Results 1 to 25 of 30
Thread: ?
Hybrid View
-
4th December 2008 18:51 #1Registered User
Join Date: Dec:2008
Location: kyustendil
Posts: 10
?
, Trojan-Downloader.Win32.Agent.akwa Heur.Trojan.Generic . , http://www.kaspersky.com/, http://windowsupdate.microsoft.com/ .. IE, Opera, Mozilla Firefox.
Ping 127.0.0.1 localhost. C:\WINDOWS\system32\drivers\etc hosts e, ( HostsFileReader, ), !
Spybot - Search & Destroy ( , ).
HijackThis, :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:40:14, on 04.12.2008 .
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\WINDOWS\system32\bgsvcgen.exe
c:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EX E
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\sms\sms.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper Shim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGet Software\ReGet Deluxe\IEBar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAge nt
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.D LL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1218891957546
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll ,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.d ll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7431 bytes
(google.com )
( save),
,
-
4th December 2008 19:42 #2Prolemuris
Join Date: Oct:2006
Location: Varna
Posts: 4,296
ComboFix
-
4th December 2008 19:44 #3Registered User
Join Date: Dec:2008
Location: kyustendil
Posts: 10
!
-
4th December 2008 19:46 #4Prolemuris
Join Date: Oct:2006
Location: Varna
Posts: 4,296
-
4th December 2008 20:18 #5Registered User
Join Date: Dec:2008
Location: kyustendil
Posts: 10
-
4th December 2008 20:30 #6Registered User
Join Date: Dec:2005
Location: yvr
Posts: 5,167
-
4th December 2008 20:22 #7Prolemuris
Join Date: Oct:2006
Location: Varna
Posts: 4,296
Device Manager View/Show Hidden Devices, non-plug and play drivers. .
-
4th December 2008 20:29 #8Registered User
Join Date: Dec:2008
Location: kyustendil
Posts: 10
-
4th December 2008 20:35 #9Prolemuris
Join Date: Oct:2006
Location: Varna
Posts: 4,296
ilko ,
, disable TDSSServ
-
4th December 2008 20:37 #10Registered User
Join Date: Dec:2008
Location: kyustendil
Posts: 10
txt , C:\ComboFix.
-
4th December 2008 20:38 #11Registered User
Join Date: Dec:2008
Location: kyustendil
Posts: 10
"disable TDSSServ" !
-
4th December 2008 20:40 #12Prolemuris
Join Date: Oct:2006
Location: Varna
Posts: 4,296
, Device Manager disabled; ComboFix .
-
4th December 2008 20:49 #13Registered User
Join Date: Dec:2005
Location: yvr
Posts: 5,167
, :
http://www.silentrunners.org/Silent%20Runners.vbs
, 2-3 , , .
- Silent Runners.vbs Startup Programs...
-
4th December 2008 21:10 #14Registered User
Join Date: Dec:2008
Location: kyustendil
Posts: 10


( 4 )!
"disable TDSSServ" ComboFix. ( ) :
ComboFix 08-12-03.04 - Vanko 2008-12-04 20:52:33.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.1.1033.18.1582 [GMT 2:00]
Running from: C:\ComboFix.exe
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 1
'PV' is not recognized as an internal or external command
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))) )))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0. dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1. dat
c:\documents and settings\All Users\Application Data\vlc-0.9.4-win32.exe
c:\documents and settings\Vanko\Application Data\gadcom
c:\documents and settings\Vanko\Application Data\gadcom\gadcom.exe
c:\documents and settings\Vanko\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\system32\Drivers\TDSSpaxt.sys
c:\windows\system32\msupdte.exe
c:\windows\system32\TDSScfum.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\TDSStkdv.log
c:\windows\update.exe
E:\install.exe
----- BITS: Possible infected sites -----
hxxp://rapidshare.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))) )))))))))
.
-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys
((((((((((((((((((((((((( Files Created from 2008-11-04 to 2008-12-04 )))))))))))))))))))))))))))))))
.
2008-12-04 20:40 . 2008-12-04 21:02 1,261,600 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-12-04 20:40 . 2008-12-04 21:02 180,256 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2008-12-04 20:40 . 2008-12-04 21:02 13,032 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-12-04 20:40 . 2008-12-04 21:02 1,696 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2008-12-04 20:34 . 2008-12-04 20:44 3,057,531 -ra------ C:\ComboFix.exe
2008-12-04 19:07 . 2008-12-04 19:07 <DIR> d-------- c:\program files\FRISK Software
2008-12-04 19:07 . 2008-12-04 19:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\FRISK Software
2008-12-04 19:07 . 2007-10-22 09:48 579,808 --a------ c:\windows\system32\drivers\FStopW.sys
2008-12-03 19:23 . 2008-12-03 19:23 <DIR> d-------- c:\program files\HostsMan
2008-12-03 19:23 . 2008-12-03 22:58 <DIR> d-------- c:\documents and settings\Vanko\Application Data\abelhadigital.com
2008-12-03 19:23 . 2008-12-03 19:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\abelhadigital.com
2008-12-03 19:12 . 2008-12-03 19:12 <DIR> d-------- c:\program files\BillP Studios
2008-12-03 19:12 . 2008-12-03 19:12 <DIR> d-------- c:\documents and settings\Vanko\Application Data\WinPatrol
2008-12-03 17:58 . 2008-08-16 14:48 2,577 --a------ c:\windows\system32\config.bak
2008-12-03 17:58 . 2008-08-16 14:48 2,577 --a------ c:\windows\config.nt
2008-12-03 17:58 . 2002-08-29 14:00 1,688 --a------ c:\windows\system32\autoexec.bak
2008-12-03 17:58 . 2002-08-29 14:00 1,688 --a------ c:\windows\autoexec.nt
2008-12-03 15:34 . 2008-12-03 15:34 <DIR> d-------- c:\program files\Safer Networking
2008-12-02 18:04 . 2008-12-02 18:04 <DIR> d-------- c:\documents and settings\proben\Application Data\uTorrent
2008-12-02 18:03 . 2008-12-02 18:03 20,480 --ah----- c:\documents and settings\proben\run3.exe
2008-12-02 18:03 . 2008-12-02 18:03 2,786 --ah----- c:\documents and settings\proben\run1.exe
2008-12-02 18:02 . 2008-12-02 18:02 <DIR> d-------- c:\documents and settings\proben\Bluetooth Software
2008-12-02 18:02 . 2008-12-02 18:03 <DIR> d-------- c:\documents and settings\proben
2008-12-02 18:02 . 2008-04-14 02:12 221,184 --a------ c:\windows\system32\wmpns.dll
2008-12-02 14:43 . 2008-12-02 17:55 14,336 --ah----- c:\documents and settings\Vanko\run2.exe
2008-12-01 23:56 . 2008-12-01 23:56 <DIR> d-------- c:\documents and settings\Administrator
2008-12-01 23:15 . 2008-12-01 23:15 <DIR> d-------- c:\program files\Trend Micro
2008-12-01 19:44 . 2008-12-02 00:04 2,785 --ah----- c:\documents and settings\Vanko\run1.exe
2008-12-01 17:35 . 2008-12-01 17:35 <DIR> d-------- c:\program files\Kaspersky Lab
2008-12-01 17:35 . 2008-12-04 21:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-12-01 17:35 . 2008-12-01 17:35 96,976 --a------ c:\windows\system32\drivers\klin.dat
2008-12-01 17:35 . 2008-12-01 17:35 87,855 --a------ c:\windows\system32\drivers\klick.dat
2008-12-01 17:31 . 2008-12-01 17:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-12-01 11:57 . 2008-12-04 20:23 2,268 --a------ c:\windows\system32\TDSSlxwp.dll
2008-11-27 21:38 . 2008-11-27 21:38 97 --a------ c:\windows\wininit.ini
2008-11-26 21:55 . 2008-04-13 21:39 14,592 --a------ c:\windows\system32\drivers\kbdhid.sys
2008-11-26 21:55 . 2008-04-13 21:39 14,592 --a--c--- c:\windows\system32\dllcache\kbdhid.sys
2008-11-24 11:52 . 2008-11-24 11:52 <DIR> d-------- c:\windows\Hidden Secrets - The Nightmare
2008-11-24 11:52 . 2008-12-01 20:58 <DIR> d-------- c:\program files\Hidden Secrets - The Nightmare
2008-11-24 11:52 . 2008-11-24 11:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\HiddenSecretsNightmare
2008-11-23 22:58 . 2008-12-02 00:04 20,480 --ah----- c:\documents and settings\Vanko\run3.exe
2008-11-22 13:26 . 2008-11-22 13:26 <DIR> d-------- c:\documents and settings\Vanko\Application Data\Dragon Altar Games
2008-11-21 19:29 . 2008-11-21 19:29 <DIR> d-------- c:\program files\Patriot Games
2008-11-21 19:29 . 2008-11-21 19:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Alawar Stargaze
2008-11-20 19:37 . 2008-11-20 19:38 <DIR> d-------- c:\documents and settings\Vanko\Application Data\SecretIslandEng
2008-11-17 19:15 . 2008-11-17 19:15 <DIR> d-------- c:\documents and settings\Vanko\Application Data\Artogon
2008-11-14 18:20 . 2008-11-17 19:13 <DIR> d-------- c:\program files\Games
2008-11-12 19:29 . 2008-09-04 19:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 19:29 . 2008-10-24 13:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 20:00 . 2008-11-11 20:00 218,376 --a------ c:\windows\system32\klogon.dll
2008-11-11 19:58 . 2008-11-11 19:58 25,601 --a------ c:\windows\system32\drivers\klopp.dat
2008-11-11 17:38 . 2008-11-11 17:38 <DIR> d-------- c:\program files\Seagate
2008-11-11 17:37 . 2008-11-11 17:37 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-09 23:18 . 2008-05-07 07:38 8,064 --a------ c:\windows\system32\drivers\usbser_lower fltj.sys
2008-11-09 23:18 . 2008-06-06 09:24 8,064 --a------ c:\windows\system32\drivers\usbser_lower flt.sys
2008-11-09 23:17 . 2008-05-07 07:39 1,419,232 --a------ c:\windows\system32\wdfcoinstaller01005. dll
2008-11-09 23:17 . 2008-05-07 07:38 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
2008-11-09 23:17 . 2008-05-07 07:38 20,864 --a------ c:\windows\system32\drivers\ccdcmbo.sys
2008-11-09 23:17 . 2008-05-07 07:38 17,536 --a------ c:\windows\system32\drivers\ccdcmb.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))) ))))))))))))
.
2008-12-04 18:21 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-04 18:21 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-04 17:27 --------- d-----w c:\program files\Common Files\Look312P
2008-12-04 17:07 --------- d-----w c:\documents and settings\Vanko\Application Data\Skype
2008-12-04 16:51 --------- d-----w c:\documents and settings\Vanko\Application Data\skypePM
2008-12-04 15:06 --------- d-----w c:\program files\DC++
2008-12-02 23:04 --------- d-----w c:\documents and settings\Vanko\Application Data\uTorrent
2008-12-02 16:32 --------- d-----w c:\program files\Nokia
2008-12-02 12:53 --------- d-----w c:\documents and settings\Vanko\Application Data\ReGet Software
2008-11-21 23:38 --------- d-----w c:\program files\Duplicate File Finder
2008-11-18 18:51 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-13 08:56 --------- d-----w c:\program files\Google
2008-11-09 21:18 --------- d-----w c:\program files\Common Files\PCSuite
2008-11-09 21:18 --------- d-----w c:\program files\Common Files\Nokia
2008-11-09 21:10 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2008-11-03 10:44 --------- d-----w c:\documents and settings\All Users\Application Data\PassMark
2008-11-01 00:08 --------- d-----w c:\program files\Opera
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 21:21 --------- d-----w c:\program files\Recuva
2008-10-17 21:02 --------- d-----w c:\program files\ASDFVisuals
2008-10-15 09:48 --------- d-----w c:\program files\BFG
2008-10-15 09:47 --------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
2008-10-15 09:44 --------- d-----w c:\program files\PopCap Games
2008-10-13 11:36 --------- d-----w c:\program files\Tropix 2 - The Quest For the Golden Banana
2008-10-10 16:28 --------- d-----w c:\documents and settings\Vanko\Application Data\dvdcss
2008-10-06 16:32 --------- d-----w c:\program files\FileRecovery for MultiMediaCard
2008-10-06 11:33 --------- d-----w c:\program files\F-Recovery for SD
2008-10-04 09:12 --------- d-----w c:\program files\WMR11
2008-09-30 15:28 286,720 ----a-w c:\windows\iun506.exe
2008-09-28 09:43 737,280 ----a-w c:\windows\iun6002.exe
2007-03-09 07:12 27,648 --sha-w c:\windows\system32\AVSredirect.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))) ))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Win dows\CurrentVersion\Run]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2008-06-10 2645528]
"ctfmon.exe"="c:\windows\system32\ctfmon .exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wi ndows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-11-11 206088]
"NvCplDaemon"="c:\windows\system32\NvCpl .dll" [2007-12-13 8466432]
"BluetoothAuthenticationAgent"="bthprops .cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\W indows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON .EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-09-11 576104]
[HKEY_LOCAL_MACHINE\software\microsoft\wi ndows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControl Set\Control\SafeBoot\Minimal\FPAVServer]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\win dows\currentversion\run-]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
[HKEY_LOCAL_MACHINE\software\microsoft\wi ndows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\se curity center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\se curity center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\ firewallpolicy\standardprofile\Authorize dApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\GRETECH\\GomPlayer\\GOM.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\ReGet Software\\ReGet Deluxe\\ReGetDx.exe"=
"e:\\Spark Unlimited\\Legendary\\Binaries\\Legendar y.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\ firewallpolicy\standardprofile\GloballyO penPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 FPAV_RTP;FPAV_RTP;c:\windows\system32\DR IVERS\FStopW.sys [2008-12-04 579808]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg. sys [2008-01-29 32784]
R2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService [2008-08-16 1386008]
R2 FPAVServer;F-PROT Antivirus for Windows system;"c:\program files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe" [2007-10-24 18016]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5 .sys []
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcd nsu.sys [2008-08-19 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwc dnsuc.sys [2008-08-19 8320]
.
- - - - ORPHANS REMOVED - - - -
ShellExecuteHooks-{16664848-0E00-11D2-8059-000000000000} - (no file)
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Do&wnload by ReGet Deluxe - c:\program files\Common Files\ReGet Shared\CC_Link.htm
IE: Download A&ll by ReGet Deluxe - c:\program files\Common Files\ReGet Shared\CC_All.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
c:\windows\Downloaded Program Files\sysreqlab3.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
c:\windows\Downloaded Program Files\SysReqLab3.osd
FireFox -: Profile - c:\documents and settings\Vanko\Application Data\Mozilla\Firefox\Profiles\36rah3qv.d efault\
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - c:\program files\Picasa2\npPicasa2.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\ Windows Presentation Foundation\NPWPF.dll
.
**************************************** **********************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************** **********************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\ Services\DUMeterSvc]
"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
Completion time: 2008-12-04 21:03:35 - machine was rebooted [Vanko]
ComboFix-quarantined-files.txt 2008-12-04 19:03:34
Pre-Run: 18,745,319,424 bytes free
Post-Run: 21,280,362,496 bytes free
218 --- E O F --- 2008-11-12 17:31:51
, ?


-
4th December 2008 21:27 #15Prolemuris
Join Date: Oct:2006
Location: Varna
Posts: 4,296
, ?? ilko . - , . - "rootkit".
P.S. \Windows\System32 "TDSS". .Last edited by vbdasc; 4th December 2008 at 21:32.
-
4th December 2008 21:39 #16Registered User
Join Date: Dec:2008
Location: kyustendil
Posts: 10
, :

?
-
4th December 2008 21:42 #17Prolemuris
Join Date: Oct:2006
Location: Varna
Posts: 4,296
, . , .
-
4th December 2008 22:10 #18Registered User
Join Date: Dec:2005
Location: yvr
Posts: 5,167
, start run "combofix /u" combofix.
, , SuperAntiSpyware .
-
4th December 2008 22:21 #19Registered User
Join Date: Dec:2008
Location: kyustendil
Posts: 10





!
-
13th December 2008 14:41 #20
-
13th December 2008 14:47 #21
-
13th December 2008 14:50 #22
-
13th December 2008 14:54 #23
-
13th December 2008 15:02 #24
-
13th December 2008 15:06 #25




Reply With Quote

R9 280,
07.05.23 ., 21:28 in