Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

can't update my kaspersky, can't browse to anti-virus website


  • This topic is locked This topic is locked
1 reply to this topic

#1 ExcaflownE

ExcaflownE

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 27 January 2009 - 09:54 PM

help me please, it always failed to update my kaspersky 7
and I can't open kaspersky website or other anti-virus websites, it happened after I install Bittorrent (with ask.com inside the installation)

this is the log file from combo fix :

ComboFix 09-01-21.04 - ExcaflownE 2009-01-28 9:41:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.950.1.1028.18.959.586 [GMT 8:00]
執行位置: e:\downloads\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated)
* 成功創造新還原點
.

((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\dyepvfbb.dll
c:\windows\system32\hjilTvut.ini
c:\windows\system32\hjilTvut.ini2
c:\windows\system32\mcrh.tmp
c:\windows\system32\tuvTlijh.dll
c:\windows\Tasks\tdllnqhz.job

.
((((((((((((((((((((((((( 2008-12-28 至 2009-01-28 的新的檔案 )))))))))))))))))))))))))))))))
.

2009-01-27 17:03 . 2009-01-27 17:04 1,529,386 --ahs---- c:\windows\system32\bbfvpeyd.ini
2009-01-26 17:03 . 2009-01-26 17:03 1,438,325 --ahs---- c:\windows\system32\xlpfyixj.ini
2009-01-26 04:40 . 2009-01-26 04:40 <DIR> d---s---- c:\documents and settings\ExcaflownE\UserData
2009-01-23 16:32 . 2009-01-25 19:34 1,438,325 --ahs---- c:\windows\system32\sotuffgl.ini
2009-01-23 01:16 . 2009-01-23 01:16 1,438,325 --ahs---- c:\windows\system32\ajhucbck.ini
2009-01-22 03:05 . 2009-01-28 09:49 <DIR> d-------- c:\program files\DNA
2009-01-22 03:05 . 2009-01-28 09:49 <DIR> d-------- c:\documents and settings\ExcaflownE\Application Data\DNA
2009-01-22 03:05 . 2009-01-25 21:34 <DIR> d-------- c:\documents and settings\ExcaflownE\Application Data\BitTorrent
2009-01-22 03:04 . 2009-01-22 03:04 <DIR> d-------- c:\program files\AskSearch
2009-01-22 01:14 . 2009-01-23 01:15 1,438,325 --ahs---- c:\windows\system32\aawyjvet.ini
2009-01-20 15:08 . 2009-01-20 15:08 <DIR> d-------- c:\program files\Kaspersky Lab
2009-01-20 15:08 . 2009-01-28 09:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-01-20 15:08 . 2009-01-28 09:51 1,505,312 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-01-20 15:08 . 2009-01-20 15:08 1,407,285 --ahs---- c:\windows\system32\ofwrdlua.ini
2009-01-20 15:08 . 2009-01-20 15:39 96,976 --a------ c:\windows\system32\drivers\klin.dat
2009-01-20 15:08 . 2009-01-20 15:39 87,855 --a------ c:\windows\system32\drivers\klick.dat
2009-01-20 15:08 . 2009-01-28 09:50 54,560 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-01-20 15:08 . 2009-01-28 09:48 24,248 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-01-20 15:08 . 2009-01-28 09:48 7,160 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-01-20 15:07 . 2009-01-20 15:07 <DIR> d-------- C:\kav
2009-01-19 19:12 . 2009-01-19 19:12 <DIR> d-------- c:\program files\Bonjour
2009-01-19 15:06 . 2009-01-19 15:06 1,407,285 --ahs---- c:\windows\system32\kyburpqx.ini
2009-01-18 15:06 . 2009-01-18 15:06 1,407,285 --ahs---- c:\windows\system32\yolpgnig.ini
2009-01-17 18:10 . 2009-01-27 19:28 <DIR> d-------- c:\documents and settings\ExcaflownE\Tracing
2009-01-17 18:07 . 2009-01-17 18:07 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-01-17 18:07 . 2009-01-17 18:07 <DIR> d-------- c:\program files\Microsoft
2009-01-17 18:06 . 2009-01-17 18:06 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-01-17 18:06 . 2009-01-17 18:07 <DIR> d-------- c:\program files\Windows Live
2009-01-17 18:01 . 2009-01-17 18:01 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-01-17 01:37 . 2009-01-17 01:37 <DIR> d-------- c:\program files\Common Files\SRS Labs Shared
2009-01-17 01:36 . 2009-01-17 01:36 <DIR> d-------- c:\program files\SRS Labs
2009-01-17 01:01 . 2009-01-17 01:01 <DIR> d-------- c:\program files\iPod
2009-01-17 01:01 . 2009-01-17 01:01 <DIR> d-------- c:\documents and settings\ExcaflownE\Application Data\Apple Computer
2009-01-17 01:01 . 2009-01-17 01:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-17 01:01 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2009-01-17 01:01 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2009-01-17 01:00 . 2009-01-17 01:00 <DIR> d-------- c:\program files\QuickTime
2009-01-17 01:00 . 2009-01-17 01:00 <DIR> d-------- c:\program files\Apple Software Update
2009-01-17 01:00 . 2009-01-17 01:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-17 00:59 . 2009-01-17 01:01 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-01-17 00:59 . 2009-01-17 01:01 <DIR> d-------- c:\program files\Common Files\Apple
2009-01-17 00:59 . 2009-01-17 00:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-01-17 00:59 . 2008-11-07 14:23 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys
2009-01-16 23:56 . 2009-01-16 23:56 120 --ahs---- c:\windows\system32\irxtlyvk.ini
2009-01-16 01:14 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2009-01-15 19:01 . 2009-01-15 19:01 1,369,733 --ahs---- c:\windows\system32\uvekcpik.ini
2009-01-15 18:56 . 2009-01-15 18:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-01-15 00:57 . 2009-01-15 00:57 <DIR> d-------- c:\documents and settings\ExcaflownE\Application Data\eMule
2009-01-15 00:47 . 2009-01-15 00:47 <DIR> d-------- c:\documents and settings\ExcaflownE\Application Data\ATI
2009-01-15 00:47 . 2009-01-15 00:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATI
2009-01-15 00:34 . 2009-01-15 00:35 <DIR> d-------- c:\program files\ATI Technologies
2009-01-15 00:32 . 2009-01-15 00:32 <DIR> d-------- c:\program files\Realtek
2009-01-15 00:32 . 2009-01-15 00:34 <DIR> d--h----- c:\program files\InstallShield Installation Information
2009-01-15 00:32 . 2009-01-15 00:34 <DIR> d-------- c:\program files\Common Files\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-20 07:39 112,144 ----a-w c:\windows\system32\drivers\kl1.sys
2009-01-14 17:20 73,728 ----a-w c:\windows\ALCFDRTM.EXE
2009-01-14 15:23 --------- d-----w c:\program files\microsoft frontpage
2008-12-12 03:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-12-12 03:11 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-12-02 14:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
2008-12-01 22:13 3,452,928 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2008-12-01 20:52 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll
2008-12-01 20:51 318,464 ----a-w c:\windows\system32\ati2dvag.dll
2008-12-01 20:46 11,304,960 ----a-w c:\windows\system32\atioglxx.dll
2008-12-01 20:41 188,416 ----a-w c:\windows\system32\atipdlxx.dll
2008-12-01 20:40 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2008-12-01 20:40 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2008-12-01 20:40 147,456 ----a-w c:\windows\system32\Oemdspif.dll
2008-12-01 20:40 143,360 ----a-w c:\windows\system32\ati2evxx.dll
2008-12-01 20:38 598,016 ----a-w c:\windows\system32\ati2evxx.exe
2008-12-01 20:37 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2008-12-01 20:27 4,120,384 ----a-w c:\windows\system32\ati3duag.dll
2008-12-01 20:19 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2008-12-01 20:11 2,495,360 ----a-w c:\windows\system32\ativvaxx.dll
2008-12-01 19:57 48,640 ----a-w c:\windows\system32\amdpcom32.dll
2008-12-01 19:53 45,056 ----a-w c:\windows\system32\amdcalrt.dll
2008-12-01 19:53 45,056 ----a-w c:\windows\system32\amdcalcl.dll
2008-12-01 19:53 401,408 ----a-w c:\windows\system32\atikvmag.dll
2008-12-01 19:52 86,016 ----a-w c:\windows\system32\atiadlxx.dll
2008-12-01 19:52 17,408 ----a-w c:\windows\system32\atitvo32.dll
2008-12-01 19:51 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2008-12-01 19:50 3,252,224 ----a-w c:\windows\system32\Amdcaldd.dll
2008-12-01 19:50 286,720 ----a-w c:\windows\system32\atiok3x2.dll
2008-12-01 19:45 577,536 ----a-w c:\windows\system32\ati2cqag.dll
2008-12-01 06:35 593,920 ----a-w c:\windows\system32\ati2sgag.exe
2004-07-12 00:00 167,698 --sha-r c:\windows\system32\verzn.dll
.

((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-07-12 15360]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2007-11-25 481280]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-22 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-07-12 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-07-12 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-07-12 455168]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"High Definition Audio 屬性頁捷徑"="HDAudPropShortcut.exe" [2004-08-12 c:\windows\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-11-02 c:\windows\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-12-10 c:\windows\ALCWZRD.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2004-07-12 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\eMule\\emule.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"e:\\Program Files\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1729:TCP"= 1729:TCP:moyvhy

R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [2009-01-15 76544]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-12-13 24592]
S4 spzagli;Security Installer;c:\windows\system32\svchost.exe -k netsvcs [2004-07-12 14336]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
spzagli
.
計劃任務 文件夾 裡的內容

2009-01-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{DD64AD71-49A9-40EE-AFDD-E5530892F08F} - c:\windows\system32\tuvTlijh.dll
Notify-ddcBSJax - ddcBSJax.dll


.
------- 而外的掃描 -------
.
uStart Page = hxxp://www.ask.com/?o=101764&l=dis
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
TCP: {66DA38A4-ED7E-4086-B80A-7C3491012F27} = 61.31.233.1 211.78.215.200
FF - ProfilePath - c:\documents and settings\ExcaflownE\Application Data\Mozilla\Firefox\Profiles\jujlq4uq.default\
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: e:\program files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-28 09:50:57
Windows 5.1.2600 Service Pack 2 NTFS

掃描被隱藏的進程 。。。

掃描被隱藏的啟動組 。。。

掃描被隱藏的文件 。。。

掃描完成
被隱藏的檔案: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\spzagli]
"ServiceDll"="c:\windows\system32\verzn.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*CQ譸\CLSID]
@="{809B6661-94C4-49E6-B6EC-3F0F862215AA}"

[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*CQ譸\CurVer]
@="BDATuner.元件.1"
.
--------------------- 運行進程下的動態鏈接庫 ---------------------

- - - - - - - > 'winlogon.exe'(804)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\klogon.dll

- - - - - - - > 'lsass.exe'(860)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\fssync.dll
c:\windows\system32\AUTHZ.dll

- - - - - - - > 'explorer.exe'(1788)
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\fssync.dll
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll
c:\windows\system32\msi.dll
.
------------------------ 其他運行進程 ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
完成時間: 2009-01-28 9:55:12 - 電腦已重新啟動
ComboFix-quarantined-files.txt 2009-01-28 01:55:02

Pre-Run: 25,954,668,544 位元組可用
Post-Run: 25,992,863,744 位元組可用

WindowsXP-KB310994-SP2-Pro-BootDisk-CHT.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

228


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:45 AM

Posted 27 January 2009 - 10:16 PM

Hello ExcaflownE and welcome to BC :thumbsup:

Please note the message text in blue at the top of the Am I infected? What do I do? forum.

ComboFix logs should not to be posted outside the HijackThis forums and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed. If you have any questions, please PM me or another Moderator.

The BC Staff
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users