Page 1 of 2 12 LastLast
Results 1 to 25 of 30

Thread: ?

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Registered User
    Join Date: Dec:2008
    Location: kyustendil
    Posts: 10

    ?

    , Trojan-Downloader.Win32.Agent.akwa Heur.Trojan.Generic . , http://www.kaspersky.com/, http://windowsupdate.microsoft.com/ .. IE, Opera, Mozilla Firefox.
    Ping 127.0.0.1 localhost. C:\WINDOWS\system32\drivers\etc hosts e, ( HostsFileReader, ), !

    Spybot - Search & Destroy ( , ).

    HijackThis, :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:40:14, on 04.12.2008 .
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
    C:\Program Files\DU Meter\DUMeter.exe
    C:\WINDOWS\system32\bgsvcgen.exe
    c:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\DU Meter\DUMeterSvc.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EX E
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\sms\sms.exe
    C:\WINDOWS\system32\mmc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper Shim.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGet Software\ReGet Deluxe\IEBar.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAge nt
    O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Bluetooth.lnk = ?
    O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
    O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.D LL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab3.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1218891957546
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll ,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.d ll
    O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 7431 bytes


    (google.com )
    ( save),
    ,

  2. #2
    Prolemuris
    Join Date: Oct:2006
    Location: Varna
    Posts: 4,296
    ComboFix

  3. #3
    Registered User
    Join Date: Dec:2008
    Location: kyustendil
    Posts: 10
    !

  4. #4
    Prolemuris
    Join Date: Oct:2006
    Location: Varna
    Posts: 4,296

  5. #5
    Registered User
    Join Date: Dec:2008
    Location: kyustendil
    Posts: 10

  6. #6
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167
    Quote Originally Posted by vankokn View Post
    C:\ComboFix.txt

  7. #7
    Prolemuris
    Join Date: Oct:2006
    Location: Varna
    Posts: 4,296
    Device Manager View/Show Hidden Devices, non-plug and play drivers. .

  8. #8
    Registered User
    Join Date: Dec:2008
    Location: kyustendil
    Posts: 10

  9. #9
    Prolemuris
    Join Date: Oct:2006
    Location: Varna
    Posts: 4,296
    ilko , , disable TDSSServ

  10. #10
    Registered User
    Join Date: Dec:2008
    Location: kyustendil
    Posts: 10
    txt , C:\ComboFix.

  11. #11
    Registered User
    Join Date: Dec:2008
    Location: kyustendil
    Posts: 10
    "disable TDSSServ" !

  12. #12
    Prolemuris
    Join Date: Oct:2006
    Location: Varna
    Posts: 4,296
    , Device Manager disabled; ComboFix .

  13. #13
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167
    , :
    http://www.silentrunners.org/Silent%20Runners.vbs

    , 2-3 , , .
    - Silent Runners.vbs Startup Programs...

  14. #14
    Registered User
    Join Date: Dec:2008
    Location: kyustendil
    Posts: 10
    ( 4 )!
    "disable TDSSServ" ComboFix. ( ) :
    ComboFix 08-12-03.04 - Vanko 2008-12-04 20:52:33.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1251.1.1033.18.1582 [GMT 2:00]
    Running from: C:\ComboFix.exe
    * Resident AV is active


    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    /wow section - STAGE 1
    'PV' is not recognized as an internal or external command


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))) )))))))))
    .

    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0. dat
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1. dat
    c:\documents and settings\All Users\Application Data\vlc-0.9.4-win32.exe
    c:\documents and settings\Vanko\Application Data\gadcom
    c:\documents and settings\Vanko\Application Data\gadcom\gadcom.exe
    c:\documents and settings\Vanko\Local Settings\Temporary Internet Files\fbk.sts
    c:\windows\system32\Drivers\TDSSpaxt.sys
    c:\windows\system32\msupdte.exe
    c:\windows\system32\TDSScfum.dll
    c:\windows\system32\TDSSosvd.dat
    c:\windows\system32\TDSStkdv.log
    c:\windows\update.exe
    E:\install.exe

    ----- BITS: Possible infected sites -----

    hxxp://rapidshare.com
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))) )))))))))
    .

    -------\Legacy_TDSSSERV.SYS
    -------\Service_TDSSserv.sys


    ((((((((((((((((((((((((( Files Created from 2008-11-04 to 2008-12-04 )))))))))))))))))))))))))))))))
    .

    2008-12-04 20:40 . 2008-12-04 21:02 1,261,600 --ahs---- c:\windows\system32\drivers\fidbox.dat
    2008-12-04 20:40 . 2008-12-04 21:02 180,256 --ahs---- c:\windows\system32\drivers\fidbox2.dat
    2008-12-04 20:40 . 2008-12-04 21:02 13,032 --ahs---- c:\windows\system32\drivers\fidbox.idx
    2008-12-04 20:40 . 2008-12-04 21:02 1,696 --ahs---- c:\windows\system32\drivers\fidbox2.idx
    2008-12-04 20:34 . 2008-12-04 20:44 3,057,531 -ra------ C:\ComboFix.exe
    2008-12-04 19:07 . 2008-12-04 19:07 <DIR> d-------- c:\program files\FRISK Software
    2008-12-04 19:07 . 2008-12-04 19:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\FRISK Software
    2008-12-04 19:07 . 2007-10-22 09:48 579,808 --a------ c:\windows\system32\drivers\FStopW.sys
    2008-12-03 19:23 . 2008-12-03 19:23 <DIR> d-------- c:\program files\HostsMan
    2008-12-03 19:23 . 2008-12-03 22:58 <DIR> d-------- c:\documents and settings\Vanko\Application Data\abelhadigital.com
    2008-12-03 19:23 . 2008-12-03 19:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\abelhadigital.com
    2008-12-03 19:12 . 2008-12-03 19:12 <DIR> d-------- c:\program files\BillP Studios
    2008-12-03 19:12 . 2008-12-03 19:12 <DIR> d-------- c:\documents and settings\Vanko\Application Data\WinPatrol
    2008-12-03 17:58 . 2008-08-16 14:48 2,577 --a------ c:\windows\system32\config.bak
    2008-12-03 17:58 . 2008-08-16 14:48 2,577 --a------ c:\windows\config.nt
    2008-12-03 17:58 . 2002-08-29 14:00 1,688 --a------ c:\windows\system32\autoexec.bak
    2008-12-03 17:58 . 2002-08-29 14:00 1,688 --a------ c:\windows\autoexec.nt
    2008-12-03 15:34 . 2008-12-03 15:34 <DIR> d-------- c:\program files\Safer Networking
    2008-12-02 18:04 . 2008-12-02 18:04 <DIR> d-------- c:\documents and settings\proben\Application Data\uTorrent
    2008-12-02 18:03 . 2008-12-02 18:03 20,480 --ah----- c:\documents and settings\proben\run3.exe
    2008-12-02 18:03 . 2008-12-02 18:03 2,786 --ah----- c:\documents and settings\proben\run1.exe
    2008-12-02 18:02 . 2008-12-02 18:02 <DIR> d-------- c:\documents and settings\proben\Bluetooth Software
    2008-12-02 18:02 . 2008-12-02 18:03 <DIR> d-------- c:\documents and settings\proben
    2008-12-02 18:02 . 2008-04-14 02:12 221,184 --a------ c:\windows\system32\wmpns.dll
    2008-12-02 14:43 . 2008-12-02 17:55 14,336 --ah----- c:\documents and settings\Vanko\run2.exe
    2008-12-01 23:56 . 2008-12-01 23:56 <DIR> d-------- c:\documents and settings\Administrator
    2008-12-01 23:15 . 2008-12-01 23:15 <DIR> d-------- c:\program files\Trend Micro
    2008-12-01 19:44 . 2008-12-02 00:04 2,785 --ah----- c:\documents and settings\Vanko\run1.exe
    2008-12-01 17:35 . 2008-12-01 17:35 <DIR> d-------- c:\program files\Kaspersky Lab
    2008-12-01 17:35 . 2008-12-04 21:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
    2008-12-01 17:35 . 2008-12-01 17:35 96,976 --a------ c:\windows\system32\drivers\klin.dat
    2008-12-01 17:35 . 2008-12-01 17:35 87,855 --a------ c:\windows\system32\drivers\klick.dat
    2008-12-01 17:31 . 2008-12-01 17:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
    2008-12-01 11:57 . 2008-12-04 20:23 2,268 --a------ c:\windows\system32\TDSSlxwp.dll
    2008-11-27 21:38 . 2008-11-27 21:38 97 --a------ c:\windows\wininit.ini
    2008-11-26 21:55 . 2008-04-13 21:39 14,592 --a------ c:\windows\system32\drivers\kbdhid.sys
    2008-11-26 21:55 . 2008-04-13 21:39 14,592 --a--c--- c:\windows\system32\dllcache\kbdhid.sys
    2008-11-24 11:52 . 2008-11-24 11:52 <DIR> d-------- c:\windows\Hidden Secrets - The Nightmare
    2008-11-24 11:52 . 2008-12-01 20:58 <DIR> d-------- c:\program files\Hidden Secrets - The Nightmare
    2008-11-24 11:52 . 2008-11-24 11:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\HiddenSecretsNightmare
    2008-11-23 22:58 . 2008-12-02 00:04 20,480 --ah----- c:\documents and settings\Vanko\run3.exe
    2008-11-22 13:26 . 2008-11-22 13:26 <DIR> d-------- c:\documents and settings\Vanko\Application Data\Dragon Altar Games
    2008-11-21 19:29 . 2008-11-21 19:29 <DIR> d-------- c:\program files\Patriot Games
    2008-11-21 19:29 . 2008-11-21 19:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Alawar Stargaze
    2008-11-20 19:37 . 2008-11-20 19:38 <DIR> d-------- c:\documents and settings\Vanko\Application Data\SecretIslandEng
    2008-11-17 19:15 . 2008-11-17 19:15 <DIR> d-------- c:\documents and settings\Vanko\Application Data\Artogon
    2008-11-14 18:20 . 2008-11-17 19:13 <DIR> d-------- c:\program files\Games
    2008-11-12 19:29 . 2008-09-04 19:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
    2008-11-12 19:29 . 2008-10-24 13:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
    2008-11-11 20:00 . 2008-11-11 20:00 218,376 --a------ c:\windows\system32\klogon.dll
    2008-11-11 19:58 . 2008-11-11 19:58 25,601 --a------ c:\windows\system32\drivers\klopp.dat
    2008-11-11 17:38 . 2008-11-11 17:38 <DIR> d-------- c:\program files\Seagate
    2008-11-11 17:37 . 2008-11-11 17:37 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
    2008-11-09 23:18 . 2008-05-07 07:38 8,064 --a------ c:\windows\system32\drivers\usbser_lower fltj.sys
    2008-11-09 23:18 . 2008-06-06 09:24 8,064 --a------ c:\windows\system32\drivers\usbser_lower flt.sys
    2008-11-09 23:17 . 2008-05-07 07:39 1,419,232 --a------ c:\windows\system32\wdfcoinstaller01005. dll
    2008-11-09 23:17 . 2008-05-07 07:38 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
    2008-11-09 23:17 . 2008-05-07 07:38 20,864 --a------ c:\windows\system32\drivers\ccdcmbo.sys
    2008-11-09 23:17 . 2008-05-07 07:38 17,536 --a------ c:\windows\system32\drivers\ccdcmb.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))) ))))))))))))
    .
    2008-12-04 18:21 --------- d-----w c:\program files\Spybot - Search & Destroy
    2008-12-04 18:21 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2008-12-04 17:27 --------- d-----w c:\program files\Common Files\Look312P
    2008-12-04 17:07 --------- d-----w c:\documents and settings\Vanko\Application Data\Skype
    2008-12-04 16:51 --------- d-----w c:\documents and settings\Vanko\Application Data\skypePM
    2008-12-04 15:06 --------- d-----w c:\program files\DC++
    2008-12-02 23:04 --------- d-----w c:\documents and settings\Vanko\Application Data\uTorrent
    2008-12-02 16:32 --------- d-----w c:\program files\Nokia
    2008-12-02 12:53 --------- d-----w c:\documents and settings\Vanko\Application Data\ReGet Software
    2008-11-21 23:38 --------- d-----w c:\program files\Duplicate File Finder
    2008-11-18 18:51 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-11-13 08:56 --------- d-----w c:\program files\Google
    2008-11-09 21:18 --------- d-----w c:\program files\Common Files\PCSuite
    2008-11-09 21:18 --------- d-----w c:\program files\Common Files\Nokia
    2008-11-09 21:10 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
    2008-11-03 10:44 --------- d-----w c:\documents and settings\All Users\Application Data\PassMark
    2008-11-01 00:08 --------- d-----w c:\program files\Opera
    2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    2008-10-22 21:21 --------- d-----w c:\program files\Recuva
    2008-10-17 21:02 --------- d-----w c:\program files\ASDFVisuals
    2008-10-15 09:48 --------- d-----w c:\program files\BFG
    2008-10-15 09:47 --------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
    2008-10-15 09:44 --------- d-----w c:\program files\PopCap Games
    2008-10-13 11:36 --------- d-----w c:\program files\Tropix 2 - The Quest For the Golden Banana
    2008-10-10 16:28 --------- d-----w c:\documents and settings\Vanko\Application Data\dvdcss
    2008-10-06 16:32 --------- d-----w c:\program files\FileRecovery for MultiMediaCard
    2008-10-06 11:33 --------- d-----w c:\program files\F-Recovery for SD
    2008-10-04 09:12 --------- d-----w c:\program files\WMR11
    2008-09-30 15:28 286,720 ----a-w c:\windows\iun506.exe
    2008-09-28 09:43 737,280 ----a-w c:\windows\iun6002.exe
    2007-03-09 07:12 27,648 --sha-w c:\windows\system32\AVSredirect.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))) ))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Win dows\CurrentVersion\Run]
    "DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2008-06-10 2645528]
    "ctfmon.exe"="c:\windows\system32\ctfmon .exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows\CurrentVersion\Run]
    "NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
    "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
    "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-11-11 206088]
    "NvCplDaemon"="c:\windows\system32\NvCpl .dll" [2007-12-13 8466432]
    "BluetoothAuthenticationAgent"="bthprops .cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\W indows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON .EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-09-11 576104]

    [HKEY_LOCAL_MACHINE\software\microsoft\wi ndows nt\currentversion\drivers32]
    "msacm.divxa32"= msaud32_divx.acm

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControl Set\Control\SafeBoot\Minimal\FPAVServer]
    @="Service"

    [HKEY_CURRENT_USER\software\microsoft\win dows\currentversion\run-]
    "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

    [HKEY_LOCAL_MACHINE\software\microsoft\wi ndows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    "WinampAgent"="c:\program files\Winamp\winampa.exe"
    "NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\se curity center]
    "AntiVirusOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\se curity center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\ firewallpolicy\standardprofile\Authorize dApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
    "c:\\Program Files\\DC++\\DCPlusPlus.exe"=
    "c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
    "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
    "c:\\Program Files\\GRETECH\\GomPlayer\\GOM.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\ReGet Software\\ReGet Deluxe\\ReGetDx.exe"=
    "e:\\Spark Unlimited\\Legendary\\Binaries\\Legendar y.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\ firewallpolicy\standardprofile\GloballyO penPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R0 FPAV_RTP;FPAV_RTP;c:\windows\system32\DR IVERS\FStopW.sys [2008-12-04 579808]
    R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg. sys [2008-01-29 32784]
    R2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService [2008-08-16 1386008]
    R2 FPAVServer;F-PROT Antivirus for Windows system;"c:\program files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe" [2007-10-24 18016]
    S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5 .sys []
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcd nsu.sys [2008-08-19 138112]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwc dnsuc.sys [2008-08-19 8320]
    .
    - - - - ORPHANS REMOVED - - - -

    ShellExecuteHooks-{16664848-0E00-11D2-8059-000000000000} - (no file)


    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    IE: Do&wnload by ReGet Deluxe - c:\program files\Common Files\ReGet Shared\CC_Link.htm
    IE: Download A&ll by ReGet Deluxe - c:\program files\Common Files\ReGet Shared\CC_All.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

    O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

    O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

    c:\windows\Downloaded Program Files\sysreqlab3.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
    hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
    c:\windows\Downloaded Program Files\SysReqLab3.osd
    FireFox -: Profile - c:\documents and settings\Vanko\Application Data\Mozilla\Firefox\Profiles\36rah3qv.d efault\
    FF -: plugin - c:\program files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
    FF -: plugin - c:\program files\Picasa2\npPicasa2.dll
    FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\ Windows Presentation Foundation\NPWPF.dll
    .

    **************************************** **********************************
    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    **************************************** **********************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\ Services\DUMeterSvc]
    "ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
    .
    Completion time: 2008-12-04 21:03:35 - machine was rebooted [Vanko]
    ComboFix-quarantined-files.txt 2008-12-04 19:03:34

    Pre-Run: 18,745,319,424 bytes free
    Post-Run: 21,280,362,496 bytes free

    218 --- E O F --- 2008-11-12 17:31:51

    , ?


  15. #15
    Prolemuris
    Join Date: Oct:2006
    Location: Varna
    Posts: 4,296
    , ?? ilko . - , . - "rootkit".

    P.S. \Windows\System32 "TDSS". .
    Last edited by vbdasc; 4th December 2008 at 21:32.

  16. #16
    Registered User
    Join Date: Dec:2008
    Location: kyustendil
    Posts: 10
    , :

    ?

  17. #17
    Prolemuris
    Join Date: Oct:2006
    Location: Varna
    Posts: 4,296
    , . , .

  18. #18
    Registered User
    Join Date: Dec:2005
    Location: yvr
    Posts: 5,167
    , start run "combofix /u" combofix.
    , , SuperAntiSpyware .

  19. #19
    Registered User
    Join Date: Dec:2008
    Location: kyustendil
    Posts: 10

    !

  20. #20
    ๓๓ hmm's Avatar
    Join Date: Dec:2008
    Location: hardwareBG
    Posts: 309
    Quote Originally Posted by vankokn View Post

    !
    . . , "iexplore.exe" task managera, CPU Memory. .

  21. #21
    Nostrum IvO's Avatar
    Join Date: Jun:2008
    Location: HOME.WAD
    Posts: 1,334
    Quote Originally Posted by hmm View Post
    . . , "iexplore.exe" task managera, CPU Memory. .

    ? Internet Explorer? / ( , 7+).

  22. #22
    ๓๓ hmm's Avatar
    Join Date: Dec:2008
    Location: hardwareBG
    Posts: 309
    , IE, Firefox.

  23. #23
    Nostrum IvO's Avatar
    Join Date: Jun:2008
    Location: HOME.WAD
    Posts: 1,334
    Quote Originally Posted by hmm View Post
    , IE, Firefox.

    Firefox, IE? , "" "unload"- . , , Firefox " ".

  24. #24
    ๓๓ hmm's Avatar
    Join Date: Dec:2008
    Location: hardwareBG
    Posts: 309
    IE Windows Update.

  25. #25
    Nostrum IvO's Avatar
    Join Date: Jun:2008
    Location: HOME.WAD
    Posts: 1,334
    Quote Originally Posted by hmm View Post
    IE Windows Update.

    . - ( , ) "kill"- ( "IEXPLORE.EXE" "End Process"). , "" , ? ... .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Copyright © 1999-2011 . .
iskamPC.com | mobility.BG | Bloody's Techblog | | 3D Vision Blog |