Tech Support banner

Status
Not open for further replies.
1 - 4 of 4 Posts

·
Registered
Joined
·
13 Posts
Discussion Starter #1
greetings from poland.

oweral situation: PC has 4 months. i had no problems while this time. 3 days ago i've returned from a 3 week holiday. there is posibility that during this time my PC has been used by rest of my family but i'cant say that for sure.

problem: PC starts fine, but after opening too many programs (winamp, opera, and for example two additional) or playing games for some time strange thing happens.

i'm not able to lunch anything from start-up tab, nor run new windows explorer window, nor close programs (in fact i can close them but the last visible windows stays on desktop). another thing is that desktop freezes so i'm not able to refresh it, nor start anything from desktop shortcuts nor close windows properly (the only thing is to press the power button which causes closing windows properly). apart from that hot keys from my keybord worls perfectly so i can lunch winamp from a hotkey but not from a shortcut.

main issue is this freezing desktop, because ewen though i cannot lunch anything the pc runs underneth this freezed desktop so i can still hear that winamp is playing and things like that. thie second problem is possible virtumonde aplication.

before posting this i've read and did Your 5 step walkthroug

thx for any help

here are logs from combofix and hijack this (panda activ scan tried to run 3 times -always stops at 90%) (combofix is additional but hey -You probably need it anyway)

combofix:

ComboFix 08-08-12.01 - tomv1 2008-08-13 14:41:51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1538 [GMT 2:00]
Running from: D:\instalki programow\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMf31a26a2.txt
C:\WINDOWS\BMf31a26a2.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aoixxneq.dll
C:\WINDOWS\system32\aoqppanv.ini
C:\WINDOWS\system32\bouybjct.ini
C:\WINDOWS\system32\cuupxgpw.ini
C:\WINDOWS\system32\enbkcrwp.dll
C:\WINDOWS\system32\exwfqnbn.ini
C:\WINDOWS\system32\fdnrniae.dll
C:\WINDOWS\system32\ikTAdMoq.ini
C:\WINDOWS\system32\ikTAdMoq.ini2
C:\WINDOWS\system32\lievfgvw.ini
C:\WINDOWS\system32\lnlsmylc.dll
C:\WINDOWS\system32\luultged.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mydlfprn.ini
C:\WINDOWS\system32\owfjbsfj.dll
C:\WINDOWS\system32\qoMdATki.dll
C:\WINDOWS\system32\rxiqsjuo.ini
C:\WINDOWS\system32\ssobbkqu.ini
C:\WINDOWS\system32\tmfytduc.ini
C:\WINDOWS\system32\uioecykc.ini
C:\WINDOWS\system32\uqqslkcd.ini
C:\WINDOWS\system32\urfblyls.dll
C:\WINDOWS\system32\urmqarih.dll
C:\WINDOWS\system32\vxjusmme.dll
C:\WINDOWS\system32\wpgxpuuc.dll
C:\WINDOWS\system32\wvgfveil.dll

.
((((((((((((((((((((((((( Files Created from 2008-07-13 to 2008-08-13 )))))))))))))))))))))))))))))))
.

2008-08-12 19:14 . 2008-08-12 19:14 2,048 --a------ C:\WINDOWS\system32\yaatbhlg.exe
2008-08-11 17:49 . 2008-08-11 17:49 2,048 --a------ C:\WINDOWS\system32\upjuifwl.exe
2008-08-11 16:45 . 2008-08-11 16:47 <DIR> d-------- C:\WINDOWS\NV34923508.TMP
2008-08-11 16:20 . 2007-06-28 18:43 17,254 --a------ C:\WINDOWS\system32\nvwsapps.nvb
2008-08-11 16:19 . 2008-08-11 16:23 <DIR> d-------- C:\WINDOWS\NV1100804.TMP
2008-08-11 16:16 . 2008-08-11 16:15 737,280 --a------ C:\WINDOWS\iun6002.exe
2008-08-11 16:15 . 2008-08-11 16:33 <DIR> d-------- C:\Program Files\GameFace Messenger
2008-08-11 15:55 . 2008-08-11 16:11 <DIR> d-------- C:\Program Files\Debugging Tools for Windows (x86)
2008-08-06 02:26 . 2008-08-06 02:26 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-07-20 12:14 . 2008-07-20 12:41 <DIR> d-------- C:\Documents and Settings\tomv1\Dane aplikacji\Mp3tag
2008-07-18 14:48 . 2008-07-18 14:48 <DIR> d-------- C:\Program Files\NVIDIA nTune Performance Application
2008-07-14 21:15 . 2007-03-16 10:19 5,174 -ra------ C:\WINDOWS\system32\nppt9x.vxd
2008-07-14 21:15 . 2007-03-16 10:19 4,682 -ra------ C:\WINDOWS\system32\npptNT2.sys
2008-07-14 18:15 . 2008-07-14 18:15 <DIR> d-------- C:\Program Files\GraveLand.pl
2008-07-14 16:46 . 2008-07-14 16:46 <DIR> d-------- C:\Documents and Settings\tomv1\Dane aplikacji\MSN6
2008-07-14 16:46 . 2008-07-14 16:46 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\MSN6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-12 17:11 --------- d-----w C:\Documents and Settings\tomv1\Dane aplikacji\Xfire
2008-08-12 10:29 --------- d-----w C:\Program Files\Xfire
2008-08-11 14:40 --------- d-----w C:\Program Files\ASUS
2008-08-11 14:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-20 23:26 --------- d-----w C:\Documents and Settings\tomv1\Dane aplikacji\U3
2008-07-18 17:27 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-07-09 12:22 --------- d-----w C:\Documents and Settings\tomv1\Dane aplikacji\Azureus
2008-07-06 12:44 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Pro
2008-07-06 12:43 --------- d-----w C:\Documents and Settings\tomv1\Dane aplikacji\DAEMON Tools Pro
2008-07-04 07:47 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-07-04 07:47 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet
2008-07-04 07:43 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-04 07:36 25,600 ------w C:\WINDOWS\system32\cbXPiJyW.dll
2008-07-01 22:35 --------- d-----w C:\Documents and Settings\LocalService\Dane aplikacji\Xfire
2008-07-01 19:23 --------- d-----w C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire
2008-07-01 00:03 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-30 23:59 21,840 ----a-w C:\WINDOWS\system32\SIntfNT.dll
2008-06-30 23:59 17,212 ----a-w C:\WINDOWS\system32\SIntf32.dll
2008-06-30 23:59 12,067 ----a-w C:\WINDOWS\system32\SIntf16.dll
2008-06-30 23:58 2,829 ----a-w C:\WINDOWS\DIIUnin.pif
2008-06-30 23:58 106,496 ----a-w C:\WINDOWS\DIIUnin.exe
2008-06-29 01:34 --------- d-----w C:\Documents and Settings\tomv1\Dane aplikacji\foobar2000
2008-06-27 11:31 444,952 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-06-27 11:31 109,080 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-06-27 11:09 --------- d-----w C:\Program Files\WinLauncherXP
2008-06-27 10:53 --------- d-----w C:\Program Files\Common Files\Futuremark Shared
2008-06-27 10:16 --------- d-----w C:\Program Files\OpenAL
2008-06-27 10:16 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Codemasters
2008-06-22 09:17 --------- d-----w C:\Program Files\Orban
2008-06-21 10:02 --------- d-----w C:\Documents and Settings\tomv1\Dane aplikacji\Ahead
2008-06-20 07:58 --------- d-----w C:\Program Files\Opera
2008-06-19 16:05 --------- d-----w C:\Program Files\ESET
2008-06-07 11:06 860,010 ----a-w C:\WINDOWS\Gadu+ 2.8 Universal Emoticons dla Konnekta Uninstaller.exe
2008-05-30 12:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll
2008-05-30 12:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll
2008-05-30 12:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll
2008-05-30 12:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll
2008-05-30 12:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll
2008-05-30 12:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll
2008-05-30 12:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll
2008-04-07 11:46 22,328 ----a-w C:\Documents and Settings\tomv1\Dane aplikacji\PnkBstrK.sys
2008-03-15 13:14 65 ----a-w C:\Program Files\Common Files\appop.log
2000-01-01 00:00 23 --sh--r C:\WINDOWS\mtlid64s2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D554A583-D4CF-4A6F-B07A-CB25F60FA743}]
2008-07-04 09:36 25600 --------- C:\WINDOWS\system32\cbXPiJyW.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44 15360]
"Konnekt"="C:\Program Files\Konnekt\konnekt.exe" [2005-05-24 23:41 503808]
"DAEMON Tools Lite"="E:\programy\DAEMON Tools Lite\daemon.exe" [2008-03-14 13:55 486856]
"DAEMON Tools Pro Agent"="E:\programy\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 18:43 8466432]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 15:34 868352]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 14:44 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006-11-16 11:05 1953792]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 18:30 45632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 12:06 77824]
"RemoteControl"="E:\programy\dvd\PDVDServ.exe" [2005-12-07 23:57 30208]
"LanguageShortcut"="E:\programy\dvd\Language\Language.exe" [2006-09-29 22:58 49152]
"GrooveMonitor"="E:\programy\msoffice\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"KBDriver"="C:\Program Files\Keyboard Driver\OEMDriver.exe" [2006-07-25 21:07 151552]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072]
"Acrobat Assistant 8.0"="E:\programy\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54 623992]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 18:43 81920]
"nwiz"="nwiz.exe" [2007-06-28 18:43 1626112 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:44 15360]

C:\Documents and Settings\tomv1\Menu Start\Programy\Autostart\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-08-06 02:26:38 3065168]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{D554A583-D4CF-4A6F-B07A-CB25F60FA743}"= "C:\WINDOWS\system32\cbXPiJyW.dll" [2008-07-04 09:36 25600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXPiJyW]
2008-07-04 09:36 25600 C:\WINDOWS\system32\cbXPiJyW.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"vidc.asv2"= asusasv2.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"E:\\programy\\msoffice\\Office12\\OUTLOOK.EXE"=
"E:\\programy\\msoffice\\Office12\\GROOVE.EXE"=
"E:\\programy\\msoffice\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Konnekt\\konnekt.exe"=
"E:\\programy\\DC++\\DCPlusPlus.exe"=
"E:\\programy\\Last.fm\\LastFM.exe"=
"E:\\programy\\Azureus\\Azureus.exe"=
"E:\\gry\\crysis\\Bin32\\Crysis.exe"=
"E:\\gry\\crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"E:\\programy\\eMule\\emule.exe"=
"C:\\Program Files\\Opera\\opera.exe"=
"E:\\gry\\grid\\Grid\\GRID.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11]
R3 amdtools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys [2006-06-07 15:15]
S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2001-10-26 19:30]
S3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 11:03]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{811de8c2-f287-11dc-a957-806d6172696f}]
\Shell\AutoRun\command - D:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b853a722-4c13-11dd-8d38-000e506cb67d}]
\Shell\AutoRun\command - K:\AutoTransfer.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-NVIDIA nTune - E:\programy\nTune\nTune\nTuneCmd.exe
HKLM-Run-WinampAgent - E:\programy\winamp\winampa.exe
HKLM-Run-f029153e - C:\WINDOWS\system32\wpgxpuuc.dll
HKLM-Run-BMf31a26a2 - C:\WINDOWS\system32\vxjusmme.dll
HKLM-Run-AMD_Display - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\tomv1\Dane aplikacji\Mozilla\Firefox\Profiles\92qtx8p3.default\
FF -: plugin - E:\programy\adobe\Reader\browser\nppdf32.dll
FF -: plugin - E:\programy\firefox\plugins\npnul32.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-13 14:44:45
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\cbXPiJyW.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
E:\programy\adobe\Acrobat 8.0\Acrobat\Acrodist.exe
.
**************************************************************************
.
Completion time: 2008-08-13 14:48:21 - machine was rebooted [tomv1]
ComboFix-quarantined-files.txt 2008-08-13 12:48:03

Pre-Run: 7,268,925,440 bajtów wolnych
Post-Run: 7,272,189,952 bajt˘w wolnych

219


hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:50:29, on 2008-08-13
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
E:\programy\dvd\PDVDServ.exe
E:\programy\msoffice\Office12\GrooveMonitor.exe
C:\Program Files\Keyboard Driver\OEMDriver.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\wuauclt.exe
E:\programy\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
E:\programy\DAEMON Tools Lite\daemon.exe
E:\programy\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\wuauclt.exe
E:\programy\hjthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\programy\msoffice\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\programy\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {D554A583-D4CF-4A6F-B07A-CB25F60FA743} - C:\WINDOWS\system32\cbXPiJyW.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\programy\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [RemoteControl] E:\programy\dvd\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] E:\programy\dvd\Language\Language.exe
O4 - HKLM\..\Run: [GrooveMonitor] "E:\programy\msoffice\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [KBDriver] C:\Program Files\Keyboard Driver\OEMDriver.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "E:\programy\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Konnekt] "C:\Program Files\Konnekt\konnekt.exe" /autostart
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\programy\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "E:\programy\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: Append to existing PDF - res://E:\programy\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://E:\programy\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://E:\programy\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://E:\programy\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://E:\programy\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://E:\programy\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://E:\programy\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://E:\programy\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\programy\msoffice\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\programy\msoffice\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\programy\msoffice\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCEF2C52-C5CC-4984-A0D1-734204E61D36}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4D59ACA-627A-4C09-9014-5378F2A8A927}: NameServer = 82.143.159.7,82.143.143.5
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\programy\msoffice\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: cbXPiJyW - C:\WINDOWS\SYSTEM32\cbXPiJyW.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - Unknown owner - C:\WINDOWS\ATKKBService.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 9168 bytes




thease are files that my eset nod antovirus warned me about
C:\WINDOWS\system32\cbXPiJyW.dll - Win32/Adware.Virtumonde application
C:\WINDOWS\system32\upjuifwl.exe - Win32/Adware.Virtumonde application
C:\WINDOWS\system32\yaatbhlg.exe - Win32/Adware.Virtumonde application
 

·
Registered
Joined
·
13 Posts
Discussion Starter #2
sorry but i couldn't find how to edit previous post

here's log from kaspersky online scaner

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, August 14, 2008
Operating System: Microsoft Windows XP Professional Dodatek Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, August 14, 2008 09:13:21
Records in database: 1092570
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 101182
Threat name: 8
Infected objects: 23
Suspicious objects: 0
Duration of the scan: 02:00:59


File name / Threat name / Threats count
C:\WINDOWS\system32\cbXPiJyW.dll/C:\WINDOWS\system32\cbXPiJyW.dll Infected: Trojan.Win32.Monderc.gen 1
C:\Documents and Settings\tomv1\Dane aplikacji\Opera\Opera\mail\store\account2\2008\03\15\2647.mbs Infected: not-a-virus:pSWTool.Win32.SnadBoy.2011 2
C:\Documents and Settings\tomv1\Dane aplikacji\Opera\Opera\mail\store\account2\2008\03\15\2648.mbs Infected: not-a-virus:pSWTool.Win32.SnadBoy.2011 2
C:\Documents and Settings\tomv1\Dane aplikacji\Opera\Opera\mail\store\account2\2008\06\07\2805.mbs Infected: Trojan-Banker.Win32.Banbra.cex 1
C:\Documents and Settings\tomv1\Pulpit\operowe\Adobe Acrobat 9.0 Professional Extended + Activation\Adobe Acrobat 9.0 Professional Extended + Activation\Acrobat Pro 9.0.exe Infected: Trojan.Win32.Monderc.gen 1
C:\Documents and Settings\tomv1\Pulpit\operowe\Adobe Acrobat 9.0 Professional Extended + Activation\Adobe Acrobat 9.0 Professional Extended + Activation.rar Infected: Trojan.Win32.Monderc.gen 1
C:\Documents and Settings\tomv1\Pulpit\operowe\od thora\gadu+_2.8_ue_dla_konnekta.exe Infected: Trojan-Banker.Win32.Banbra.cex 1
C:\Documents and Settings\tomv1\Pulpit\operowe\od thora\gadu+_2.8_ue_dla_konnekta.rar Infected: Trojan-Banker.Win32.Banbra.cex 1
C:\QooBox\Quarantine\C\WINDOWS\system32\aoixxneq.dll.vir Infected: Trojan.Win32.Monder.eyb 1
C:\QooBox\Quarantine\C\WINDOWS\system32\enbkcrwp.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\fdnrniae.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\lnlsmylc.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\owfjbsfj.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\qoMdATki.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\urfblyls.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\urmqarih.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\vxjusmme.dll.vir Infected: Trojan.Win32.Agent.ytr 1
C:\QooBox\Quarantine\C\WINDOWS\system32\wpgxpuuc.dll.vir Infected: Trojan.Win32.Monder.fcy 1
C:\QooBox\Quarantine\C\WINDOWS\system32\wvgfveil.dll.vir Infected: Trojan.Win32.Monder.esu 1
C:\WINDOWS\system32\cbXPiJyW.dll Infected: Trojan.Win32.Monderc.gen 1
C:\WINDOWS\system32\vwrocats.dll Infected: Trojan.Win32.Monder.fkm 1

The selected area was scanned.
 
1 - 4 of 4 Posts
Status
Not open for further replies.
Top