 [Resolved] Problem with HTTP/HTTPS/FTP after running Combofix..., ...after previous Win32:Monga (Trj) infection |
Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)
  |
 Oct 5 2008, 12:15 PM
Post
#1
|
|
|
New Member  Group: New Member Posts: 9 Joined: 5-October 08 Member No.: 81,823 Operating System: Win XP HE SP3  |
Hi, please help, I've tried everything and I can't find the source of the problem. I'd rather not reinstall the system/format hdd. I will try to describe my problem as detailed as possible and I will add the Hijackthis and Combofix logs. For you help TIA.
WHAT'S THE PROBLEM: I've got a problem with my ASUS F7E notebook running on Win XP HE SP3. I can not browse any web pages, both by IE and Firefox. The connection is being resetted while negotiation (this is what firefox says). Alle the other services work fine (windows updates, ICQ, ping etc.). It's just the HTTP, HTTPS and FTP that I can not use (ports 80 and 21). This problem disappears when the system is being run in an emergency mode with network service. WHAT HAPPENED: The notebook was infected by the Win32:Monga (Trj). I used Norton Internet Security 2007 and online scanner (Polish MKS_Vir) to get rid of the infection. It deleted the infected files, but did not undo the changes made in the system. Therefore I could not open any local disc drives by My Computer (no matter what I selected - Open, Explore, Autorun- the system tried to use infected e.com file to perform the instruction), see any hidden or system files, regardless of windows settings. I've heared that ComboFix solves these problems. After downloading ComboFix I disconnected the network cable form the laptop, uninstalled Norton Internet Security (since I had 5 days of subscription left) and reboot the computer. Than I started ComboFix. At the end of the program (while generating the log file) an error of Catchme.tmp occured (the one with Send a report/Don't send). Nevertheless, after a while the program closed properly, the log file was generated (which I add at the end of this post). I restarted the computer, uninstalled combofix (Run -> ComboFix /u) and deleted the QooBox folder. I installed Avast antivirus, run Trojan Remover and ATF Cleaner. Updated the system from SP2 to SP3. All the problems caused by Monga were fixed. However, a new one appeared. The one with browsing the web... I've tried everything. Checekd all the network settings, browsers settings, turned off windows firewall (afted uninstalling Norton IS this is the only one left in the system), tried installing new browser (Opera), tried another network (WiFi). I still can't open any web pages. I think of reinstalling network drivers and IE. Do you think it might help? I did all of these actions (except for uninstalling Norton IS) on my other notebook (Toshinba Satellite S2450-S203), also infected by Monga and everything is OK on this one. The problems were fixed and the network works fine. ComboFix log: CODE ComboFix 08-10-01.02 - Bartek 2008-10-04 20:20:54.3 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.1540 [GMT 2:00] Uruchomiony z: C:\Documents and Settings\Bartek\Moje dokumenty\Bluetooth\SharedFolder\ComboFix.exe [color=red][b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/b][/color] . ((((((((((((((((((((((((( Pliki utworzone od 2008-09-04 do 2008-10-04 ))))))))))))))))))))))))))))))) . 2008-10-04 18:15 . 2008-10-04 18:15 <DIR> d-------- C:\Program Files\Opera 2008-10-04 13:29 . 2008-10-04 13:29 <DIR> d-------- C:\WINDOWS\system32\pl 2008-10-04 13:29 . 2008-10-04 13:29 <DIR> d-------- C:\WINDOWS\system32\bits 2008-10-04 13:29 . 2008-10-04 13:29 <DIR> d-------- C:\WINDOWS\l2schemas 2008-10-04 13:28 . 2008-10-04 13:28 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-10-04 13:23 . 2008-10-04 13:23 <DIR> d-------- C:\WINDOWS\EHome 2008-10-04 13:11 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll 2008-10-04 13:09 . 2008-10-04 13:09 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-10-04 12:21 . 2008-10-04 12:21 <DIR> d-------- C:\Program Files\Alwil Software 2008-10-04 11:41 . 2008-10-04 11:41 <DIR> d-------- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP 2008-10-04 11:33 . 2008-10-04 11:33 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-10-04 11:29 . 2008-10-04 11:29 <DIR> d-------- C:\Program Files\Trojan Remover 2008-10-03 23:09 . 2008-10-03 23:09 <DIR> d-------- C:\Program Files\MSXML 6.0 2008-10-03 23:07 . 2008-10-03 23:07 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-10-03 22:33 . 2008-10-03 22:33 <DIR> d-------- C:\Program Files\SkanerOnline 2008-10-03 08:15 . 2004-08-03 22:41 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys 2008-10-03 08:15 . 2004-08-03 22:29 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys 2008-10-03 08:15 . 2004-08-03 22:29 26,367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys 2008-10-03 08:15 . 2004-08-03 22:29 14,336 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys 2008-10-03 08:15 . 2004-08-03 22:29 13,824 --------- C:\WINDOWS\system32\drivers\atinttxx.sys 2008-10-03 08:15 . 2004-08-03 22:29 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys 2008-10-03 08:07 . 2008-06-14 19:36 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-10-03 08:07 . 2008-06-14 19:36 273,024 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-10-03 08:06 . 2008-05-08 16:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-10-03 08:05 . 2008-04-11 21:06 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-10-03 08:05 . 2008-05-01 16:37 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll 2008-10-02 10:14 . 2008-10-02 10:14 <DIR> d-------- C:\Documents and Settings\Bartek\Dane aplikacji\Gadu-Gadu 2008-10-02 10:13 . 2008-10-02 10:13 <DIR> d-------- C:\Program Files\Gadu-Gadu 2008-10-02 10:13 . 2008-10-02 10:13 <DIR> d-------- C:\Documents and Settings\Bartek\Gadu-Gadu 2008-10-01 23:40 . 2008-10-01 23:40 0 --a------ C:\WINDOWS\nsreg.dat 2008-10-01 23:37 . 2008-10-01 23:37 <DIR> d-------- C:\totalcmd 2008-10-01 23:37 . 2008-10-02 12:10 677 --a------ C:\WINDOWS\wincmd.ini 2008-10-01 23:37 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\UC.PIF 2008-10-01 23:37 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\RAR.PIF 2008-10-01 23:37 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\PKZIP.PIF 2008-10-01 23:37 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2008-10-01 23:37 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2008-10-01 23:37 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\LHA.PIF 2008-10-01 23:37 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\ARJ.PIF 2008-10-01 21:55 . 2008-10-01 21:55 <DIR> d-------- C:\Program Files\Team17 2008-10-01 19:44 . 2008-10-01 19:44 <DIR> d---s---- C:\Documents and Settings\Bartek\UserData 2008-10-01 18:39 . 2008-10-01 18:39 <DIR> d-------- C:\Program Files\SubEdit-Player 2008-09-16 21:00 . 2008-09-16 21:00 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-09-16 21:00 . 2008-09-16 21:00 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-09-16 20:58 . 2008-09-16 20:58 <DIR> dr-h----- C:\MSOCache 2008-09-16 15:07 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2008-09-16 15:07 . 2008-09-16 21:01 649 --a------ C:\WINDOWS\ODBC.INI 2008-09-13 16:39 . 2008-10-04 20:22 45,056 --a------ C:\WINDOWS\system32\acovcnt.exe 2008-09-12 22:00 . 2008-09-12 22:00 <DIR> d-------- C:\Documents and Settings\Bartek\Dane aplikacji\DivX 2008-09-11 22:53 . 2008-09-11 22:53 <DIR> d-------- C:\Program Files\Codec 2008-09-09 12:04 . 2008-09-09 12:04 <DIR> d-------- C:\Documents and Settings\Bartek\Dane aplikacji\SmarThru4 2008-09-09 12:04 . 2008-04-13 20:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-09-09 12:03 . 2008-09-09 12:03 <DIR> d-------- C:\Program Files\Common Files\SRC Shared 2008-09-09 12:02 . 2008-09-09 12:02 <DIR> d-------- C:\Program Files\SmarThru 4 2008-09-09 12:02 . 2008-09-09 12:02 <DIR> d-------- C:\Program Files\Readiris10 2008-09-09 12:01 . 2008-09-09 12:01 <DIR> d-------- C:\WINDOWS\Samsung 2008-09-09 12:01 . 2007-12-12 04:11 479,232 --a------ C:\WINDOWS\ssndii.exe 2008-09-09 12:01 . 2007-01-12 11:49 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll 2008-09-09 12:01 . 2007-01-12 11:49 21,776 --a------ C:\WINDOWS\system32\msxml2a.dll 2008-09-09 11:59 . 2007-01-26 10:03 151,552 --a------ C:\WINDOWS\system32\cx21sci.exe 2008-09-09 11:59 . 2007-01-26 10:03 65,536 --a------ C:\WINDOWS\system32\cx21sci.dll 2008-09-09 11:59 . 2007-01-26 10:03 22,723 --a------ C:\WINDOWS\system32\cx21sl3.dll 2008-09-09 11:59 . 2007-01-17 11:23 11,502 --------- C:\WINDOWS\Dr. Printer Icon.ico 2008-09-09 11:59 . 2007-01-26 10:03 361 --a------ C:\WINDOWS\system32\cx21sl3.smt 2008-09-09 11:58 . 2007-12-12 04:12 110,592 -ra------ C:\WINDOWS\WiaInst.exe 2008-09-09 11:58 . 2007-03-19 06:11 94,208 -ra------ C:\WINDOWS\system32\WIAIPH.dll 2008-09-09 11:58 . 2007-03-19 06:11 86,016 -ra------ C:\WINDOWS\system32\WIAEH.dll 2008-09-09 11:58 . 2007-03-19 06:11 69,632 -ra------ C:\WINDOWS\system32\Sswiadrv.dll 2008-09-09 11:58 . 2007-03-19 06:11 57,344 -ra------ C:\WINDOWS\system32\WIASTIIO.dll 2008-09-09 11:58 . 2007-01-19 05:52 57,344 --a------ C:\WINDOWS\system32\Ssdevm.dll 2008-09-09 11:58 . 2007-01-16 04:44 49,152 --a------ C:\WINDOWS\system32\Ssusbpn.dll 2008-09-09 11:58 . 2007-03-19 06:11 36,864 -ra------ C:\WINDOWS\system32\Ssuiext.dll 2008-09-09 11:58 . 2007-01-16 04:47 7,409 -ra------ C:\WINDOWS\system32\WIAUISTR.loc 2008-09-09 11:57 . 2008-09-09 11:57 <DIR> d-------- C:\WINDOWS\system32\drivers\Samsung 2008-09-09 11:57 . 2008-09-09 11:57 <DIR> d-------- C:\Program Files\Samsung 2008-09-09 11:57 . 2007-01-17 11:25 41,984 --------- C:\WINDOWS\system32\drivers\DGIVECP.SYS 2008-09-09 11:56 . 2008-04-13 20:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-09-07 19:40 . 2008-09-07 19:40 2,656 --a------ C:\XXL Polnoc.p10 . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-01 17:17 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-10-01 17:17 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2008-10-01 17:17 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-10-01 17:17 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-08-27 09:29 2,829 ----a-w C:\WINDOWS\War3Unin.pif 2008-08-27 09:29 126,976 ----a-w C:\WINDOWS\War3Unin.exe 2008-08-23 19:05 --------- d-----w C:\Documents and Settings\Bartek\Dane aplikacji\CyberLink 2008-08-14 21:15 --------- d-----w C:\Program Files\MarBit 2008-08-14 17:13 --------- d-----w C:\Program Files\Real 2008-08-14 17:13 --------- d-----w C:\Program Files\Common Files\xing shared 2008-08-14 17:13 --------- d-----w C:\Program Files\Common Files\Real 2008-07-25 07:36 524,288 ----a-w C:\WINDOWS\system32\divxsm.exe 2008-07-25 07:34 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-07-25 07:34 683,520 ----a-w C:\WINDOWS\system32\divx.dll 2008-07-23 15:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2008-07-15 07:54 20 ---h--w C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLdu.DAT 2008-07-14 21:29 20 ---h--w C:\Documents and Settings\All Users\Dane aplikacji\PKP_DLdw.DAT 2008-07-14 19:51 106,496 ----a-w C:\WINDOWS\system32\ATL71.DLL 2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:29 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-01 17:08 143360 --a------ C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232] "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 2127296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ASUS Screen Saver Protector"="C:\WINDOWS\ASScrPro.exe" [2008-07-01 33136] "ASUS Camera ScreenSaver"="C:\WINDOWS\ASScrProlog.exe" [2008-07-01 37232] "ABLKSR"="C:\WINDOWS\ABLKSR\ABLKSR.exe" [2006-01-07 61440] "ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2007-11-30 51768] "ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2007-11-13 851968] "Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-08-14 180269] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-16 815104] "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-25 630784] "Samsung PanelMgr"="C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe" [2007-12-12 524288] "RemoteControl"="C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" [2008-04-02 87336] "Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112] "PowerForPhone"="C:\Program Files\P4P\P4P.exe" [2007-07-19 778240] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-08-12 137752] "LanguageShortcut"="C:\Program Files\ASUSTek\ASUSDVD\Language\Language.exe" [2008-02-22 62760] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 823296] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 974848] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-08-12 141848] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-08-12 166424] "ATKOSD2"="C:\Program Files\ATKOSD2\ATKOSD2.exe" [2007-10-17 7737344] "ATKHOTKEY"="C:\Program Files\ATK Hotkey\Hcontrol.exe" [2007-07-12 225280] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008] "SkyTel"="SkyTel.EXE" [2007-10-11 C:\WINDOWS\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2007-10-25 C:\WINDOWS\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-08-02 2760704] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM "msacm.ac3filter"= ac3filter.acm [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Bartek^Menu Start^Programy^Autostart^Nikon Monitor.lnk] path=C:\Documents and Settings\Bartek\Menu Start\Programy\Autostart\Nikon Monitor.lnk backup=C:\WINDOWS\pss\Nikon Monitor.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress] NA [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2006-11-12 12:48 157592 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-07-09 23:33 36352 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] S2 SSPORT;SSPORT;C:\WINDOWS\system32\Drivers\SSPORT.sys [ ] S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d678a9e2-51ee-11dd-ab58-001fc6e734df}] \Shell\AutoRun\command - F:\e.com \Shell\explore\Command - F:\e.com \Shell\open\Command - F:\e.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6efc858-841d-11dd-abc1-001fc6e734df}] \Shell\AutoRun\command - F:\e.com \Shell\explore\Command - F:\e.com \Shell\open\Command - F:\e.com [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . . ------- Skan uzupełniający ------- . FireFox -: Profile - C:\Documents and Settings\Bartek\Dane aplikacji\Mozilla\Firefox\Profiles\9yyx22v6.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://onet.pl/ . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-04 20:22:29 Windows 5.1.2600 Dodatek Service Pack 3 FAT NTAPI skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2008-10-04 20:23:14 ComboFix-quarantined-files.txt 2008-10-04 18:23:02 Przed: 124˙747˙677˙696 bajt˘w wolnych Po: 124,736,176,128 bajt˘w wolnych 237 --- E O F --- 2008-10-04 11:45:27 HiJackThis log CODE Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:32:04, on 2008-10-04 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\ATKGFNEX\GFNEXSrv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\ASScrPro.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\ASUS\Splendid\ACMON.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\WINDOWS\system32\ACEngSvr.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe C:\Program Files\P4P\P4P.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\ATKOSD2\ATKOSD2.exe C:\Program Files\ATK Hotkey\Hcontrol.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\ATK Hotkey\ATKOSD.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\ATK Hotkey\KBFiltr.exe C:\Program Files\ATK Hotkey\WDC.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\ASScrPro.exe O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\ASScrProlog.exe O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe O4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe" O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe" O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\ASUSTek\ASUSDVD\Language\Language.exe" O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe" O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- End of file - 9142 bytes Please help me 
This post has been edited by kamkam1: Oct 5 2008, 12:59 PM |
 |
 
|
|
Oct 5 2008, 01:01 PM
Post
#2
|
|
 Forum God  Group: Root Admin Posts: 39,205 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276  |
|
|
|
|
|
Oct 5 2008, 01:15 PM
Post
#3
|
|
|
New Member Group: New Member Posts: 9 Joined: 5-October 08 Member No.: 81,823 Operating System: Win XP HE SP3 |
Well, I will keep this in mind for the future.
But if the problem did occure, anyone knows the way to fix it? |
|
|
|
|
Oct 5 2008, 01:22 PM
Post
#4
|
|
|
Forum God Group: Root Admin Posts: 39,205 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276 |
Are you able to download?
If so do this: Stay with this topic until I give you the all clean post. You might want to print these instructions out. I suggest you do this: Double-click My Computer. Click the Tools menu, and then click Folder Options. Click the View tab. Clear "Hide file extensions for known file types." Under the "Hidden files" folder, select "Show hidden files and folders." Clear "Hide protected operating system files." Click Apply, and then click OK. Please do not delete anything unless instructed to. Please download ATF Cleaner by Atribune. Download - ATF Cleaner» Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. (If you use FireFox or the Opera browser To keep saved passwords, click No at the prompt.) It's normal after running ATF cleaner that the PC will be slower to boot the first time or two. Next: Please download Malwarebytes' Anti-Malware to your desktop.
Also "copy/paste" a new HijackThis log file into this thread. Also please describe how your computer behaves at the moment. If not, try this: 1. Click Start. 2. Point to All Programs. 3. Point to Accessories. 4. Point to System Tools. 5. Click System Restore. 6. Follow the instructions on the wizard. See if you can find a date the the PC worked. |
|
|
|