I've had the virus Vondu.gen in my laptop (vista) and it has been giving me a [bleep].
I ran Combofix and thought I'd post the log in here if someone could help me analyze it to see if the virus is gone?
Very thankful for your help
/Thecharmed
ComboFix 08-07-04.6 - Eva 2008-07-06 1:08:34.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1053.18.282 [GMT 2:00]
Running from: C:\Users\Eva\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\Downloaded Program Files\setup.inf
.
((((((((((((((((((((((((( Files Created from 2008-06-05 to 2008-07-05 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-05 23:08 --------- d-----w C:\Program Files\ESET
2008-07-05 20:42 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-07-05 19:18 --------- d-----w C:\ProgramData\Avira
2008-07-05 19:14 512,096 ----a-w C:\Windows\system32\drivers\amon.sys
2008-07-05 19:14 298,104 ----a-w C:\Windows\System32\imon.dll
2008-07-05 19:14 15,424 ----a-w C:\Windows\system32\drivers\nod32drv.sys
2008-07-04 22:02 --------- d-----w C:\Program Files\Sim File Maid 2
2008-07-04 20:27 --------- d-----w C:\Program Files\EA GAMES
2008-07-04 17:05 45,056 ----a-w C:\Windows\System32\acovcnt.exe
2008-07-04 16:12 0 ----a-w C:\ntuser.dat
2008-07-04 07:27 --------- d-----w C:\Program Files\LEGO Software
2008-07-04 07:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-04 07:24 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-07-04 07:24 --------- d-----w C:\Program Files\AVS4YOU
2008-07-02 18:30 --------- d-----w C:\Program Files\A8GSdsApp
2008-06-29 09:12 --------- d-----w C:\ProgramData\AVS4YOU
2008-06-28 21:04 --------- d-----w C:\Program Files\SOFTWIN
2008-06-26 20:22 --------- d-----w C:\Program Files\Sony
2008-06-26 20:21 --------- d-----w C:\Program Files\Vstplugins
2008-06-26 17:06 --------- d-----w C:\Program Files\THQ
2008-06-26 17:05 --------- d-----w C:\Users\Eva\AppData\Roaming\InstallShield
2008-06-23 14:51 --------- d-----w C:\Program Files\Nordic Softsales
2008-06-21 09:13 --------- d-----w C:\Program Files\Betsson Poker
2008-06-15 09:19 --------- d-----w C:\Program Files\Maxis
2008-06-14 09:29 --------- d-----w C:\Program Files\SpeedFan
2008-06-05 17:22 --------- d-----w C:\Program Files\Ubi Soft
2008-05-27 17:10 --------- d-----w C:\Users\Eva\AppData\Roaming\Systenance
2008-05-27 17:05 2,560 ----a-w C:\Windows\_MSRSTRT.EXE
2008-05-27 16:46 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-23 12:42 --------- d-----w C:\Users\Eva\AppData\Roaming\Publish Providers
2008-05-23 12:38 --------- d-----w C:\Users\Eva\AppData\Roaming\Sony
2008-05-23 12:34 --------- d-----w C:\Program Files\Sony Setup
2008-05-21 15:18 --------- d-----w C:\ProgramData\phenomedia
2008-05-13 20:07 --------- d-----w C:\ProgramData\Lavasoft
2008-05-13 20:06 --------- d-----w C:\Program Files\Lavasoft
2008-05-13 20:05 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-10 19:54 --------- d-----w C:\Users\Eva\AppData\Roaming\mIRC
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 14:35 1196032]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 21:35 90112]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-11-17 13:53 171464]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 11:31 630784]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 17:27 61440]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-23 07:27 815104]
"ASUSTPE"="C:\Windows\system32\ASUSTPE.exe" [2006-12-13 00:06 106496]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 19:30 517768]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 21:16 286720]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-07-05 21:14 949376]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 11:07 4390912 C:\Windows\RtHDVCpl.exe]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-01-13 14:07:06 118784]
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
--a------ 2007-10-18 19:21 37232 C:\Windows\ASScrProlog.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
--a------ 2007-10-18 19:21 33136 C:\Windows\ASScrPro.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-03-26 20:42 1057328 C:\Program Files\Nero\Nero 7\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-26 21:12 161328 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
--a------ 2007-01-16 00:17 778240 C:\Program Files\PowerForPhone\PowerForPhone.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-10-10 07:28 36352 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2007-10-18 18:41 1006264 C:\Program Files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AD257559-67CB-419A-988C-064E5B8A8F39}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{0D0B7190-50F9-4D4B-9027-7E1346101DB5}"= Profile=Public|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E099F628-F5D9-40F9-A227-9262DC8F0252}"= Disabled:C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{3F81FB4C-C4C3-470F-A15D-6972F576BB2E}C:\\program files\\dc++\\dcplusplus.exe"= UDP:C:\program files\dc++\dcplusplus.exe:DC++
"UDP Query User{ADABEF65-0A47-4190-8512-893FE63BE0D9}C:\\program files\\dc++\\dcplusplus.exe"= TCP:C:\program files\dc++\dcplusplus.exe:DC++
"TCP Query User{CACCC67C-045A-4BBC-8701-921E78274938}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{56B7A122-22B9-4562-82C3-DC22788D95FB}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
"TCP Query User{C7E6FEB9-E85C-4626-8F3E-6D3F502236A3}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{81866429-B2CF-4537-90FB-41F38ED03CAE}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{F2C8454E-DE71-4621-8745-CAF16A22D385}C:\\program files\\dc++\\dcplusplus.exe"= UDP:C:\program files\dc++\dcplusplus.exe:DC++
"UDP Query User{2E8A0363-D818-4065-91E3-7ED93206F99E}C:\\program files\\dc++\\dcplusplus.exe"= TCP:C:\program files\dc++\dcplusplus.exe:DC++
"TCP Query User{B645A11A-1EDE-4DAB-AE77-D3BF097A348A}C:\\users\\eva\\appdata\\local\\yahoo!\\messenger for vista\\yahoo.messenger.ymapp.exe"= UDP:C:\users\eva\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe
"UDP Query User{A4A12411-F3C0-4FE5-B2F4-66A4C29F6A61}C:\\users\\eva\\appdata\\local\\yahoo!\\messenger for vista\\yahoo.messenger.ymapp.exe"= TCP:C:\users\eva\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\Windows\System32\StkCSrv.exe [2007-02-07 20:44]
R3 Atc002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Controller;C:\Windows\system32\DRIVERS\L260x86.sys [2006-12-13 20:00]
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-01-11 03:18]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\Windows\system32\Drivers\StkCMini.sys [2007-02-13 14:41]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);C:\Windows\system32\DRIVERS\s816bus.sys [2007-06-19 09:51]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s816mdfl.sys [2007-06-19 09:51]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s816mdm.sys [2007-06-19 09:51]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s816mgmt.sys [2007-06-19 09:51]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);C:\Windows\system32\DRIVERS\s816nd5.sys [2007-06-19 09:51]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s816obex.sys [2007-06-19 09:51]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);C:\Windows\system32\DRIVERS\s816unic.sys [2007-06-19 09:51]
*Newly Created Service* - CATCHME
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {6173A4FC-D42D-69A6-52CA-A30496389760} /qb
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-06 01:12:26
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-06 1:13:37
ComboFix-quarantined-files.txt 2008-07-05 23:13:33
Det går inte att hitta meddelandetexten för meddelandenumret 0x2379 i meddelandefilen för Application.
Post-Run: 22,549,262,336 byte ledigt
151 --- E O F --- 2007-11-19 14:42:08
Attached Files
-
ComboFix.txt 11.24KB
89 downloads
Edited by Thecharmed, 05 July 2008 - 05:29 PM.
Sign In
Create Account
