents and settings\All Users\Application Data\InstallShield
2009-03-09 20:13 . 2009-03-09 20:13 <DIR> d-------- d:\windows\system32\AGEIA
2009-03-09 20:13 . 2009-03-09 20:13 <DIR> d-------- d:\program files\AGEIA Technologies
2009-03-09 20:12 . 2009-04-01 23:41 <DIR> d-------- d:\program files\Common Files\Wise Installation Wizard
2009-03-09 20:08 . 2007-04-27 11:12 78,784 --a------ d:\windows\system32\ISUSPM.cpl
2009-03-09 20:00 . 2009-03-09 20:00 <DIR> d-------- d:\program files\Alcohol Soft
2009-03-09 20:00 . 2005-04-25 10:43 159,616 --a------ d:\windows\system32\drivers\Vax347b.sys
2009-03-09 20:00 . 2004-04-30 09:33 5,248 --a------ d:\windows\system32\drivers\Vax347s.sys
2009-03-09 02:00 . 2009-03-21 19:43 <DIR> d-------- d:\program files\DC++
2009-03-07 01:22 . 2009-03-07 01:22 <DIR> d-------- d:\program files\Common Files\Adobe AIR
2009-03-07 01:20 . 2009-03-07 01:21 <DIR> d-------- d:\program files\Common Files\Adobe
2009-03-04 01:31 . 2009-03-04 01:31 <DIR> d--hs---- d:\documents and settings\Rahul Mohandas\IECompatCache
2009-03-04 01:30 . 2009-03-04 01:30 <DIR> d--hs---- d:\documents and settings\Rahul Mohandas\PrivacIE
2009-03-04 01:30 . 2009-03-04 01:30 <DIR> d--hs---- d:\documents and settings\Rahul Mohandas\IETldCache
2009-03-04 01:17 . 2009-03-04 01:19 <DIR> d--h-c--- d:\windows\ie8
2009-03-04 00:28 . 2009-04-03 18:10 <DIR> d-------- d:\program files\Windows Media Connect 2
2009-03-04 00:28 . 2006-10-04 19:36 1,197,294 -----c--- d:\windows\system32\dllcache\sysmain.sdb
2009-03-04 00:28 . 2006-10-04 19:36 764,868 -----c--- d:\windows\system32\dllcache\apph_sp.sdb
2009-03-04 00:28 . 2006-10-04 19:36 217,118 -----c--- d:\windows\system32\dllcache\apphelp.sdb
2009-03-04 00:26 . 2009-03-04 00:27 <DIR> d-------- d:\windows\system32\drivers\UMDF
2009-03-04 00:18 . 2009-03-04 00:18 <DIR> d-------- d:\documents and settings\Rahul Mohandas\Application Data\DivX
2009-03-04 00:17 . 2009-04-03 18:10 <DIR> d-------- d:\program files\DivX
2009-03-04 00:17 . 2007-11-30 04:00 120,056 --------- d:\windows\system32\pxcpyi64.exe
2009-03-04 00:17 . 2007-11-30 04:00 118,520 --------- d:\windows\system32\pxinsi64.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-03 12:15 --------- d-----w d:\program files\FlashGet
2009-04-03 10:10 --------- d-----w d:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-03 09:56 --------- d-----w d:\program files\BitComet
2009-03-09 14:38 --------- d--h--w d:\program files\InstallShield Installation Information
2009-03-09 14:38 --------- d-----w d:\program files\Common Files\InstallShield
2009-02-28 07:00 --------- d-----w d:\program files\MSBuild
2009-02-28 07:00 --------- d-----w d:\program files\Microsoft Works
2009-02-28 05:29 --------- d-----w d:\documents and settings\Rahul Mohandas\Application Data\Azureus
2009-02-28 05:14 --------- d-----w d:\documents and settings\All Users\Application Data\Azureus
2009-02-28 05:13 --------- d-----w d:\program files\Common Files\i4j_jres
2009-02-27 18:32 --------- d-----w d:\documents and settings\All Users\Application Data\Yahoo!
2009-02-27 17:46 --------- d-----w d:\program files\Winamp
2009-02-27 17:00 --------- d-----w d:\documents and settings\Rahul Mohandas\Application Data\uTorrent
2009-02-27 16:52 --------- d-----w d:\documents and settings\Rahul Mohandas\Application Data\Winamp
2009-02-27 15:15 --------- d-----w d:\program files\BitLord
2009-02-27 15:11 --------- d-----w d:\program files\Yahoo!
2009-02-27 14:58 --------- d-----w d:\program files\Google
2009-02-26 20:33 --------- d-----w d:\documents and settings\Rahul Mohandas\Application Data\MSN6
2009-02-26 20:32 --------- d-----w d:\documents and settings\All Users\Application Data\MSN6
2009-02-26 15:58 --------- d-----w d:\documents and settings\Rahul Mohandas\Application Data\U3
2009-02-24 18:32 --------- d-----w d:\program files\Kaspersky Lab
2009-02-24 16:56 --------- d-----w d:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-02-23 12:55 --------- d-----w d:\program files\eLitecore
2009-02-23 11:39 --------- d-----w d:\documents and settings\Rahul Mohandas\Application Data\Broadband
2009-02-23 11:35 --------- d-----w d:\program files\Common Files\Ahead
2009-02-23 11:35 --------- d-----w d:\program files\Ahead
2009-02-22 17:40 --------- d-----w d:\documents and settings\Rahul Mohandas\Application Data\vlc
2009-02-22 17:37 --------- d-----w d:\program files\VideoLAN
2009-02-22 12:56 --------- d-----w d:\program files\AMD
2009-02-22 12:53 --------- d-----w d:\program files\Analog Devices
2009-02-22 12:50 --------- d-----w d:\program files\VIA
2009-02-22 12:40 --------- d-----w d:\program files\microsoft frontpage
2009-02-22 12:39 558,142 ----a-w d:\windows\java\Packages\b9f7ntfn.zip
2009-02-22 12:39 155,995 ----a-w d:\windows\java\Packages\vn3939br.zip
2009-01-14 20:35 911,872 ----a-w d:\windows\system32\wininet.dll
2009-01-14 20:35 43,008 ----a-w d:\windows\system32\licmgr10.dll
2009-01-14 20:34 18,944 ----a-w d:\windows\system32\corpol.dll
2009-01-14 20:33 72,704 ----a-w d:\windows\system32\admparse.dll
2009-01-14 20:33 71,680 ----a-w d:\windows\system32\iesetup.dll
2009-01-14 20:33 420,352 ----a-w d:\windows\system32\vbscript.dll
2009-01-14 20:31 34,304 ----a-w d:\windows\system32\imgutil.dll
2009-01-14 20:30 48,128 ----a-w d:\windows\system32\mshtmler.dll
2009-01-14 20:30 45,568 ----a-w d:\windows\system32\mshta.exe
2009-01-14 20:20 156,160 ----a-w d:\windows\system32\msls31.dll
2004-08-03 19:26 164,746 --sha-r d:\windows\system32\ivana.dll
.
------- Sigcheck -------
2002-08-29 01:58 332928 244a2f9816bc9b593957281ef577d976 d:\windows\$NtServicePackUninstall$\tcpip.sys
2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c d:\windows\ServicePackFiles\i386\tcpip.sys
2004-08-03 23:14 359040 6a603809f598332dbedd535bdbce313e d:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot_2009-04-03_18.13.54.96 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-04-03 07:07:47 228,710 ----a-w d:\windows\system32\inetsrv\MetaBase.bin
+ 2009-04-03 12:56:12 228,709 ----a-w d:\windows\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="d:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1368064]
"AVG8_TRAY"="d:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-03 1601304]
"VTTimer"="VTTimer.exe" [2005-03-09 d:\windows\system32\VTTimer.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-03 12:35 10520 d:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^24Online Client.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\24Online Client.lnk
backup=d:\windows\pss\24Online Client.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 d:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2009-02-27 20:53 133104 d:\documents and settings\Rahul Mohandas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 c:\microsoft office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 d:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
-ra------ 2005-04-27 08:52 589824 d:\program files\VIA\RAID\raid_tool.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-09-12 22:15 36352 d:\program files\Winamp\winampa.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Program Files\\FlashGet\\flashget.exe"=
"d:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\eLitecore\\Cyberoam Client for 24Online\\CyberoamClient.exe"=
"d:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"d:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"d:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12567:TCP"= 12567:TCP:BitComet 12567 TCP
"12567:UDP"= 12567:UDP:BitComet 12567 UDP
"8080:TCP"= 8080:TCP:BitComet 8080 TCP
"8080:UDP"= 8080:UDP:BitComet 8080 UDP
"28050:TCP"= 28050:TCP:Flashget
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"20523:TCP"= 20523:TCP:BitComet 20523 TCP
"20523:UDP"= 20523:UDP:BitComet 20523 UDP
"8026:TCP"= 8026:TCP:cnbuuho
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 AvgRkx86;avgrkx86.sys;d:\windows\system32\drivers\avgrkx86.sys [2009-04-02 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys [2009-04-02 324872]
R1 AvgTdiX;AVG8 Network Redirector;d:\windows\system32\drivers\avgtdix.sys [2009-04-02 107272]
R2 avg8wd;AVG8 WatchDog;d:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-03 298264]
S2 dxvwhtdrd;Center Windows;d:\windows\system32\svchost.exe -k netsvcs [2009-02-24 14336]
S3 AVPsys;AVPsys;d:\windows\system32\drivers\cdaudio.sys [2009-02-25 18688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
dxvwhtdrd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a6afb44-0720-11de-90e4-0013d4a171ec}]
\Shell\AutoRun\command - d:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f015fe2-00e7-11de-bee2-0013d4a171ec}]
\Shell\AutoRun\command - d:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c52d4708-0fd8-11de-9104-0013d4a171ec}]
\Shell\AutoRun\command - d:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"d:\windows\system32\rundll32.exe" "d:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-04-03 d:\windows\Tasks\User_Feed_Synchronization-{FAD19652-F8F9-4DCB-84B2-2B2B8D5D8100}.job
- d:\windows\system32\msfeedssync.exe [2009-01-15 02:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sify.com/
IE: &D&ownload &with BitComet - d:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - d:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - d:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Download All with FlashGet - d:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - d:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\micros~1\Office12\EXCEL.EXE/3000
TCP: {A211AAA6-01DA-4811-8D8F-8A3FEAC4E2AE} = 202.179.76.245,202.71.136.67
DPF: DirectAnimation Java Classes - file://d:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://d:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-03 18:27:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dxvwhtdrd]
"ServiceDll"="d:\windows\system32\ivana.dll"
Thanks in advance Last edited by bakuryu; 04-04-2009 at 12:00 AM.. |
|
|
|
|
04-04-2009, 12:10 AM
|
#577 |
|
ƒ(ψ)=Θº×φ
Join Date: May 2006
Location: India
Age: 23
Posts: 6,621
Thanks: 19
Thanked 645 Times in 603 Posts
Rep Power: 87
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
@sandman ::
yes make a text file and paste the complete file paths below File:: line, and drag drop it on ComboFix and that should delete the file. or you can use Killbox or Unlocker to delete the files. |
|
|
|
|
04-04-2009, 12:18 AM
|
#578 |
|
ƒ(ψ)=Θº×φ
Join Date: May 2006
Location: India
Age: 23
Posts: 6,621
Thanks: 19
Thanked 645 Times in 603 Posts
Rep Power: 87
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
@wilyfox ::
Open command prompt (cmd.exe) and type Code:
sc delete dxvwhtdrd netsh firewall set portopening protocol=TCP port=8026 mode=DISABLE profile=ALL domain=ALL Code:
File::
d:\windows\system32\ivana.dll
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a6afb44-0720-11de-90e4-0013d4a171ec}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f015fe2-00e7-11de-bee2-0013d4a171ec}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c52d4708-0fd8-11de-9104-0013d4a171ec}]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dxvwhtdrd]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost find the value named netsvcs, double click to edit, find the line containing dxvwhtdrd and delete only that line, click OK and close the edit window. |
|
|
|
| Thanked Users: | wilyfox (04-04-2009) |
|
04-04-2009, 02:28 AM
|
#579 |
|
Newbie
Join Date: Apr 2009
Posts: 2
Thanks: 1
Thanked 0 Times in 0 Posts
Rep Power: 0
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
Thanx a lot buddy!! u r a life saver! A big headache gone.. Thanx again
|
|
|
|
|
04-04-2009, 09:07 AM
|
#580 |
|
Newbie
Join Date: Apr 2009
Age: 20
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
OS:
|
Re: Cannot access Antivirus Sites/Google/Avast etc.
Hi, I'm having the same problem. But I can update and scan with spybot s&d, but it didn't find anything.
Here's the hijack this file, i hope you can help me out. Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:23:16 a.m., on 03/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\PixArt\i-Look110\Monitor.exe
C:\ARCHIV~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Media Key\MagicKey.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Media Key\OSD.EXE
C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService.exe
C:\ARCHIV~1\AVG\AVG8\avgrsx.exe
C:\ARCHIV~1\AVG\AVG8\avgnsx.exe
C:\Archivos de programa\AVG\AVG8\avgui.exe
C:\Archivos de programa\AVG\AVG8\avgscanx.exe
C:\Archivos de programa\AVG\AVG8\avgcsrvx.exe
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Archivos de programa\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARCHIV~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARCHIV~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARCHIV~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\i-Look110\Monitor.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\i-Look110\Monitor.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARCHIV~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-746137067-1715567821-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-746137067-1715567821-725345543-1003\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - S-1-5-21-746137067-1715567821-725345543-1003 Startup: Media Key.lnk = C:\Archivos de programa\Media Key\MagicKey.exe (User '?')
O4 - Startup: Media Key.lnk = C:\Archivos de programa\Media Key\MagicKey.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Archivos de programa\MP3 Player Utilities 4.13\AMVConverter\grab.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Archivos de programa\MP3 Player Utilities 4.13\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {46C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDPass Class) - http://www.cdpass.com/cdkey/CDPass.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132242771796
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Archivos de programa\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Archivos de programa\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARCHIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Archivos de programa\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/xx/CONFIG~1/Temp/msohtml1/01/clip_image002.jpg
--
End of file - 5868 bytes
|
|
|
|
|
| Tags |
| antivirus, cleanup, infection, virus, virus removal |
| Thread Tools | |
| Display Modes | |
|
|
< Windows Help - MS Office Help - Hardware Support >
| New To Site? | Need Help? |
Linear Mode
