Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Attack!!!


  • This topic is locked This topic is locked
3 replies to this topic

#1 ktfyellow

ktfyellow

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Thailand
  • Local time:08:07 PM

Posted 31 March 2011 - 06:50 AM

Hello

Malware Response Team.

I have a problem with it Mbam Block IP like the following.

01:09:54 CeroZ MESSAGE Protection started successfully
01:09:58 CeroZ MESSAGE IP Protection started successfully
01:16:51 CeroZ MESSAGE Protection started successfully
01:16:54 CeroZ MESSAGE IP Protection started successfully
01:24:32 CeroZ IP-BLOCK 62.122.75.138 (Type: outgoing, Port: 49263, Process: svchost.exe)
01:26:49 CeroZ IP-BLOCK 94.102.48.130 (Type: outgoing, Port: 49270, Process: firefox.exe)
01:26:49 CeroZ IP-BLOCK 94.102.48.130 (Type: outgoing, Port: 49271, Process: firefox.exe)
01:27:05 CeroZ IP-BLOCK 94.102.48.130 (Type: outgoing, Port: 49272, Process: firefox.exe)
01:27:13 CeroZ IP-BLOCK 94.102.48.130 (Type: outgoing, Port: 49279, Process: firefox.exe)
01:27:13 CeroZ IP-BLOCK 94.102.48.130 (Type: outgoing, Port: 49280, Process: firefox.exe)
01:29:05 CeroZ IP-BLOCK 194.60.205.232 (Type: outgoing, Port: 49292, Process: firefox.exe)
01:29:05 CeroZ IP-BLOCK 91.200.240.30 (Type: outgoing, Port: 49293, Process: firefox.exe)
01:29:05 CeroZ IP-BLOCK 91.200.240.29 (Type: outgoing, Port: 49295, Process: firefox.exe)
01:29:05 CeroZ IP-BLOCK 194.60.205.234 (Type: outgoing, Port: 49296, Process: firefox.exe)
01:29:05 CeroZ IP-BLOCK 91.200.240.31 (Type: outgoing, Port: 49297, Process: firefox.exe)
01:29:05 CeroZ IP-BLOCK 194.60.205.233 (Type: outgoing, Port: 49298, Process: firefox.exe)
01:29:05 CeroZ IP-BLOCK 91.200.240.31 (Type: outgoing, Port: 49299, Process: firefox.exe)
01:29:05 CeroZ IP-BLOCK 194.60.205.232 (Type: outgoing, Port: 49300, Process: firefox.exe)
01:29:05 CeroZ IP-BLOCK 91.200.240.30 (Type: outgoing, Port: 49301, Process: firefox.exe)
01:29:05 CeroZ IP-BLOCK 194.60.205.234 (Type: outgoing, Port: 49302, Process: firefox.exe)
01:29:21 CeroZ IP-BLOCK 194.60.205.232 (Type: outgoing, Port: 49303, Process: firefox.exe)
01:29:21 CeroZ IP-BLOCK 91.200.240.30 (Type: outgoing, Port: 49304, Process: firefox.exe)
01:29:21 CeroZ IP-BLOCK 91.200.240.29 (Type: outgoing, Port: 49305, Process: firefox.exe)
01:29:21 CeroZ IP-BLOCK 194.60.205.234 (Type: outgoing, Port: 49306, Process: firefox.exe)
01:29:22 CeroZ IP-BLOCK 91.200.240.31 (Type: outgoing, Port: 49307, Process: firefox.exe)
01:29:22 CeroZ IP-BLOCK 194.60.205.233 (Type: outgoing, Port: 49308, Process: firefox.exe)
01:29:22 CeroZ IP-BLOCK 91.200.240.31 (Type: outgoing, Port: 49309, Process: firefox.exe)
01:29:22 CeroZ IP-BLOCK 194.60.205.232 (Type: outgoing, Port: 49310, Process: firefox.exe)
01:29:22 CeroZ IP-BLOCK 91.200.240.30 (Type: outgoing, Port: 49311, Process: firefox.exe)
01:29:22 CeroZ IP-BLOCK 194.60.205.234 (Type: outgoing, Port: 49312, Process: firefox.exe)
01:29:30 CeroZ IP-BLOCK 194.60.205.232 (Type: outgoing, Port: 49313, Process: firefox.exe)
01:29:30 CeroZ IP-BLOCK 91.200.240.30 (Type: outgoing, Port: 49314, Process: firefox.exe)
01:29:30 CeroZ IP-BLOCK 91.200.240.29 (Type: outgoing, Port: 49315, Process: firefox.exe)
01:29:30 CeroZ IP-BLOCK 194.60.205.234 (Type: outgoing, Port: 49316, Process: firefox.exe)
01:29:30 CeroZ IP-BLOCK 91.200.240.31 (Type: outgoing, Port: 49317, Process: firefox.exe)
01:29:30 CeroZ IP-BLOCK 194.60.205.233 (Type: outgoing, Port: 49318, Process: firefox.exe)
01:29:30 CeroZ IP-BLOCK 91.200.240.31 (Type: outgoing, Port: 49319, Process: firefox.exe)
01:29:30 CeroZ IP-BLOCK 194.60.205.232 (Type: outgoing, Port: 49320, Process: firefox.exe)
01:29:30 CeroZ IP-BLOCK 91.200.240.30 (Type: outgoing, Port: 49321, Process: firefox.exe)
01:29:30 CeroZ IP-BLOCK 194.60.205.234 (Type: outgoing, Port: 49322, Process: firefox.exe)
01:37:47 CeroZ IP-BLOCK 68.168.212.18 (Type: outgoing, Port: 49550, Process: svchost.exe)
01:39:16 CeroZ IP-BLOCK 91.200.240.30 (Type: outgoing, Port: 49559, Process: firefox.exe)
01:39:16 CeroZ IP-BLOCK 194.60.205.232 (Type: outgoing, Port: 49560, Process: firefox.exe)
01:39:16 CeroZ IP-BLOCK 91.200.240.29 (Type: outgoing, Port: 49561, Process: firefox.exe)
01:39:16 CeroZ IP-BLOCK 194.60.205.234 (Type: outgoing, Port: 49562, Process: firefox.exe)
01:39:16 CeroZ IP-BLOCK 91.200.240.31 (Type: outgoing, Port: 49563, Process: firefox.exe)
01:39:16 CeroZ IP-BLOCK 194.60.205.233 (Type: outgoing, Port: 49564, Process: firefox.exe)
01:39:16 CeroZ IP-BLOCK 194.60.205.232 (Type: outgoing, Port: 49565, Process: firefox.exe)
01:39:16 CeroZ IP-BLOCK 91.200.240.31 (Type: outgoing, Port: 49566, Process: firefox.exe)
01:39:16 CeroZ IP-BLOCK 91.200.240.30 (Type: outgoing, Port: 49567, Process: firefox.exe)
01:39:16 CeroZ IP-BLOCK 194.60.205.234 (Type: outgoing, Port: 49568, Process: firefox.exe)
01:40:12 CeroZ IP-BLOCK 91.200.240.30 (Type: outgoing, Port: 49625, Process: firefox.exe)
01:40:12 CeroZ IP-BLOCK 194.60.205.232 (Type: outgoing, Port: 49626, Process: firefox.exe)
01:40:12 CeroZ IP-BLOCK 91.200.240.29 (Type: outgoing, Port: 49627, Process: firefox.exe)
01:40:12 CeroZ IP-BLOCK 194.60.205.234 (Type: outgoing, Port: 49628, Process: firefox.exe)
01:40:12 CeroZ IP-BLOCK 91.200.240.31 (Type: outgoing, Port: 49629, Process: firefox.exe)
01:40:12 CeroZ IP-BLOCK 194.60.205.233 (Type: outgoing, Port: 49630, Process: firefox.exe)
01:40:12 CeroZ IP-BLOCK 194.60.205.232 (Type: outgoing, Port: 49631, Process: firefox.exe)
01:40:12 CeroZ IP-BLOCK 91.200.240.31 (Type: outgoing, Port: 49632, Process: firefox.exe)
01:40:12 CeroZ IP-BLOCK 91.200.240.30 (Type: outgoing, Port: 49633, Process: firefox.exe)
01:40:12 CeroZ IP-BLOCK 194.60.205.234 (Type: outgoing, Port: 49634, Process: firefox.exe)
01:41:00 CeroZ IP-BLOCK 91.200.240.30 (Type: outgoing, Port: 49717, Process: firefox.exe)
01:41:00 CeroZ IP-BLOCK 194.60.205.232 (Type: outgoing, Port: 49718, Process: firefox.exe)
01:41:00 CeroZ IP-BLOCK 91.200.240.29 (Type: outgoing, Port: 49719, Process: firefox.exe)
01:41:00 CeroZ IP-BLOCK 194.60.205.234 (Type: outgoing, Port: 49720, Process: firefox.exe)
01:41:00 CeroZ IP-BLOCK 91.200.240.31 (Type: outgoing, Port: 49721, Process: firefox.exe)
01:41:00 CeroZ IP-BLOCK 194.60.205.233 (Type: outgoing, Port: 49722, Process: firefox.exe)
01:41:00 CeroZ IP-BLOCK 194.60.205.232 (Type: outgoing, Port: 49723, Process: firefox.exe)
01:41:00 CeroZ IP-BLOCK 91.200.240.31 (Type: outgoing, Port: 49724, Process: firefox.exe)
01:41:00 CeroZ IP-BLOCK 91.200.240.30 (Type: outgoing, Port: 49725, Process: firefox.exe)
01:41:00 CeroZ IP-BLOCK 194.60.205.234 (Type: outgoing, Port: 49726, Process: firefox.exe)
01:42:21 CeroZ IP-BLOCK 91.200.240.30 (Type: outgoing, Port: 49749, Process: firefox.exe)
01:42:21 CeroZ IP-BLOCK 194.60.205.232 (Type: outgoing, Port: 49750, Process: firefox.exe)
01:42:21 CeroZ IP-BLOCK 91.200.240.29 (Type: outgoing, Port: 49751, Process: firefox.exe)
01:42:21 CeroZ IP-BLOCK 194.60.205.234 (Type: outgoing, Port: 49752, Process: firefox.exe)
01:42:21 CeroZ IP-BLOCK 91.200.240.31 (Type: outgoing, Port: 49753, Process: firefox.exe)
01:42:21 CeroZ IP-BLOCK 194.60.205.233 (Type: outgoing, Port: 49754, Process: firefox.exe)
01:42:21 CeroZ IP-BLOCK 194.60.205.232 (Type: outgoing, Port: 49755, Process: firefox.exe)
01:42:21 CeroZ IP-BLOCK 91.200.240.31 (Type: outgoing, Port: 49756, Process: firefox.exe)
01:42:21 CeroZ IP-BLOCK 91.200.240.30 (Type: outgoing, Port: 49757, Process: firefox.exe)
01:42:21 CeroZ IP-BLOCK 194.60.205.234 (Type: outgoing, Port: 49758, Process: firefox.exe)
01:42:45 CeroZ IP-BLOCK 91.200.240.30 (Type: outgoing, Port: 49781, Process: firefox.exe)
01:42:45 CeroZ IP-BLOCK 194.60.205.232 (Type: outgoing, Port: 49782, Process: firefox.exe)
01:42:45 CeroZ IP-BLOCK 91.200.240.29 (Type: outgoing, Port: 49783, Process: firefox.exe)
01:42:45 CeroZ IP-BLOCK 194.60.205.234 (Type: outgoing, Port: 49784, Process: firefox.exe)
01:42:45 CeroZ IP-BLOCK 91.200.240.31 (Type: outgoing, Port: 49785, Process: firefox.exe)
01:42:45 CeroZ IP-BLOCK 194.60.205.233 (Type: outgoing, Port: 49786, Process: firefox.exe)
01:42:45 CeroZ IP-BLOCK 194.60.205.232 (Type: outgoing, Port: 49787, Process: firefox.exe)
01:42:45 CeroZ IP-BLOCK 91.200.240.31 (Type: outgoing, Port: 49788, Process: firefox.exe)
01:42:45 CeroZ IP-BLOCK 91.200.240.30 (Type: outgoing, Port: 49789, Process: firefox.exe)
01:42:45 CeroZ IP-BLOCK 194.60.205.234 (Type: outgoing, Port: 49790, Process: firefox.exe)
01:43:57 CeroZ IP-BLOCK 91.200.240.30 (Type: outgoing, Port: 49791, Process: firefox.exe)
01:43:57 CeroZ IP-BLOCK 194.60.205.232 (Type: outgoing, Port: 49792, Process: firefox.exe)
01:43:57 CeroZ IP-BLOCK 91.200.240.29 (Type: outgoing, Port: 49793, Process: firefox.exe)
01:43:57 CeroZ IP-BLOCK 194.60.205.234 (Type: outgoing, Port: 49794, Process: firefox.exe)
01:43:57 CeroZ IP-BLOCK 91.200.240.31 (Type: outgoing, Port: 49795, Process: firefox.exe)
01:43:57 CeroZ IP-BLOCK 194.60.205.233 (Type: outgoing, Port: 49796, Process: firefox.exe)
01:43:57 CeroZ IP-BLOCK 194.60.205.232 (Type: outgoing, Port: 49797, Process: firefox.exe)
01:43:57 CeroZ IP-BLOCK 91.200.240.31 (Type: outgoing, Port: 49798, Process: firefox.exe)
01:43:57 CeroZ IP-BLOCK 91.200.240.30 (Type: outgoing, Port: 49799, Process: firefox.exe)
01:43:57 CeroZ IP-BLOCK 194.60.205.234 (Type: outgoing, Port: 49800, Process: firefox.exe)
01:47:50 CeroZ IP-BLOCK 68.168.212.20 (Type: outgoing, Port: 49879, Process: svchost.exe)
02:23:06 CeroZ MESSAGE Protection started successfully
02:23:09 CeroZ MESSAGE IP Protection started successfully
02:33:39 CeroZ MESSAGE Protection started successfully
02:33:42 CeroZ MESSAGE IP Protection started successfully
02:35:21 CeroZ MESSAGE Scheduled update executed successfully
02:35:49 CeroZ MESSAGE IP Protection stopped
02:35:50 CeroZ MESSAGE Database updated successfully
02:35:51 CeroZ MESSAGE IP Protection started successfully
02:40:38 CeroZ MESSAGE Protection started successfully
02:40:42 CeroZ MESSAGE IP Protection started successfully
02:47:49 CeroZ IP-BLOCK 62.122.75.138 (Type: outgoing, Port: 49169, Process: svchost.exe)
02:55:27 CeroZ MESSAGE IP Protection stopped
02:55:42 CeroZ MESSAGE IP Protection started successfully
02:56:21 CeroZ IP-BLOCK 89.149.254.163 (Type: outgoing, Port: 49179, Process: bitcomet.exe)
03:01:03 CeroZ IP-BLOCK 68.168.212.18 (Type: outgoing, Port: 49186, Process: svchost.exe)
03:09:36 CeroZ IP-BLOCK 62.122.75.138 (Type: outgoing, Port: 49187, Process: svchost.exe)
03:11:04 CeroZ IP-BLOCK 68.168.212.20 (Type: outgoing, Port: 49188, Process: svchost.exe)
03:20:57 CeroZ IP-BLOCK 68.168.212.19 (Type: outgoing, Port: 49190, Process: svchost.exe)
03:30:59 CeroZ IP-BLOCK 68.168.212.21 (Type: outgoing, Port: 49205, Process: svchost.exe)
03:32:19 CeroZ IP-BLOCK 62.122.75.138 (Type: outgoing, Port: 49206, Process: svchost.exe)
03:41:01 CeroZ IP-BLOCK 91.212.226.6 (Type: outgoing, Port: 49214, Process: svchost.exe)
07:03:38 CeroZ MESSAGE Protection started successfully
07:03:41 CeroZ MESSAGE IP Protection started successfully
07:04:29 CeroZ IP-BLOCK 194.60.205.232 (Type: outgoing, Port: 49184, Process: firefox.exe)
07:04:29 CeroZ IP-BLOCK 91.200.240.30 (Type: outgoing, Port: 49185, Process: firefox.exe)
07:04:29 CeroZ IP-BLOCK 91.200.240.29 (Type: outgoing, Port: 49186, Process: firefox.exe)
07:04:29 CeroZ IP-BLOCK 194.60.205.234 (Type: outgoing, Port: 49187, Process: firefox.exe)
07:04:29 CeroZ IP-BLOCK 194.60.205.233 (Type: outgoing, Port: 49188, Process: firefox.exe)
07:04:29 CeroZ IP-BLOCK 91.200.240.31 (Type: outgoing, Port: 49189, Process: firefox.exe)
07:04:29 CeroZ IP-BLOCK 194.60.205.232 (Type: outgoing, Port: 49190, Process: firefox.exe)
07:04:29 CeroZ IP-BLOCK 91.200.240.31 (Type: outgoing, Port: 49191, Process: firefox.exe)
07:04:29 CeroZ IP-BLOCK 194.60.205.234 (Type: outgoing, Port: 49192, Process: firefox.exe)
07:04:29 CeroZ IP-BLOCK 91.200.240.30 (Type: outgoing, Port: 49193, Process: firefox.exe)
07:25:18 CeroZ MESSAGE Protection started successfully
07:25:21 CeroZ MESSAGE IP Protection started successfully
07:33:00 CeroZ MESSAGE Protection started successfully
07:33:04 CeroZ MESSAGE IP Protection started successfully
07:39:46 CeroZ IP-BLOCK 62.122.75.138 (Type: outgoing, Port: 49324, Process: svchost.exe)
07:45:32 CeroZ IP-BLOCK 62.122.75.138 (Type: outgoing, Port: 49346, Process: svchost.exe)
07:45:48 CeroZ IP-BLOCK 91.200.240.30 (Type: outgoing, Port: 49348, Process: firefox.exe)
07:45:48 CeroZ IP-BLOCK 194.60.205.232 (Type: outgoing, Port: 49349, Process: firefox.exe)
07:45:48 CeroZ IP-BLOCK 194.60.205.234 (Type: outgoing, Port: 49350, Process: firefox.exe)
07:45:48 CeroZ IP-BLOCK 91.200.240.29 (Type: outgoing, Port: 49351, Process: firefox.exe)
07:45:48 CeroZ IP-BLOCK 194.60.205.233 (Type: outgoing, Port: 49353, Process: firefox.exe)
07:45:48 CeroZ IP-BLOCK 91.200.240.31 (Type: outgoing, Port: 49354, Process: firefox.exe)
07:45:48 CeroZ IP-BLOCK 91.200.240.31 (Type: outgoing, Port: 49357, Process: firefox.exe)
07:45:48 CeroZ IP-BLOCK 194.60.205.232 (Type: outgoing, Port: 49358, Process: firefox.exe)
07:45:48 CeroZ IP-BLOCK 91.200.240.30 (Type: outgoing, Port: 49359, Process: firefox.exe)
07:45:48 CeroZ IP-BLOCK 194.60.205.232 (Type: outgoing, Port: 49360, Process: firefox.exe)
07:45:49 CeroZ IP-BLOCK 194.60.205.234 (Type: outgoing, Port: 49361, Process: firefox.exe)
07:45:49 CeroZ IP-BLOCK 91.200.240.29 (Type: outgoing, Port: 49362, Process: firefox.exe)
07:45:49 CeroZ IP-BLOCK 194.60.205.233 (Type: outgoing, Port: 49363, Process: firefox.exe)
07:45:49 CeroZ IP-BLOCK 91.200.240.31 (Type: outgoing, Port: 49364, Process: firefox.exe)
07:45:49 CeroZ IP-BLOCK 91.200.240.31 (Type: outgoing, Port: 49365, Process: firefox.exe)
07:45:49 CeroZ IP-BLOCK 194.60.205.232 (Type: outgoing, Port: 49366, Process: firefox.exe)
07:45:49 CeroZ IP-BLOCK 91.200.240.30 (Type: outgoing, Port: 49367, Process: firefox.exe)
07:45:49 CeroZ IP-BLOCK 194.60.205.234 (Type: outgoing, Port: 49368, Process: firefox.exe)
07:46:13 CeroZ IP-BLOCK 91.200.240.30 (Type: outgoing, Port: 49384, Process: firefox.exe)
07:46:13 CeroZ IP-BLOCK 194.60.205.234 (Type: outgoing, Port: 49385, Process: firefox.exe)
07:46:29 CeroZ IP-BLOCK 91.200.240.30 (Type: outgoing, Port: 49386, Process: firefox.exe)
07:46:29 CeroZ IP-BLOCK 194.60.205.232 (Type: outgoing, Port: 49387, Process: firefox.exe)
07:46:29 CeroZ IP-BLOCK 194.60.205.234 (Type: outgoing, Port: 49388, Process: firefox.exe)
07:46:29 CeroZ IP-BLOCK 91.200.240.29 (Type: outgoing, Port: 49389, Process: firefox.exe)
07:46:29 CeroZ IP-BLOCK 194.60.205.233 (Type: outgoing, Port: 49390, Process: firefox.exe)
07:46:29 CeroZ IP-BLOCK 91.200.240.31 (Type: outgoing, Port: 49391, Process: firefox.exe)
07:46:29 CeroZ IP-BLOCK 91.200.240.31 (Type: outgoing, Port: 49392, Process: firefox.exe)
07:46:29 CeroZ IP-BLOCK 194.60.205.232 (Type: outgoing, Port: 49393, Process: firefox.exe)
07:46:29 CeroZ IP-BLOCK 91.200.240.30 (Type: outgoing, Port: 49394, Process: firefox.exe)
07:46:29 CeroZ IP-BLOCK 194.60.205.234 (Type: outgoing, Port: 49395, Process: firefox.exe)
17:07:25 CeroZ MESSAGE Protection started successfully
17:07:28 CeroZ MESSAGE IP Protection started successfully
17:14:37 CeroZ IP-BLOCK 91.200.240.30 (Type: outgoing, Port: 49180, Process: firefox.exe)
17:14:37 CeroZ IP-BLOCK 194.60.205.232 (Type: outgoing, Port: 49181, Process: firefox.exe)
17:14:37 CeroZ IP-BLOCK 194.60.205.234 (Type: outgoing, Port: 49182, Process: firefox.exe)
17:14:37 CeroZ IP-BLOCK 91.200.240.29 (Type: outgoing, Port: 49183, Process: firefox.exe)
17:14:37 CeroZ IP-BLOCK 91.200.240.31 (Type: outgoing, Port: 49184, Process: firefox.exe)
17:14:37 CeroZ IP-BLOCK 194.60.205.233 (Type: outgoing, Port: 49185, Process: firefox.exe)
17:14:37 CeroZ IP-BLOCK 194.60.205.232 (Type: outgoing, Port: 49186, Process: firefox.exe)
17:14:37 CeroZ IP-BLOCK 91.200.240.31 (Type: outgoing, Port: 49187, Process: firefox.exe)
17:14:37 CeroZ IP-BLOCK 194.60.205.234 (Type: outgoing, Port: 49188, Process: firefox.exe)
17:14:37 CeroZ IP-BLOCK 91.200.240.30 (Type: outgoing, Port: 49189, Process: firefox.exe)
17:14:45 CeroZ IP-BLOCK 62.122.75.136 (Type: outgoing, Port: 49190, Process: svchost.exe)
17:14:45 CeroZ IP-BLOCK 62.122.75.138 (Type: outgoing, Port: 49191, Process: svchost.exe)
17:14:53 CeroZ IP-BLOCK 91.200.240.30 (Type: outgoing, Port: 49192, Process: firefox.exe)
17:14:53 CeroZ IP-BLOCK 194.60.205.232 (Type: outgoing, Port: 49193, Process: firefox.exe)
17:14:53 CeroZ IP-BLOCK 194.60.205.234 (Type: outgoing, Port: 49194, Process: firefox.exe)
17:14:54 CeroZ IP-BLOCK 91.200.240.29 (Type: outgoing, Port: 49195, Process: firefox.exe)
17:14:54 CeroZ IP-BLOCK 91.200.240.31 (Type: outgoing, Port: 49196, Process: firefox.exe)
17:14:54 CeroZ IP-BLOCK 194.60.205.233 (Type: outgoing, Port: 49197, Process: firefox.exe)
17:14:54 CeroZ IP-BLOCK 194.60.205.232 (Type: outgoing, Port: 49198, Process: firefox.exe)
17:14:54 CeroZ IP-BLOCK 91.200.240.31 (Type: outgoing, Port: 49199, Process: firefox.exe)
17:14:54 CeroZ IP-BLOCK 194.60.205.234 (Type: outgoing, Port: 49200, Process: firefox.exe)
17:14:54 CeroZ IP-BLOCK 91.200.240.30 (Type: outgoing, Port: 49201, Process: firefox.exe)
17:20:57 CeroZ IP-BLOCK 91.200.240.30 (Type: outgoing, Port: 49273, Process: iexplore.exe)
17:20:58 CeroZ IP-BLOCK 194.60.205.232 (Type: outgoing, Port: 49274, Process: iexplore.exe)
17:20:58 CeroZ IP-BLOCK 194.60.205.234 (Type: outgoing, Port: 49275, Process: iexplore.exe)
17:20:58 CeroZ IP-BLOCK 91.200.240.29 (Type: outgoing, Port: 49276, Process: iexplore.exe)
17:20:58 CeroZ IP-BLOCK 91.200.240.31 (Type: outgoing, Port: 49277, Process: iexplore.exe)
17:20:58 CeroZ IP-BLOCK 194.60.205.233 (Type: outgoing, Port: 49278, Process: iexplore.exe)
17:20:58 CeroZ IP-BLOCK 194.60.205.232 (Type: outgoing, Port: 49279, Process: iexplore.exe)
17:20:58 CeroZ IP-BLOCK 91.200.240.31 (Type: outgoing, Port: 49280, Process: iexplore.exe)
17:20:58 CeroZ IP-BLOCK 194.60.205.234 (Type: outgoing, Port: 49281, Process: iexplore.exe)
17:20:58 CeroZ IP-BLOCK 91.200.240.30 (Type: outgoing, Port: 49282, Process: iexplore.exe)
17:27:55 CeroZ IP-BLOCK 68.168.212.18 (Type: outgoing, Port: 49299, Process: svchost.exe)
17:29:31 CeroZ IP-BLOCK 91.200.240.30 (Type: outgoing, Port: 49489, Process: firefox.exe)
17:29:31 CeroZ IP-BLOCK 194.60.205.232 (Type: outgoing, Port: 49490, Process: firefox.exe)
17:29:31 CeroZ IP-BLOCK 194.60.205.234 (Type: outgoing, Port: 49491, Process: firefox.exe)
17:29:31 CeroZ IP-BLOCK 91.200.240.29 (Type: outgoing, Port: 49492, Process: firefox.exe)
17:29:31 CeroZ IP-BLOCK 91.200.240.31 (Type: outgoing, Port: 49493, Process: firefox.exe)
17:29:31 CeroZ IP-BLOCK 194.60.205.233 (Type: outgoing, Port: 49494, Process: firefox.exe)
17:29:31 CeroZ IP-BLOCK 194.60.205.232 (Type: outgoing, Port: 49495, Process: firefox.exe)
17:29:31 CeroZ IP-BLOCK 91.200.240.31 (Type: outgoing, Port: 49496, Process: firefox.exe)
17:29:31 CeroZ IP-BLOCK 194.60.205.234 (Type: outgoing, Port: 49497, Process: firefox.exe)
17:29:31 CeroZ IP-BLOCK 91.200.240.30 (Type: outgoing, Port: 49498, Process: firefox.exe)
17:29:55 CeroZ IP-BLOCK 62.122.75.136 (Type: outgoing, Port: 49503, Process: svchost.exe)
17:29:55 CeroZ IP-BLOCK 62.122.75.138 (Type: outgoing, Port: 49504, Process: svchost.exe)
17:34:20 CeroZ IP-BLOCK 91.200.240.30 (Type: outgoing, Port: 49579, Process: firefox.exe)
17:34:20 CeroZ IP-BLOCK 194.60.205.232 (Type: outgoing, Port: 49580, Process: firefox.exe)
17:34:20 CeroZ IP-BLOCK 194.60.205.234 (Type: outgoing, Port: 49581, Process: firefox.exe)
17:34:20 CeroZ IP-BLOCK 91.200.240.29 (Type: outgoing, Port: 49582, Process: firefox.exe)
17:34:20 CeroZ IP-BLOCK 91.200.240.31 (Type: outgoing, Port: 49583, Process: firefox.exe)
17:34:20 CeroZ IP-BLOCK 194.60.205.233 (Type: outgoing, Port: 49584, Process: firefox.exe)
17:34:20 CeroZ IP-BLOCK 194.60.205.232 (Type: outgoing, Port: 49585, Process: firefox.exe)
17:34:20 CeroZ IP-BLOCK 91.200.240.31 (Type: outgoing, Port: 49586, Process: firefox.exe)
17:34:20 CeroZ IP-BLOCK 194.60.205.234 (Type: outgoing, Port: 49587, Process: firefox.exe)
17:34:20 CeroZ IP-BLOCK 91.200.240.30 (Type: outgoing, Port: 49588, Process: firefox.exe)
17:34:44 CeroZ IP-BLOCK 91.200.240.30 (Type: outgoing, Port: 49598, Process: firefox.exe)
17:34:44 CeroZ IP-BLOCK 194.60.205.232 (Type: outgoing, Port: 49599, Process: firefox.exe)
17:34:44 CeroZ IP-BLOCK 194.60.205.234 (Type: outgoing, Port: 49600, Process: firefox.exe)
17:34:44 CeroZ IP-BLOCK 91.200.240.29 (Type: outgoing, Port: 49601, Process: firefox.exe)
17:34:44 CeroZ IP-BLOCK 91.200.240.31 (Type: outgoing, Port: 49602, Process: firefox.exe)
17:34:44 CeroZ IP-BLOCK 194.60.205.233 (Type: outgoing, Port: 49603, Process: firefox.exe)
17:34:45 CeroZ IP-BLOCK 91.200.240.30 (Type: outgoing, Port: 49604, Process: firefox.exe)
17:34:45 CeroZ IP-BLOCK 194.60.205.232 (Type: outgoing, Port: 49605, Process: firefox.exe)
17:34:45 CeroZ IP-BLOCK 194.60.205.234 (Type: outgoing, Port: 49606, Process: firefox.exe)
17:34:45 CeroZ IP-BLOCK 91.200.240.29 (Type: outgoing, Port: 49607, Process: firefox.exe)
17:34:45 CeroZ IP-BLOCK 91.200.240.31 (Type: outgoing, Port: 49608, Process: firefox.exe)
17:34:45 CeroZ IP-BLOCK 194.60.205.233 (Type: outgoing, Port: 49609, Process: firefox.exe)
17:34:45 CeroZ IP-BLOCK 194.60.205.232 (Type: outgoing, Port: 49610, Process: firefox.exe)
17:34:45 CeroZ IP-BLOCK 91.200.240.31 (Type: outgoing, Port: 49611, Process: firefox.exe)
17:34:45 CeroZ IP-BLOCK 194.60.205.234 (Type: outgoing, Port: 49612, Process: firefox.exe)
17:34:45 CeroZ IP-BLOCK 91.200.240.30 (Type: outgoing, Port: 49613, Process: firefox.exe)
17:34:53 CeroZ IP-BLOCK 194.60.205.232 (Type: outgoing, Port: 49614, Process: firefox.exe)
17:34:53 CeroZ IP-BLOCK 91.200.240.31 (Type: outgoing, Port: 49615, Process: firefox.exe)
17:34:53 CeroZ IP-BLOCK 194.60.205.234 (Type: outgoing, Port: 49616, Process: firefox.exe)
17:34:53 CeroZ IP-BLOCK 91.200.240.30 (Type: outgoing, Port: 49617, Process: firefox.exe)
17:37:57 CeroZ IP-BLOCK 68.168.212.20 (Type: outgoing, Port: 49619, Process: svchost.exe)
17:47:59 CeroZ IP-BLOCK 68.168.212.19 (Type: outgoing, Port: 49638, Process: svchost.exe)
17:51:51 CeroZ IP-BLOCK 62.122.75.136 (Type: outgoing, Port: 49648, Process: svchost.exe)
17:51:51 CeroZ IP-BLOCK 62.122.75.138 (Type: outgoing, Port: 49649, Process: svchost.exe)
17:57:53 CeroZ IP-BLOCK 68.168.212.21 (Type: outgoing, Port: 49674, Process: svchost.exe)
18:07:56 CeroZ IP-BLOCK 91.212.226.6 (Type: outgoing, Port: 49690, Process: svchost.exe)
18:20:24 CeroZ MESSAGE Protection started successfully
18:20:27 CeroZ MESSAGE IP Protection started successfully
18:29:18 CeroZ MESSAGE Protection started successfully
18:29:22 CeroZ MESSAGE IP Protection started successfully
18:36:59 CeroZ IP-BLOCK 62.122.75.136 (Type: outgoing, Port: 49223, Process: svchost.exe)
18:36:59 CeroZ IP-BLOCK 62.122.75.138 (Type: outgoing, Port: 49224, Process: svchost.exe)
---------------------------------------------------------------------------------------------------------
It very annoying and IE Error / Firefox4 not open.

I have attached the following file.
Attached File  IE error.JPG   26.42KB   2 downloads

Attached File  Attach.txt   12.98KB   1 downloads
Attached File  DDS.txt   18.08KB   1 downloads


Log in parts of the Gmer scan, but I hold it, I scan the second round.
Can not be attached to your review.

Top end noise Malware Response Team to help me look for me.

Thanks in advance.

BC AdBot (Login to Remove)

 


#2 ktfyellow

ktfyellow
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Thailand
  • Local time:08:07 PM

Posted 01 April 2011 - 07:15 AM

Hello

Hijeck to help see that a malware or not and how to edit.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:49:04, on 1/4/2554
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Acronis\Timounter\TimounterMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Acronis\TrayMonitor\TrayMonitor.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.garena.com/portal/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: CStat - {DD92DE22-ED91-4560-B788-DEE2B26612E6} - C:\Program Files\DeviceVM\Browser Configuration Utility\IEHelper.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [USB Gamepad] C:\Windows\USB Vibration\dr100&110\USB Gamepad.exe -boot
O4 - HKLM\..\Run: [BackupAndRecoveryMonitor.exe] C:\Program Files\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Common Files\Acronis\Timounter\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [TrayMonitor.exe] C:\Program Files\Acronis\TrayMonitor\TrayMonitor.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [DES2] C:\Program Files\GIGABYTE\EnergySaver2\des2.exe state
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1980545696-790248459-1326945974-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Acronis Agent User')
O4 - HKUS\S-1-5-21-1980545696-790248459-1326945974-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Acronis Agent User')
O8 - Extra context menu item: ดาวน์ฺโหลดด้วย BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: ดาวน์โหลดทั้งหมดด้วย BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: ดาวน์โหลดวิดีโอทั้งหมดด้วย BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O9 - Extra button: (no name) - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll/206 (file missing)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Remote Agent (AcronisAgent) - Acronis - C:\Program Files\Common Files\Acronis\Agent\agent.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: DES2 Service for Energy Saving. (DES2 Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Acronis Managed Machine Service (MMS) - Acronis - C:\Program Files\Acronis\BackupAndRecovery\mms.exe
O23 - Service: Smart TimeLock Service (Smart TimeLock) - Gigabyte Technology CO., LTD. - C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe

--
End of file - 7510 bytes

DDS Log
.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by CeroZ at 18:31:41.90 on Fri 04/01/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.874.66.1033.18.3579.3070 [GMT 7:00]
.
AV: ESET Smart Security 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET Smart Security 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\CeroZ\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.garena.com/portal/
uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - c:\program files\devicevm\browser configuration utility\AddressBarSearch.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.4.1.27.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: BHO Class: {dd92de22-ed91-4560-b788-dee2b26612e6} - c:\program files\devicevm\browser configuration utility\IEHelper.dll
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
uRun: [BitComet] "c:\program files\bitcomet\BitComet.exe" /tray
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [USB Gamepad] c:\windows\usb vibration\dr100&110\USB Gamepad.exe -boot
mRun: [BackupAndRecoveryMonitor.exe] c:\program files\acronis\backupandrecovery\BackupAndRecoveryMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\common files\acronis\timounter\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [TrayMonitor.exe] c:\program files\acronis\traymonitor\TrayMonitor.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [DES2] c:\program files\gigabyte\energysaver2\des2.exe state
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: ดาวน์ฺโหลดด้วย BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: ดาวน์โหลดทั้งหมดด้วย BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: ดาวน์โหลดวิดีโอทั้งหมดด้วย BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.4.1.27.dll/206
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ceroz\appdata\roaming\mozilla\firefox\profiles\5sbf19e9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.th
FF - component: c:\users\ceroz\appdata\roaming\mozilla\firefox\profiles\5sbf19e9.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
.
============= SERVICES / DRIVERS ===============
.
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-4-28 185344]
S2 AcronisAgent;Acronis Remote Agent;c:\program files\common files\acronis\agent\agent.exe [2009-11-27 1865560]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-4-24 176128]
S2 BCUService;Browser Configuration Utility Service;c:\program files\devicevm\browser configuration utility\BCUService.exe [2010-4-28 212232]
S2 DES2 Service;DES2 Service for Energy Saving.;c:\program files\gigabyte\energysaver2\des2svr.exe [2010-4-28 68136]
S2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-9-11 735960]
S2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-9-11 38240]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-1 363344]
S2 MMS;Acronis Managed Machine Service;c:\program files\acronis\backupandrecovery\mms.exe [2009-11-27 4285664]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files\gigabyte\smart6\timelock\TimeMgmtDaemon.exe [2010-4-28 102400]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 GarenaPEngine;GarenaPEngine;c:\users\ceroz\appdata\local\temp\OHU6FAC.tmp [2010-4-29 25616]
S3 hid7906;hid7906;c:\windows\system32\drivers\hid7906.sys [2010-4-29 41272]
S3 hid8101;hid8101;c:\windows\system32\drivers\hid8101.sys [2010-4-29 43192]
S3 hid8103;hid8103;c:\windows\system32\drivers\hid8103.sys [2010-4-29 40856]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-1 20952]
.
=============== Created Last 30 ================
.
2011-04-01 10:40:53 -------- d-----w- c:\users\ceroz\appdata\roaming\Malwarebytes
2011-04-01 10:40:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-01 10:40:46 -------- d-----w- c:\progra~2\Malwarebytes
2011-04-01 10:40:43 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-01 10:40:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-04-01 10:36:31 17488 ----a-w- c:\windows\gdrv.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: WDC_WD5000AADS-00S9B0 rev.01.00A01 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85D7F439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x85d857d0]; MOV EAX, [0x85d8584c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x8207E458] -> \Device\Harddisk0\DR0[0x85D57690]
3 CLASSPNP[0x8C06859E] -> ntkrnlpa!IofCallDriver[0x8207E458] -> [0x84CC5608]
5 ACPI[0x8B8AD3B2] -> ntkrnlpa!IofCallDriver[0x8207E458] -> \IdeDeviceP0T0L0-0[0x85697908]
\Driver\atapi[0x85D68B50] -> IRP_MJ_CREATE -> 0x85D7F439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x147; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskWDC_WD5000AADS-00S9B0___________________01.00A01#5&31875f92&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 976773166 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 18:32:04.07 ===============

Gmer Log

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-01 18:37:22
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD5000AADS-00S9B0 rev.01.00A01
Running: gw4kt9zq.exe; Driver: C:\Users\CeroZ\AppData\Local\Temp\awloyaob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82085579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 820A9F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? C:\Users\CeroZ\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[856] ntdll.dll!NtProtectVirtualMemory 77345360 5 Bytes JMP 0053000A
.text C:\Windows\system32\svchost.exe[856] ntdll.dll!NtWriteVirtualMemory 77345EE0 5 Bytes JMP 005A000A
.text C:\Windows\system32\svchost.exe[856] ntdll.dll!KiUserExceptionDispatcher 77346448 5 Bytes JMP 002B000A
.text C:\Windows\system32\svchost.exe[856] ole32.dll!CoCreateInstance 75C557FC 5 Bytes JMP 0073000A
.text C:\Windows\system32\svchost.exe[856] USER32.dll!GetCursorPos 75E7C198 5 Bytes JMP 0075000A
.text C:\Windows\system32\svchost.exe[856] USER32.dll!GetForegroundWindow 75E8565D 5 Bytes JMP 0077000A
.text C:\Windows\system32\svchost.exe[856] USER32.dll!WindowFromPoint 75EA6D0C 5 Bytes JMP 0076000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[932] ntdll.dll!NtProtectVirtualMemory 77345360 5 Bytes JMP 0058000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[932] ntdll.dll!NtWriteVirtualMemory 77345EE0 5 Bytes JMP 005A000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[932] ntdll.dll!KiUserExceptionDispatcher 77346448 5 Bytes JMP 0053000A
.text C:\Windows\Explorer.EXE[1412] ntdll.dll!NtProtectVirtualMemory 77345360 5 Bytes JMP 005C000A
.text C:\Windows\Explorer.EXE[1412] ntdll.dll!NtWriteVirtualMemory 77345EE0 5 Bytes JMP 005D000A
.text C:\Windows\Explorer.EXE[1412] ntdll.dll!KiUserExceptionDispatcher 77346448 5 Bytes JMP 005B000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)

Device \Driver\ACPI_HAL \Device\0000004e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskWDC_WD5000AADS-00S9B0___________________01.00A01#5&31875f92&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\1413667816\Groups@-\16-\16\37\16D\16%\16\31\16L\16 1

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----
Attached File  hijackthis.log   7.33KB   0 downloads
Attached File  DDS.txt   9.39KB   0 downloads
Attached File  Attach.txt   8KB   2 downloads
Attached File  gmer.log   6.85KB   1 downloads

Edited by Orange Blossom, 01 April 2011 - 10:50 AM.
Merged topics. ~ OB


#3 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:07 AM

Posted 02 April 2011 - 04:01 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until Iíve given you the ďAll clear.Ē Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
Posted Image P2P - I see you have P2P software (BitComet) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to malware infections. Please see this post for more information. I recommend that you uninstall these now. You can do so via Control Panel >> Add or Remove Programs. If you choose to keep these applications, please do not use them until our fixes at BC are complete.

Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:07 AM

Posted 07 April 2011 - 10:11 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users