Results 1 to 8 of 8

Thread:

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Registered User
    Join Date: Nov:2007
    Location:
    Posts: 11

    . , . , , - .
    viruses, spyware, adware .
    : ATF Cleaner, System Restore, safe mode SuperAntiSpyware Free SpyBot- Search&Destroy. , . . safe mode DrWeb CureIt, . Panda ActiveScan, , . . , , . System Restore. , 2 , Avira. 15-16 :

    http://i.data.bg/08/11/24/1261166.jpg

    ?

    , , . .


    Logfile of HijackThis v1.99.1
    Scan saved at 13:07:29, on 24.11.2008 .
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\system32\sistray.EXE
    C:\WINDOWS\system32\keyhook.exe
    C:\Program Files\LClock\LClock.exe
    C:\Program Files\Styler\Styler.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch. exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\flextype\Flex2K.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Downloads\HiJackThis\myscan.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [LClock] "C:\Program Files\LClock\LClock.exe"
    O4 - HKLM\..\Run: [Blaero Start Orb] "C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe"
    O4 - HKLM\..\Run: [Styler] "C:\Program Files\Styler\Styler.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch. exe" -start
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: FlexType 2K.lnk = C:\Program Files\flextype\Flex2K.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
    O8 - Extra context menu item: FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.D LL
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://85.217.220.111/activex/AMC.cab
    O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab
    O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_inst...syInstallX.CAB
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/pla.../installer.exe
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://87.120.43.77/activex/AMC.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D88C8 FA3-8A2D-4021-B260-F89BBB772A8E}: NameServer = 85.217.192.1
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

  2. #2
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167
    .
    ComboFix, , .

  3. #3
    Registered User
    Join Date: Nov:2007
    Location:
    Posts: 11
    , . , , .

    , .

    Code:
    ComboFix 08-11-23.02 - PC-J 2008-11-24 19:55:52.4 - NTFSx86
    Microsoft Windows XP Professional  5.1.2600.2.1251.1.1033.18.46 [GMT 2:00]
    Running from: c:\downloads\ComboFix.exe
     * Created a new restore point
    
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    
    c:\windows\IE4 Error Log.txt
    c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
    
    .
    (((((((((((((((((((((((((   Files Created from 2008-10-24 to 2008-11-24  )))))))))))))))))))))))))))))))
    .
    
    2008-11-24 20:02 . 	30,720		c:\windows\system32\Hss.exe
    2008-11-24 12:51 . 2008-11-24 12:51	30,720	--a------	c:\windows\system32\Hss.VIR
    2008-11-23 23:29 . 2008-11-24 01:18	<DIR>	d--------	c:\program files\Panda Security
    2008-11-23 21:36 . 2008-11-23 21:36	<DIR>	d--------	c:\documents and settings\Administrator\DoctorWeb
    2008-11-23 20:25 . 2006-10-23 12:14	30,208	--a------	c:\windows\system32\drivers\usbehci.sys
    2008-11-23 20:25 . 2006-10-23 12:14	30,208	--a--c---	c:\windows\system32\dllcache\usbehci.sys
    2008-11-23 20:25 . 2004-08-04 00:56	7,168	--a------	c:\windows\system32\hccoin.dll
    2008-11-23 20:25 . 2004-08-04 00:56	7,168	--a--c---	c:\windows\system32\dllcache\hccoin.dll
    2008-11-23 00:56 . 2008-11-24 20:03	74	--a------	c:\windows\system32\i
    2008-11-16 23:29 . 2005-08-30 01:49	94,000	--a------	c:\windows\system32\drivers\ssm_mdm.sys
    2008-11-16 23:29 . 2005-08-30 01:47	58,320	--a------	c:\windows\system32\drivers\ssm_bus.sys
    2008-11-16 23:29 . 2005-08-30 01:49	8,336	--a------	c:\windows\system32\drivers\ssm_mdfl.sys
    2008-11-16 23:29 . 2005-08-30 01:49	6,176	--a------	c:\windows\system32\drivers\ssm_cmnt.sys
    2008-11-16 23:29 . 2005-08-30 01:49	6,176	--a------	c:\windows\system32\drivers\ssm_cm.sys
    2008-11-16 23:29 . 2005-08-30 01:47	5,840	--a------	c:\windows\system32\drivers\ssm_whnt.sys
    2008-11-16 23:29 . 2005-08-30 01:47	5,840	--a------	c:\windows\system32\drivers\ssm_wh.sys
    
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-24 17:54	---------	d-----w	c:\program files\FlashGet
    2008-11-24 17:53	---------	d-----w	c:\documents and settings\PC-J\Application Data\Skype
    2008-11-24 15:18	---------	d-----w	c:\program files\Mozilla Thunderbird
    2008-11-23 04:37	---------	d-----w	c:\program files\DC++
    2008-11-17 22:05	---------	d-----w	c:\documents and settings\PC-J\Application Data\skypePM
    2008-11-16 21:33	---------	d-----w	c:\documents and settings\PC-J\Application Data\Samsung
    2008-11-16 21:28	---------	d--h--w	c:\program files\InstallShield Installation Information
    2008-11-16 11:18	---------	d-----w	c:\program files\World of Wisdom
    2008-11-16 11:18	---------	d-----w	c:\program files\Common Files\InstallShield
    2008-09-26 21:37	---------	d-----w	c:\program files\Blaero Start Orb
    2007-11-15 16:45	32	----a-w	c:\documents and settings\All Users\Application Data\ezsid.dat
    2001-11-23 04:08	712,704	-c--a-w	c:\windows\inf\OTHER\AUDIO3D.DLL
    .
    
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown 
    REGEDIT4
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
    "SiS Tray"="c:\windows\system32\sistray.EXE" [2003-10-30 667648]
    "SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2003-10-30 249856]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "LClock"="c:\program files\LClock\LClock.exe" [2004-09-20 65536]
    "Styler"="c:\program files\Styler\Styler.exe" [2006-05-03 307200]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
    "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
    
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
    
    c:\documents and settings\PC-J\Start Menu\Programs\Startup\
    Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2007-06-05 3450608]
    
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-04-13 113664]
    FlexType 2K.lnk - c:\program files\flextype\Flex2K.exe [2007-04-09 131584]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.DIV3"= DivXc32.dll
    "vidc.DIV4"= DivXc32f.dll
    "msacm.divxa32"= DivXa32.acm
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    -ra------ 2008-05-30 14:54 21718312 c:\program files\Skype\Phone\Skype.exe
    
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\ICQ6\\ICQ.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "18505:TCP"= 18505:TCP:BitComet 18505 TCP
    "18505:UDP"= 18505:UDP:BitComet 18505 UDP
    
    R3 st3bus28;st3bus28;c:\windows\system32\DRIVERS\st3bus28.sys [2002-12-28 8416]
    R3 st3mp28;st3mp28;c:\windows\system32\DRIVERS\st3mp28.sys [2002-12-28 95328]
    S3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [2007-09-10 476672]
    S3 ZSMC326;Vimicro USB2.0 PC Camera(VC0323);c:\windows\system32\Drivers\usbvm323.sys [2007-09-10 260224]
    .
    - - - - ORPHANS REMOVED - - - -
    
    HKLM-Run-Blaero Start Orb - c:\program files\Blaero Start Orb\Blaero Start Orb.exe
    HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
    HKLM-Run-Cmaudio - cmicnfg.cpl
    MSConfigStartUp-ICQ Lite - c:\program files\ICQLite\ICQLite.exe
    
    
    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - c:\documents and settings\PC-J\Application Data\Mozilla\Firefox\Profiles\8y7htz90.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
    .
    
    **************************************************************************
    
    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-24 20:00:22
    Windows 5.1.2600 Service Pack 2 NTFS
    
    scanning hidden processes ... 
    
    scanning hidden autostart entries ...
    
    scanning hidden files ... 
    
    scan completed successfully
    hidden files: 0
    
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    
    - - - - - - - > 'winlogon.exe'(568)
    c:\windows\system32\rsaenh.dll
    c:\windows\system32\cscui.dll
    
    - - - - - - - > 'lsass.exe'(644)
    c:\windows\system32\msprivs.dll
    c:\windows\system32\rsaenh.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2008-11-24 20:05:44 - machine was rebooted
    ComboFix-quarantined-files.txt  2008-11-24 18:05:39
    
    Pre-Run: 2 997 886 976 bytes free
    Post-Run: 3,001,491,456 bytes free
    
    133

  4. #4
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167
    Notepad CFscript.txt :
    Code:
    Files::
    c:\windows\system32\Hss.VIR
    c:\windows\system32\Hss.exe
    c:\windows\system32\i
    c:\documents and settings\All Users\Application Data\ezsid.dat
    ComboFix.exe :


    , ComboFix, HiJackThis:
    http://www.trendsecure.com/portal/en...HiJackThis.exe

    windows- firewall . .

  5. #5
    Registered User
    Join Date: Nov:2007
    Location:
    Posts: 11
    , windows- firewall. .
    :

    ComboFix

    Code:
    ComboFix 08-11-23.02 - PC-J 2008-11-24 21:14:45.5 - NTFSx86
    Microsoft Windows XP Professional  5.1.2600.2.1251.1.1033.18.40 [GMT 2:00]
    Running from: c:\downloads\ComboFix.exe
    Command switches used :: c:\downloads\CFscript.txt
     * Created a new restore point
    
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    
    (((((((((((((((((((((((((   Files Created from 2008-10-24 to 2008-11-24  )))))))))))))))))))))))))))))))
    .
    
    2008-11-24 12:51 . 2008-11-24 12:51	30,720	--a------	c:\windows\system32\Hss.VIR
    2008-11-23 23:29 . 2008-11-24 01:18	<DIR>	d--------	c:\program files\Panda Security
    2008-11-23 21:36 . 2008-11-23 21:36	<DIR>	d--------	c:\documents and settings\Administrator\DoctorWeb
    2008-11-23 20:25 . 2006-10-23 12:14	30,208	--a------	c:\windows\system32\drivers\usbehci.sys
    2008-11-23 20:25 . 2006-10-23 12:14	30,208	--a--c---	c:\windows\system32\dllcache\usbehci.sys
    2008-11-23 20:25 . 2004-08-04 00:56	7,168	--a------	c:\windows\system32\hccoin.dll
    2008-11-23 20:25 . 2004-08-04 00:56	7,168	--a--c---	c:\windows\system32\dllcache\hccoin.dll
    2008-11-23 00:56 . 2008-11-24 21:10	68	--a------	c:\windows\system32\i
    2008-11-16 23:29 . 2005-08-30 01:49	94,000	--a------	c:\windows\system32\drivers\ssm_mdm.sys
    2008-11-16 23:29 . 2005-08-30 01:47	58,320	--a------	c:\windows\system32\drivers\ssm_bus.sys
    2008-11-16 23:29 . 2005-08-30 01:49	8,336	--a------	c:\windows\system32\drivers\ssm_mdfl.sys
    2008-11-16 23:29 . 2005-08-30 01:49	6,176	--a------	c:\windows\system32\drivers\ssm_cmnt.sys
    2008-11-16 23:29 . 2005-08-30 01:49	6,176	--a------	c:\windows\system32\drivers\ssm_cm.sys
    2008-11-16 23:29 . 2005-08-30 01:47	5,840	--a------	c:\windows\system32\drivers\ssm_whnt.sys
    2008-11-16 23:29 . 2005-08-30 01:47	5,840	--a------	c:\windows\system32\drivers\ssm_wh.sys
    
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-24 17:54	---------	d-----w	c:\program files\FlashGet
    2008-11-24 17:53	---------	d-----w	c:\documents and settings\PC-J\Application Data\Skype
    2008-11-24 15:18	---------	d-----w	c:\program files\Mozilla Thunderbird
    2008-11-23 04:37	---------	d-----w	c:\program files\DC++
    2008-11-17 22:05	---------	d-----w	c:\documents and settings\PC-J\Application Data\skypePM
    2008-11-16 21:33	---------	d-----w	c:\documents and settings\PC-J\Application Data\Samsung
    2008-11-16 21:28	---------	d--h--w	c:\program files\InstallShield Installation Information
    2008-11-16 11:18	---------	d-----w	c:\program files\World of Wisdom
    2008-11-16 11:18	---------	d-----w	c:\program files\Common Files\InstallShield
    2008-09-26 21:37	---------	d-----w	c:\program files\Blaero Start Orb
    2007-11-15 16:45	32	----a-w	c:\documents and settings\All Users\Application Data\ezsid.dat
    2001-11-23 04:08	712,704	-c--a-w	c:\windows\inf\OTHER\AUDIO3D.DLL
    .
    
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown 
    REGEDIT4
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
    "SiS Tray"="c:\windows\system32\sistray.EXE" [2003-10-30 667648]
    "SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2003-10-30 249856]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "LClock"="c:\program files\LClock\LClock.exe" [2004-09-20 65536]
    "Styler"="c:\program files\Styler\Styler.exe" [2006-05-03 307200]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
    "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
    
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
    
    c:\documents and settings\PC-J\Start Menu\Programs\Startup\
    Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2007-06-05 3450608]
    
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-04-13 113664]
    FlexType 2K.lnk - c:\program files\flextype\Flex2K.exe [2007-04-09 131584]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.DIV3"= DivXc32.dll
    "vidc.DIV4"= DivXc32f.dll
    "msacm.divxa32"= DivXa32.acm
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    -ra------ 2008-05-30 14:54 21718312 c:\program files\Skype\Phone\Skype.exe
    
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\ICQ6\\ICQ.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "18505:TCP"= 18505:TCP:BitComet 18505 TCP
    "18505:UDP"= 18505:UDP:BitComet 18505 UDP
    
    R3 st3bus28;st3bus28;c:\windows\system32\DRIVERS\st3bus28.sys [2002-12-28 8416]
    R3 st3mp28;st3mp28;c:\windows\system32\DRIVERS\st3mp28.sys [2002-12-28 95328]
    S3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [2007-09-10 476672]
    S3 ZSMC326;Vimicro USB2.0 PC Camera(VC0323);c:\windows\system32\Drivers\usbvm323.sys [2007-09-10 260224]
    .
    
    **************************************************************************
    
    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-24 21:19:15
    Windows 5.1.2600 Service Pack 2 NTFS
    
    scanning hidden processes ... 
    
    scanning hidden autostart entries ...
    
    scanning hidden files ... 
    
    scan completed successfully
    hidden files: 0
    
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    
    - - - - - - - > 'winlogon.exe'(564)
    c:\windows\system32\rsaenh.dll
    c:\windows\system32\cscui.dll
    
    - - - - - - - > 'lsass.exe'(620)
    c:\windows\system32\msprivs.dll
    c:\windows\system32\rsaenh.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2008-11-24 21:23:50 - machine was rebooted
    ComboFix-quarantined-files.txt  2008-11-24 19:23:45
    ComboFix2.txt  2008-11-24 18:05:45
    
    Pre-Run: 2 979 815 424 bytes free
    Post-Run: 2,979,700,736 bytes free
    
    117
    HiJackThis

    Code:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:26:50, on 24.11.2008 .
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\sistray.EXE
    C:\WINDOWS\system32\keyhook.exe
    C:\Program Files\LClock\LClock.exe
    C:\Program Files\Styler\Styler.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\flextype\Flex2K.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Downloads\HiJackThis.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [LClock] "C:\Program Files\LClock\LClock.exe"
    O4 - HKLM\..\Run: [Styler] "C:\Program Files\Styler\Styler.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: FlexType 2K.lnk = C:\Program Files\flextype\Flex2K.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item:     FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
    O8 - Extra context menu item:   FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button:  - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://85.217.220.111/activex/AMC.cab
    O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab
    O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
    O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://87.120.43.77/activex/AMC.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D88C8FA3-8A2D-4021-B260-F89BBB772A8E}: NameServer = 85.217.192.1
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    
    --
    End of file - 6902 bytes

  6. #6
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167
    , CFscript.txt

    Code:
    File::
    c:\windows\system32\Hss.VIR
    c:\windows\system32\Hss.exe
    c:\windows\system32\i
    c:\documents and settings\All Users\Application Data\ezsid.dat
    Files File, . ComboFix . Avira hss.exe, - , , :

    http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
    http://download.ewido.net/ewido_micro.exe
    http://www.download.com/Malwarebytes...=dl&tag=button

  7. #7
    Registered User
    Join Date: Nov:2007
    Location:
    Posts: 11
    , , .
    :

    Code:
    ComboFix 08-11-23.02 - PC-J 2008-11-24 21:58:31.6 - NTFSx86
    Microsoft Windows XP Professional  5.1.2600.2.1251.1.1033.18.45 [GMT 2:00]
    Running from: c:\downloads\ComboFix.exe
    Command switches used :: c:\downloads\CFscript.txt
     * Created a new restore point
    
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    
    FILE ::
    c:\documents and settings\All Users\Application Data\ezsid.dat
    c:\windows\system32\Hss.exe
    c:\windows\system32\Hss.VIR
    c:\windows\system32\i
    .
    
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    
    c:\documents and settings\All Users\Application Data\ezsid.dat
    c:\windows\system32\Hss.VIR
    c:\windows\system32\i
    c:\windows\system32\quicktime.exe
    
    .
    (((((((((((((((((((((((((   Files Created from 2008-10-24 to 2008-11-24  )))))))))))))))))))))))))))))))
    .
    
    2008-11-23 23:29 . 2008-11-24 01:18	<DIR>	d--------	c:\program files\Panda Security
    2008-11-23 21:36 . 2008-11-23 21:36	<DIR>	d--------	c:\documents and settings\Administrator\DoctorWeb
    2008-11-23 20:25 . 2006-10-23 12:14	30,208	--a------	c:\windows\system32\drivers\usbehci.sys
    2008-11-23 20:25 . 2006-10-23 12:14	30,208	--a--c---	c:\windows\system32\dllcache\usbehci.sys
    2008-11-23 20:25 . 2004-08-04 00:56	7,168	--a------	c:\windows\system32\hccoin.dll
    2008-11-23 20:25 . 2004-08-04 00:56	7,168	--a--c---	c:\windows\system32\dllcache\hccoin.dll
    2008-11-16 23:29 . 2005-08-30 01:49	94,000	--a------	c:\windows\system32\drivers\ssm_mdm.sys
    2008-11-16 23:29 . 2005-08-30 01:47	58,320	--a------	c:\windows\system32\drivers\ssm_bus.sys
    2008-11-16 23:29 . 2005-08-30 01:49	8,336	--a------	c:\windows\system32\drivers\ssm_mdfl.sys
    2008-11-16 23:29 . 2005-08-30 01:49	6,176	--a------	c:\windows\system32\drivers\ssm_cmnt.sys
    2008-11-16 23:29 . 2005-08-30 01:49	6,176	--a------	c:\windows\system32\drivers\ssm_cm.sys
    2008-11-16 23:29 . 2005-08-30 01:47	5,840	--a------	c:\windows\system32\drivers\ssm_whnt.sys
    2008-11-16 23:29 . 2005-08-30 01:47	5,840	--a------	c:\windows\system32\drivers\ssm_wh.sys
    
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-24 19:40	---------	d-----w	c:\program files\Mozilla Thunderbird
    2008-11-24 17:54	---------	d-----w	c:\program files\FlashGet
    2008-11-24 17:53	---------	d-----w	c:\documents and settings\PC-J\Application Data\Skype
    2008-11-23 04:37	---------	d-----w	c:\program files\DC++
    2008-11-17 22:05	---------	d-----w	c:\documents and settings\PC-J\Application Data\skypePM
    2008-11-16 21:33	---------	d-----w	c:\documents and settings\PC-J\Application Data\Samsung
    2008-11-16 21:28	---------	d--h--w	c:\program files\InstallShield Installation Information
    2008-11-16 11:18	---------	d-----w	c:\program files\World of Wisdom
    2008-11-16 11:18	---------	d-----w	c:\program files\Common Files\InstallShield
    2008-09-26 21:37	---------	d-----w	c:\program files\Blaero Start Orb
    2001-11-23 04:08	712,704	-c--a-w	c:\windows\inf\OTHER\AUDIO3D.DLL
    .
    
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown 
    REGEDIT4
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
    "SiS Tray"="c:\windows\system32\sistray.EXE" [2003-10-30 667648]
    "SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2003-10-30 249856]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "LClock"="c:\program files\LClock\LClock.exe" [2004-09-20 65536]
    "Styler"="c:\program files\Styler\Styler.exe" [2006-05-03 307200]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
    "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
    
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
    
    c:\documents and settings\PC-J\Start Menu\Programs\Startup\
    Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2007-06-05 3450608]
    
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-04-13 113664]
    FlexType 2K.lnk - c:\program files\flextype\Flex2K.exe [2007-04-09 131584]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.DIV3"= DivXc32.dll
    "vidc.DIV4"= DivXc32f.dll
    "msacm.divxa32"= DivXa32.acm
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    -ra------ 2008-05-30 14:54 21718312 c:\program files\Skype\Phone\Skype.exe
    
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\ICQ6\\ICQ.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "18505:TCP"= 18505:TCP:BitComet 18505 TCP
    "18505:UDP"= 18505:UDP:BitComet 18505 UDP
    
    R3 st3bus28;st3bus28;c:\windows\system32\DRIVERS\st3bus28.sys [2002-12-28 8416]
    R3 st3mp28;st3mp28;c:\windows\system32\DRIVERS\st3mp28.sys [2002-12-28 95328]
    S3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [2007-09-10 476672]
    S3 ZSMC326;Vimicro USB2.0 PC Camera(VC0323);c:\windows\system32\Drivers\usbvm323.sys [2007-09-10 260224]
    .
    
    **************************************************************************
    
    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-24 22:02:40
    Windows 5.1.2600 Service Pack 2 NTFS
    
    scanning hidden processes ... 
    
    scanning hidden autostart entries ...
    
    scanning hidden files ... 
    
    scan completed successfully
    hidden files: 0
    
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    
    - - - - - - - > 'winlogon.exe'(564)
    c:\windows\system32\rsaenh.dll
    c:\windows\system32\cscui.dll
    
    - - - - - - - > 'lsass.exe'(620)
    c:\windows\system32\msprivs.dll
    c:\windows\system32\rsaenh.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2008-11-24 22:07:11 - machine was rebooted
    ComboFix-quarantined-files.txt  2008-11-24 20:07:06
    ComboFix2.txt  2008-11-24 19:23:52
    ComboFix3.txt  2008-11-24 18:05:45
    
    Pre-Run: 2 959 364 096 bytes free
    Post-Run: 2,961,272,832 bytes free
    
    125
    , , .
    , .

  8. #8
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Copyright © 1999-2011 . .
iskamPC.com | mobility.BG | Bloody's Techblog | | 3D Vision Blog |