Results 1 to 9 of 9

Thread:

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    ------------ insfcb's Avatar
    Join Date: May:2007
    Location: Bulgaria
    Posts: 40

    Question

    :
    , . ( screenshot - skype, ) . screen AVG free . fix-, - skype-
    , , , http://forums.spywareinfo.com/index....owtopic=110722

    ?

    hijackthis .
    Logfile of HijackThis v1.99.1
    Scan saved at 17:53:40, on 25.1.2008 .
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
    C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\FixCamera.exe
    C:\WINDOWS\tsnp325.exe
    C:\WINDOWS\vsnp325.exe
    C:\Program Files\FlashGet\FlashGet.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\Googl eToolbarNotifier.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\AdVantage\AdVantage.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatN T.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Skype\Plugin Manager\SkypePM.exe
    C:\Program Files\Grisoft\AVG7\avgwb.dat
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\User\My Documents\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.abv.bg/
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.d ll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: Ofb1 - {3E1500AC-87A5-416b-A211-82E848649DA9} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.3 01.7164\swg.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.d ll
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
    O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
    O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
    O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe
    O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe
    O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\Googl eToolbarNotifier.exe
    O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
    O4 - HKCU\..\Run: [ooVoo.exe] C:\Program Files\ooVoo\ooVoo.exe /minimized
    O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: FlexWord 2K.lnk = C:\WINDOWS\Datecs\FlexWord2K\FlexWord2K. exe
    O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Documents and Settings\User\Desktop\My Music\Noble Poker\casino.exe (file missing)
    O9 - Extra 'Tools' menuitem: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Documents and Settings\User\Desktop\My Music\Noble Poker\casino.exe (file missing)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\WINDOWS\system32\svch4r.dll
    O20 - Winlogon Notify: arm32reg - C:\Documents and Settings\All Users\Documents\Settings\arm32.dll (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rm t.exe
    O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rm td.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatN T.exe

  2. #2
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167
    SDFix - , , C:\SDFix, Safe Mode, c:\SDFix\RunThis.cmd, , c:\SDFix\report.txt HiJackThis, , , .

  3. #3
    ------------ insfcb's Avatar
    Join Date: May:2007
    Location: Bulgaria
    Posts: 40
    Ok, .

  4. #4
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167
    , 2 . .

  5. #5
    ------------ insfcb's Avatar
    Join Date: May:2007
    Location: Bulgaria
    Posts: 40
    ,
    SDFix: Version 1.131

    Run by User on 25.01.2008 . at 21:25

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\SDFix\SDFix

    Safe Mode:
    Checking Services:

    Name:
    Driver
    runtime
    smtpdrv

    Path:
    \??\C:\WINDOWS\system32\nso12k.sys
    \??\C:\WINDOWS\System32\drivers\runtime. sys
    System32\DRIVERS\smtpdrv.sys

    Driver - Deleted
    runtime - Deleted
    smtpdrv - Deleted



    Restoring Windows Registry Values
    Restoring Windows Default Hosts File
    Restoring Missing Security Center Service
    Restoring Missing SharedAccess Service

    Rebooting...

    Service runtime2 - Deleted after Reboot

    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\WINDOWS\system32\3_exception.nls - Deleted
    C:\WINDOWS\Temp\startdrv.exe - Deleted
    C:\WINDOWS\system32\drivers\runtime2.sys - Deleted



    Folder C:\Documents and Settings\All Users\Documents\Settings - Removed


    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\explorer.exe
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.



    Final Check:

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-25 21:29:03
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services:
    ------------------



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrol set\services\sharedaccess\parameters\fir ewallpolicy\standardprofile\authorizedap plications\list]
    "%windir%\\system32\\sessmgr.exe"="%wind ir%\\system32\\sessmgr.exe:*:enabled:@xp sp2res.dll,-22019"

    [HKEY_LOCAL_MACHINE\system\currentcontrol set\services\sharedaccess\parameters\fir ewallpolicy\domainprofile\authorizedappl ications\list]
    "%windir%\\system32\\sessmgr.exe"="%wind ir%\\system32\\sessmgr.exe:*:enabled:@xp sp2res.dll,-22019"

    Remaining Files:
    ---------------

    File Backups: - C:\SDFix\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    Mon 24 Apr 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

    Finished!








    HijackThis


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:34:13, on 25.1.2008 .
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\ClamWin\bin\ClamTray.exe
    C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Cloanto\Software Director\softdir.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Documents and Settings\fc8gv\Desktop\HiJackThis(2).exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
    O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Software Director Scheduler.lnk = C:\Program Files\Common Files\Cloanto\Software Director\softdir.exe
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Betfair enable instant betting - file://C:\Betfair Scripts\InstantBetting.htm
    O8 - Extra context menu item: Betfair enable instant betting (set odds) - file://C:\Betfair Scripts\InstantBettingWithOdds.htm
    O8 - Extra context menu item: Betfair lay field - file://C:\Betfair Scripts\LayField.htm
    O8 - Extra context menu item: Betfair Old Interface - file://C:\Betfair Scripts\Old_Interface.htm
    O8 - Extra context menu item: Betfair Refresh - file://C:\Betfair Scripts\BetfairRefresh.htm
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.D LL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    --
    End of file - 5956 bytes

  6. #6
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167

  7. #7
    ------------ insfcb's Avatar
    Join Date: May:2007
    Location: Bulgaria
    Posts: 40
    Kaspersky.

    System Restore ?

    , !

  8. #8
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167
    Quote Originally Posted by ilko View Post
    1. System Restore- Control Panel->System->System Restore->Turn off System Restore on all drives
    ................
    6. System Restore Restore Point - start->all programs->accessories->system tools->system restore
    .

  9. #9
    ------------ insfcb's Avatar
    Join Date: May:2007
    Location: Bulgaria
    Posts: 40
    , .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Copyright © 1999-2011 . .
iskamPC.com | mobility.BG | Bloody's Techblog | | 3D Vision Blog |