Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

someone pls help me..


  • Please log in to reply
1 reply to this topic

#1 onutza6

onutza6

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 02 April 2009 - 09:30 PM

ComboFix 09-04-01.01 - Administrator 2009-04-03 5:09:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.107 [GMT 3:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated)
AV: AVG Anti-Virus *On-access scanning enabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Marcel.LICA-21C07D70E0\Application Data\wiaserva.log
c:\windows\9g234sdfdfgjf23
c:\windows\system32\28463
c:\windows\system32\28463\COJQ.001
c:\windows\system32\28463\COJQ.006
c:\windows\system32\28463\key.bin
c:\windows\system32\inst.dat
c:\windows\system32\kw.dat
c:\windows\system32\pk.bin
c:\windows\system32\upx.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2009-03-03 to 2009-04-03 )))))))))))))))))))))))))))))))
.

2009-04-03 05:05 . 2006-03-03 00:42 73,728 --a------ C:\pv.exe
2009-04-03 04:34 . 2009-04-03 04:34 <DIR> d--hs---- c:\documents and settings\Administrator\PrivacIE
2009-04-03 04:30 . 2009-04-03 04:30 <DIR> d--hs---- c:\documents and settings\Administrator\IETldCache
2009-04-03 04:26 . 2009-04-03 04:28 <DIR> d--h-c--- c:\windows\ie8
2009-04-03 03:48 . 2009-04-03 03:48 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Avira
2009-04-03 03:44 . 2009-04-03 04:34 <DIR> d-------- c:\documents and settings\Administrator
2009-04-02 11:40 . 2009-04-03 03:41 <DIR> d-------- C:\Winamp
2009-04-02 11:12 . 2009-04-02 11:12 <DIR> d-------- c:\documents and settings\Marcel.LICA-21C07D70E0\Application Data\Radmin
2009-04-02 09:54 . 2009-04-02 09:54 0 --a------ c:\windows\system32\commonpriv.log.lock
2009-04-01 16:57 . 2004-02-10 16:21 704,512 --a------ c:\windows\system32\radmin.exe
2009-04-01 04:06 . 2009-04-01 10:34 <DIR> d-------- c:\program files\GooglePlusVideos
2009-04-01 03:32 . 2009-02-13 11:31 55,640 --a------ c:\windows\system32\drivers\avgntflt.sys
2009-04-01 02:48 . 2009-04-01 02:48 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-03-31 15:53 . 2009-03-31 15:53 <DIR> d--h----- c:\windows\PIF
2009-03-31 02:33 . 1998-02-06 21:35 304,128 --a------ c:\windows\unin0407.exe
2009-03-29 22:09 . 2009-03-29 22:09 1,786 --a------ c:\windows\system32\PerfStringBackup.TMP
2009-03-29 22:03 . 2009-04-02 09:54 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-28 20:52 . 2009-03-28 20:52 <DIR> d-------- c:\documents and settings\Marcel.LICA-21C07D70E0\Application Data\Avira
2009-03-28 19:49 . 2009-03-28 19:49 <DIR> d-------- c:\program files\Avira
2009-03-28 19:49 . 2009-03-28 19:49 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Avira
2009-03-27 19:43 . 2009-03-27 19:43 <DIR> d-------- c:\program files\Avira GmbH
2009-03-26 14:58 . 2009-03-26 14:58 <DIR> d-------- c:\program files\Common Files\Download Manager
2009-03-23 12:10 . 1997-11-05 22:17 64,000 --a------ c:\windows\system32\Apigid32.dll
2009-03-23 03:56 . 2007-06-08 18:15 1,519,616 --a------ c:\windows\system32\mxpvct25.dat
2009-03-23 03:56 . 2004-03-08 22:00 662,288 --a------ c:\windows\system32\mscomct2.ocx
2009-03-23 03:56 . 2004-03-09 17:45 132,880 --a------ c:\windows\system32\mxpvct22.dat
2009-03-22 15:12 . 2009-03-28 19:25 <DIR> d-------- c:\documents and settings\Marcel.LICA-21C07D70E0\temp
2009-03-21 20:55 . 2009-03-21 20:55 <DIR> d--h----- c:\windows\$hf_mig$
2009-03-21 20:47 . 2009-03-24 02:05 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-21 20:36 . 2008-10-16 15:09 43,544 --a------ c:\windows\system32\wups2.dll
2009-03-21 20:36 . 2008-10-16 15:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui
2009-03-21 20:36 . 2008-10-16 15:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui
2009-03-21 20:36 . 2008-10-16 15:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2009-03-21 20:36 . 2008-10-16 15:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui
2009-03-21 19:05 . 2009-03-21 19:05 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Downloaded Installations
2009-03-21 19:04 . 2009-04-03 02:41 <DIR> d-------- c:\program files\AVG
2009-03-21 19:04 . 2009-03-21 19:04 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-21 19:04 . 2009-03-21 19:04 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-21 19:04 . 2009-03-21 19:04 12,552 --a------ c:\windows\system32\drivers\avgrkx86.sys
2009-03-21 19:04 . 2009-03-21 19:04 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-19 06:18 . 2009-03-19 06:18 0 --a------ c:\windows\system32\drivers\help.html
2009-03-19 04:53 . 2009-03-19 04:53 <DIR> d-------- c:\windows\system32\drivers\umdf
2009-03-19 04:53 . 2009-03-19 05:02 <DIR> d-------- c:\program files\Common Files\AVSMedia
2009-03-19 04:52 . 2009-01-07 18:21 26,144 --a------ c:\windows\system32\spupdsvc.exe
2009-03-19 04:51 . 2009-01-28 20:49 1,700,352 --a------ c:\windows\system32\GdiPlus.dll
2009-03-19 04:51 . 2009-01-28 20:49 974,848 --a------ c:\windows\system32\mfc70.dll
2009-03-19 04:51 . 2009-01-28 20:49 487,424 --a------ c:\windows\system32\msvcp70.dll
2009-03-19 04:51 . 2009-01-28 20:49 344,064 --a------ c:\windows\system32\msvcr70.dll
2009-03-19 04:51 . 2009-01-28 20:49 24,576 --a------ c:\windows\system32\msxml3a.dll
2009-03-18 19:37 . 2009-03-19 06:03 25,216 --a------ c:\windows\system32\tmp.ico
2009-03-18 19:35 . 2009-03-18 19:35 152,848 --a------ c:\windows\system32\comdlg32.ocx
2009-03-18 19:11 . 2003-07-06 15:07 372,736 --a------ c:\windows\system32\IJL_11.DLL
2009-03-18 19:11 . 2004-03-09 01:00 212,240 --a------ c:\windows\system32\RICHTX32.OCX
2009-03-18 19:11 . 2004-03-09 01:00 124,688 --a------ c:\windows\system32\MSWINSCK.OCX
2009-03-18 19:08 . 2009-03-28 21:27 <DIR> d--hs---- c:\windows\Sys
2009-03-18 12:18 . 2009-03-18 12:18 <DIR> d-------- c:\program files\Java
2009-03-18 12:18 . 2009-03-18 12:18 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-10 17:35 . 2009-03-10 17:35 <DIR> d-------- c:\program files\Common Files\CANON
2009-03-10 17:18 . 2009-03-10 21:30 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\ScanSoft
2009-03-10 17:18 . 2009-03-10 17:18 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\InstallShield
2009-03-10 17:17 . 2009-03-10 17:17 <DIR> d-------- c:\program files\ScanSoft
2009-03-08 14:22 . 2009-03-08 14:22 1,241,088 --------- c:\windows\system32\ieframe.dll.mui
2009-03-08 14:22 . 2009-03-08 14:22 49,152 --------- c:\windows\system32\msrating.dll.mui
2009-03-08 14:22 . 2009-03-08 14:22 2,560 --------- c:\windows\system32\mshta.exe.mui
2009-03-08 14:21 . 2009-03-08 14:21 10,240 --------- c:\windows\system32\advpack.dll.mui
2009-03-08 14:21 . 2009-03-08 14:21 4,096 --------- c:\windows\system32\ie4uinit.exe.mui
2009-03-08 14:20 . 2009-03-08 14:20 81,920 --------- c:\windows\system32\iedkcs32.dll.mui

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-02 10:59 --------- d-----w c:\program files\oDC
2009-04-01 01:21 96,256 ----a-w c:\windows\system32\drivers\sptd2989.sys
2009-03-30 10:56 --------- d-----w c:\documents and settings\Marcel.LICA-21C07D70E0\Application Data\Winamp
2009-03-29 19:04 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-29 19:03 --------- d-----w c:\program files\Yahoo!
2009-03-28 16:30 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo!
2009-03-27 16:53 --------- d-----w c:\program files\Common Files\InstallShield
2009-03-21 15:20 --------- d-----w c:\program files\Winamp
2009-03-18 09:18 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-18 08:34 --------- d-----w c:\program files\Common Files\Adobe
2009-03-10 22:05 --------- d-----w c:\program files\Canon
2009-03-10 21:55 --------- d-----w c:\documents and settings\Marcel.LICA-21C07D70E0\Application Data\Canon
2009-03-08 01:34 914,944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 01:34 43,008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 01:33 420,352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 01:33 18,944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 01:32 72,704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 01:32 71,680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 01:31 48,128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 01:31 45,568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 01:31 34,816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 01:22 156,160 ----a-w c:\windows\system32\msls31.dll
2009-03-07 12:38 --------- d-----w c:\program files\Google
2009-03-07 11:05 12,464 ----a-w c:\windows\system32\drivers\secdrv.sys
2009-03-01 19:13 98,304 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-07 01:47 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Trymedia
2009-01-29 17:36 354,560 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-01-29 16:34 64,567 ----a-w c:\windows\BricoPackUninst.cmd
2009-01-29 16:34 6,128 ----a-w c:\windows\BricoPackFoldersDelete.cmd
2009-01-29 16:34 218,624 ----a-w c:\windows\system32\uxtheme.dll
2009-01-07 15:20 265,720 ----a-w c:\windows\system32\msdbg2.dll
2009-01-07 15:20 26,112 ----a-w c:\windows\system32\idndl.dll
2009-01-07 15:20 24,576 ----a-w c:\windows\system32\nlsdl.dll
2009-01-07 15:20 23,552 ----a-w c:\windows\system32\normaliz.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-11-09 128920]
"BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-18 148888]
"nwiz"="nwiz.exe" [2002-10-25 c:\windows\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-21 19:04 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft]
c:\windows\system [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVGIDSWatcher"=2 (0x2)
"AVGIDSAgent"=2 (0x2)
"avg8wd"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Kituri\\BlueSoleil.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2897:TCP"= 2897:TCP:wpmubxn
"4899:TCP"= 4899:TCP:lalaal

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-03-21 12552]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-21 107912]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2009-04-01 186625]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [2009-04-01 432897]
R2 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2008-03-19 51816]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-21 325640]
S2 rlcgw;mjmeiktl;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]
S2 zvhtmwo;System Server;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]
S4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-21 298264]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
zvhtmwo
rlcgw

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-03-20 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-04-16 10:59]

2009-04-03 c:\windows\Tasks\User_Feed_Synchronization-{D814CC95-7D1D-4A06-866B-5B7F0D2C1C14}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 04:31]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Messenger (Yahoo!) - c:\program files\Yahoo!\Messenger\YahooMessenger.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: {00279B84-D618-4B33-B27C-347C9836E119} = 213.154.124.1 193.231.252.1
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-03 05:17:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rlcgw]
"ServiceDll"="c:\windows\system32\hujjhi.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zvhtmwo]
"ServiceDll"="c:\windows\system32\hujjhi.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-329068152-764733703-1060284298-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9e,51,b4,a3,ee,25,49,4e,9d,7f,88,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9e,51,b4,a3,ee,25,49,4e,9d,7f,88,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(732)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\savedump.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-03 5:19:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-03 02:19:24

Pre-Run: 4,639,457,280 bytes free
Post-Run: 4,623,613,952 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

250

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,556 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:53 AM

Posted 02 April 2009 - 09:42 PM

Hello please see the blue text at the top of this page, thank you.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users