Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can´t Connect to antivirus sites and microsoft


  • This topic is locked This topic is locked
1 reply to this topic

#1 dudelebowski

dudelebowski

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 17 October 2009 - 10:34 AM

Hi i think im infected, i can´t connect to antivirus sites and microsoft web page, here is my combofix log please help me my operating system is windows xp.

ComboFix 09-10-16.09 - dirque 17-10-2009 15:56.1.1 - FAT32x86
Executando de: c:\documents and settings\dirque\Ambiente de trabalho\Stuff\Programas\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\dirque\Application Data\Desktopicon
c:\documents and settings\dirque\Application Data\Desktopicon\eBayShortcuts.exe
c:\recycled\Recycled
c:\windows\system32\AVSredirect.dll
c:\windows\system32\msconfig.exe

.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-09-17 to 2009-10-17 ))))))))))))))))))))))))))))
.

2009-10-17 14:23 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-17 14:23 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-17 14:23 . 2009-10-17 14:23 -------- d-----w- c:\programas\Malwarebytes' Anti-Malware
2009-10-17 13:46 . 2009-10-17 13:46 -------- d--h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-17 13:39 . 2009-10-17 13:39 -------- d-----w- c:\documents and settings\dirque\Application Data\Malwarebytes
2009-10-17 13:38 . 2009-10-17 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-17 13:38 . 2009-10-17 13:38 -------- d-----w- c:\programas\Lavasoft
2009-10-17 13:38 . 2009-10-17 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-17 13:14 . 2009-10-17 13:14 -------- d-----w- c:\documents and settings\dirque\Application Data\AVG8
2009-10-15 17:54 . 2009-10-15 17:54 -------- d-----w- c:\programas\Aiseesoft Studio
2009-10-14 16:49 . 2009-10-14 16:49 -------- d-----w- c:\programas\Winamp
2009-10-14 16:49 . 2009-10-14 16:49 -------- d-----w- c:\documents and settings\dirque\Application Data\Winamp
2009-10-13 16:32 . 2009-10-13 16:32 -------- d-----w- c:\programas\Blubster
2009-10-11 16:57 . 2009-10-11 16:57 -------- d-----w- C:\FOUND.025
2009-10-11 16:52 . 2009-10-11 16:53 -------- d-----w- c:\windows\ServicePackFiles
2009-10-11 15:56 . 2009-10-11 15:56 -------- d-----w- c:\windows\Applian FLV Player
2009-10-11 15:49 . 2009-10-11 15:49 -------- d-----w- C:\FOUND.024
2009-10-11 15:40 . 2009-10-11 15:40 -------- d-----w- C:\FOUND.023
2009-10-11 15:34 . 2009-10-11 15:34 -------- d-----w- C:\FOUND.022
2009-10-11 14:36 . 2007-05-17 16:30 318976 ----a-w- c:\windows\system32\avisynth.dll
2009-10-11 14:36 . 2004-02-22 09:11 719872 ----a-w- c:\windows\system32\devil.dll
2009-10-11 14:36 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2009-10-11 14:36 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2009-10-11 14:36 . 1998-01-05 02:23 -------- d-----w- c:\programas\AviSynth 2.5
2009-10-11 13:46 . 2009-10-11 13:46 -------- d-----w- c:\documents and settings\dirque\Application Data\vlc
2009-10-11 13:42 . 2009-10-11 13:42 -------- d-----w- c:\programas\eMule
2009-10-11 13:09 . 2009-10-11 13:09 -------- d-----w- c:\programas\VideoLAN
2009-10-11 12:51 . 2009-10-11 12:51 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-10-11 12:40 . 2009-06-05 07:46 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-10-10 23:15 . 2007-02-25 14:36 383238 ----a-w- c:\windows\system32\libmp3lame-0.dll
2009-10-10 22:46 . 2009-10-10 22:46 -------- d-----w- c:\programas\Ficheiros comuns\SWF Studio
2009-10-10 22:44 . 2009-10-10 22:44 -------- d-----w- c:\programas\Riva
2009-10-10 22:36 . 2008-04-21 21:26 219136 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-10-10 21:45 . 2009-10-10 21:45 -------- d-s---w- c:\documents and settings\dirque\UserData
2009-10-10 21:22 . 2009-10-10 21:22 -------- d-----w- c:\documents and settings\dirque\Application Data\uTorrent
2009-10-10 21:11 . 2008-10-03 10:16 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2009-10-10 21:11 . 2009-10-10 21:11 -------- d-----w- C:\videooutput
2009-10-10 21:11 . 2008-10-15 16:59 332800 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-10-10 21:10 . 2008-12-04 20:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2009-10-10 21:10 . 2006-11-01 13:52 765952 ----a-w- c:\windows\system32\xvidcore.dll
2009-10-10 21:10 . 2008-09-04 16:45 1106944 ------w- c:\windows\system32\dllcache\msxml3.dll
2009-10-10 20:54 . 2005-02-25 03:36 22752 ----a-w- c:\windows\system32\spupdsvc.exe
2009-10-10 20:46 . 2009-10-10 20:46 -------- d-----w- c:\documents and settings\dirque\dwhelper
2009-10-10 20:37 . 2009-10-10 20:37 -------- d-----w- C:\FOUND.021
2009-10-10 15:23 . 2009-10-10 15:23 -------- d-----w- C:\FOUND.020
2009-09-30 14:38 . 2009-09-30 14:38 -------- d-----w- C:\FOUND.019
2009-09-28 19:25 . 2009-09-28 19:25 -------- d-----w- C:\FOUND.018
2009-09-28 19:20 . 2009-09-28 19:20 -------- d-----w- C:\FOUND.017
2009-09-28 12:36 . 2009-09-28 12:36 -------- d-----w- C:\FOUND.016
2009-09-25 19:16 . 2009-09-25 19:16 -------- d-----w- C:\FOUND.015
2009-09-25 18:47 . 2009-09-25 18:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2009-09-25 17:41 . 2009-09-25 17:41 -------- d-----w- c:\windows\nview
2009-09-25 17:41 . 2006-10-22 11:22 208896 ----a-w- c:\windows\system32\nvudisp.exe

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-16 16:57 . 2009-10-16 16:57 3104768 ----a-w- c:\documents and settings\dirque\ntuser.tmp
2009-09-25 19:18 . 1998-01-05 02:00 98304 ----a-w- c:\windows\DUMPed2d.tmp
2009-09-25 19:08 . 1998-01-05 02:00 98304 ----a-w- c:\windows\DUMPb67d.tmp
2009-09-11 19:12 . 2009-09-11 19:12 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-09-11 17:01 . 2009-09-11 17:01 -------- d-----w- c:\programas\Bethesda Softworks
2009-08-23 12:30 . 2009-08-23 12:30 -------- d-----w- c:\programas\MOV to WMV
2009-08-23 12:22 . 2009-08-23 12:22 -------- d-----w- c:\documents and settings\dirque\Application Data\AVS4YOU
2009-08-23 12:22 . 2009-08-23 12:22 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-08-23 12:17 . 2009-08-23 12:17 -------- d-----w- c:\programas\Ficheiros comuns\AVSMedia
2009-08-23 12:14 . 2009-08-23 12:14 -------- d-----w- c:\programas\AVS4YOU
2009-08-22 21:30 . 2009-08-22 18:31 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-22 18:35 . 2009-08-22 18:35 -------- d-----w- c:\documents and settings\dirque\Application Data\Apple Computer
2009-08-22 18:27 . 2009-08-22 18:27 -------- d-----w- c:\programas\QuickTime
2009-08-22 18:27 . 2009-08-22 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-22 18:26 . 2009-08-22 18:26 -------- d-----w- c:\programas\Apple Software Update
2009-08-22 18:26 . 2009-08-22 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-08-20 14:15 . 2004-08-04 13:00 62438 ----a-w- c:\windows\system32\perfc016.dat
2009-08-20 14:15 . 2004-08-04 13:00 384656 ----a-w- c:\windows\system32\perfh016.dat
2009-08-11 11:35 . 2009-08-22 19:23 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-08-05 09:06 . 2004-08-04 13:00 205824 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 16:33 . 2009-08-03 16:33 81920 ----a-w- c:\windows\system32\W32N50.DLL
2009-08-03 16:33 . 2009-08-03 16:33 17134 ----a-w- c:\windows\system32\PCANDIS5.SYS
2008-04-04 22:10 . 1998-01-21 22:04 30720 ----a-w- c:\programas\kxsfi.dll
2008-04-04 22:10 . 1998-01-21 22:04 30720 ----a-w- c:\programas\kXi.dll
2004-08-04 13:00 . 2004-08-04 13:00 162941 --sh--r- c:\windows\system32\zdoutj.dll
.

------- Sigcheck -------

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\2011ce589a96f0833e98d1dba59110ee\sp3qfe\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\2011ce589a96f0833e98d1dba59110ee\sp3gdr\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\SoftwareDistribution\Download\2011ce589a96f0833e98d1dba59110ee\sp2gdr\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\SoftwareDistribution\Download\2011ce589a96f0833e98d1dba59110ee\sp2qfe\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\eade054874a65e64b0ef7051e3b7b212\tcpip.sys
[-] 2006-08-31 . 6A603809F598332DBEDD535BDBCE313E . 359040 . . [5.1.2600.2180] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-04-14 . 4DC57C2978F95EBB8433EFE78CADAAF2 . 1572352 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\eade054874a65e64b0ef7051e3b7b212\sfcfiles.dll
[-] 2006-08-31 16:52 . AB3D62010AF342203FFA60C2D94DBC68 . 8704 . . [1] . . c:\windows\system32\sfcfiles.dll

[-] 2008-04-14 . 45AEDF4724D76CA5A31B6435993B524E . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\eade054874a65e64b0ef7051e3b7b212\regsvc.dll

c:\windows\system32\regsvc.dll ... está faltando !!
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\programas\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kX Mixer"="kxmixer --startup" [X]
"QuickTime Task"="c:\programas\QuickTime\QTTask.exe" [2009-05-26 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"WinampAgent"="c:\programas\Winamp\winampa.exe" [2009-07-01 37888]
"AtiPTA"="atiptaxx.exe" - c:\windows\system32\atiptaxx.exe [2001-09-27 245760]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

c:\documents and settings\dirque\Menu Iniciar\Programas\Arranque\
ctfmon.exe [2006-6-27 20480]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\dirque\\Ambiente de trabalho\\utorrent.exe"=
"c:\\Programas\\Blubster\\Blubster.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1669:TCP"= 1669:TCP:rutjj

R3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys [04-04-2008 23:10 568320]
R3 RTL8187B;TG123g USB Wireless Adapter;c:\windows\system32\drivers\RTL8187B.sys [03-08-2009 17:33 264576]
S2 bnuywyue;Update Image;c:\windows\system32\svchost.exe -k netsvcs [04-08-2004 14:00 14336]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programas\Lavasoft\Ad-Aware\AAWService.exe [24-09-2009 12:17 1170768]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [04-11-2008 19:50 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [04-11-2008 19:50 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [04-11-2008 19:50 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [04-11-2008 19:51 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [04-11-2008 19:50 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [04-11-2008 19:51 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [04-11-2008 19:51 115752]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
bnuywyue
.
Conteúdo da pasta 'Tarefas Agendadas'

2009-10-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-10-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programas\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 13:51]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.pt/
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\dirque\Application Data\Mozilla\Firefox\Profiles\wbolcna3.default\
FF - prefs.js: browser.startup.homepage - www.google.pt

---- FIREFOX POLICIES ----
c:\programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.
- - - - ORFÃOS REMOVIDOS - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-MsnMsgr - c:\programas\MSN Messenger\MsnMsgr.Exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-17 16:18
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\bnuywyue]
"ServiceDll"="c:\windows\system32\zdoutj.dll"
.
Tempo para conclusão: 2009-10-17 16:22
ComboFix-quarantined-files.txt 2009-10-17 15:22

Pré-execução: 7.494.893.568 bytes livres
Pós execução: 7.512.932.352 bytes livres

WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

206 --- E O F --- 2009-10-10 20:56

BC AdBot (Login to Remove)

 


#2 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 17 October 2009 - 10:36 AM

Hello dudelebowski,

Please note the message text in blue at the top of the Am I infected? What do I do? forum.

ComboFix logs should not to be posted outside the HijackThis forums and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed. If you have any questions, please PM me or another Moderator.
The BC Staff




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users