i'v got the cry_tap-2 virus can you help ? [CLOSED]

i'v ran the combofix ........ is it fixed !!!!!

ComboFix 08-04-15.1 - Owner 2008-04-15 19:12:17.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1804 [GMT -4:00]
Running from: C:\Users\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.

2008-04-15 05:20 . 2008-04-15 05:20 <DIR> d-------- C:\Users\All Users\ocvpdipl
2008-04-15 05:20 . 2008-04-15 05:20 <DIR> d-------- C:\Users\All Users\kbyfsxid
2008-04-15 05:20 . 2008-04-15 05:20 <DIR> d-------- C:\ProgramData\ocvpdipl
2008-04-15 05:20 . 2008-04-15 05:20 <DIR> d-------- C:\ProgramData\kbyfsxid
2008-04-03 19:57 . 2008-04-03 19:57 <DIR> d-------- C:\Users\All Users\ExtendMedia
2008-04-03 19:57 . 2008-04-03 19:57 <DIR> d-------- C:\ProgramData\ExtendMedia
2008-04-02 22:22 . 2008-04-02 22:22 <DIR> d-------- C:\Users\Owner\AppData\Roaming\acccore
2008-04-02 22:20 . 2008-04-02 22:20 <DIR> d-------- C:\Users\All Users\Viewpoint
2008-04-02 22:20 . 2008-04-02 22:20 <DIR> d-------- C:\ProgramData\Viewpoint
2008-04-02 22:20 . 2008-04-02 22:20 <DIR> d-------- C:\Program Files\Viewpoint
2008-04-02 22:19 . 2008-04-02 22:22 <DIR> d-------- C:\Users\All Users\AOL OCP
2008-04-02 22:19 . 2008-04-02 22:19 <DIR> d-------- C:\Users\All Users\AOL
2008-04-02 22:19 . 2008-04-02 22:22 <DIR> d-------- C:\ProgramData\AOL OCP
2008-04-02 22:19 . 2008-04-02 22:19 <DIR> d-------- C:\ProgramData\AOL
2008-04-02 22:19 . 2008-04-02 22:19 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-04-02 22:18 . 2008-04-02 22:21 <DIR> d-------- C:\Program Files\AIM6
2008-04-02 22:18 . 2008-04-02 22:21 351 --ah----- C:\IPH.PH
2008-03-31 22:58 . 2008-03-31 22:58 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-31 03:14 . 2008-04-03 19:57 <DIR> d-------- C:\Program Files\Showtime
2008-03-31 03:13 . 2008-03-31 03:13 <DIR> d-------- C:\Program Files\OpenCASE
2008-03-28 00:42 . 2008-03-28 00:42 <DIR> d-------- C:\Program Files\Hamachi
2008-03-28 00:42 . 2008-03-28 00:42 25,280 --a------ C:\Windows\System32\drivers\hamachi.sys
2008-03-25 15:30 . 2008-03-25 15:30 <DIR> d-------- C:\Program Files\Safari
2008-03-25 15:29 . 2008-03-25 15:29 <DIR> d-------- C:\Program Files\iTunes
2008-03-25 15:29 . 2008-03-25 15:29 <DIR> d-------- C:\Program Files\iPod
2008-03-23 22:42 . 2008-03-23 22:43 92 --a------ C:\Windows\lexstat.ini
2008-03-23 22:37 . 1997-04-08 20:08 299,520 --a------ C:\Windows\uninst.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 20:47 --------- d-----w C:\Users\Owner\AppData\Roaming\Hamachi
2008-04-09 00:16 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 00:14 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-01 11:15 --------- d-----w C:\Users\Owner\AppData\Roaming\Apple Computer
2008-03-25 19:29 --------- d-----w C:\ProgramData\Apple Computer
2008-03-06 07:45 --------- d-----w C:\Users\Owner\AppData\Roaming\Yahoo!
2008-03-06 07:45 --------- d-----w C:\ProgramData\Yahoo!
2008-03-06 07:44 --------- d-----w C:\Program Files\Yahoo!
2008-03-04 13:33 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-02 21:38 --------- d-----w C:\Program Files\Uniblue
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-27 06:12 --------- d-----w C:\Users\Owner\AppData\Roaming\Spare Backup
2008-02-27 04:17 --------- d-----w C:\Users\Owner\AppData\Roaming\PeerNetworking
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-02-16 03:37 65,936 ----a-w C:\Windows\system32\drivers\tmtdi.sys
2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe
2008-02-14 08:06 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 08:03 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 08:03 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 08:03 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 08:03 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 08:03 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 08:03 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 08:03 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 08:03 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-14 08:03 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 08:03 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 08:03 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 08:03 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-07 15:31 0 ----a-w C:\Users\Owner\AppData\Roaming\wklnhst.dat
2008-02-01 08:21 245,408 ----a-w C:\Windows\System32\unicows.dll
2008-01-21 18:16 174 --sha-w C:\Program Files\desktop.ini
2008-01-21 17:11 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-01-21 17:11 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-01-21 17:11 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-01-21 17:11 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-01-21 17:11 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-01-21 17:10 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-01-21 17:10 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-01-21 17:10 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-01-21 17:10 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-01-21 17:08 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-01-21 17:08 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-01-21 17:07 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-01-21 17:07 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-01-21 17:07 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-01-21 17:07 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-01-21 17:06 2,048 ----a-w C:\Windows\System32\msxml6r.dll
2008-01-21 17:06 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-01-21 17:04 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-21 17:03 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-01-21 17:02 750,080 ----a-w C:\Windows\System32\qmgr.dll
2008-01-21 17:02 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-01-21 16:48 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-01-21 16:48 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-01-21 16:48 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-01-21 16:48 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-01-21 16:48 33,624 ----a-w C:\Windows\System32\wups.dll
2008-01-21 16:48 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-01-21 16:48 163,000 ----a-w C:\Windows\System32\wuwebv.dll
2008-01-21 16:48 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-01-21 16:48 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 13:04 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-03-25 16:21 50528]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:36 201728]
"ocvpdipl"="C:\ProgramData\ocvpdipl\mridmtsj.exe" [2008-04-15 05:20 98304]
"mbfGrDDCyR"="C:\ProgramData\kbyfsxid\ajapkhkd.exe" [2008-04-15 05:20 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-20 13:06 1006264]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-02-26 14:10 1398024]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 05:45 222208]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigFix]
c:\program files\Bigfix\bigfix.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT GWY]
--a------ 2007-08-07 12:24 298496 C:\Program Files\Gateway\EzTune\DTHtml.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2006-11-15 19:58 151552 C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launcher]
%WINDIR%\SMINST\launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
C:\Program Files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
--a------ 2006-09-06 15:12 323216 C:\Program Files\Napster\napster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-06-29 03:43 8466432 C:\Windows\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-06-29 03:43 81920 C:\Windows\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
--a------ 2007-06-29 03:43 86016 C:\Windows\system32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PivotSoftware]
--a------ 2007-02-09 13:17 694008 C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2006-11-02 16:38 303104 C:\Windows\sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spare Backup]
--a------ 2007-07-13 00:27 5252936 C:\Program Files\Spare Backup\SpareBackup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherDPA]
C:\Program Files\Zango\bin\10.2.191.0\Weather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoOE]
C:\Program Files\Zango\bin\10.2.191.0\OEAddOn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoSA]
C:\Program Files\Zango\bin\10.2.191.0\ZangoSA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{844A2BDE-EC16-4B48-A444-343FE931AF6F}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7E175A46-A93F-47D2-9937-6BEE04AA533E}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{875A4F8A-AB1B-4B54-B9F8-AEAFDA74A29A}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{096C5F00-C8FE-4816-BB9A-429EEC30EE04}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{101B222E-D80B-4BE7-9DC0-151BA89B6A72}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{A58C31DC-5B8C-4B18-B43B-94FDD74D11C3}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{5357E945-512B-4B55-81CC-7C3595B2B4FF}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{48C8995E-FC24-430A-A284-A291262C48F9}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{5FB7A0C3-1E69-466F-AA29-45D1D23F3484}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{12581DB9-2D82-4CAB-9DDF-857F08EF38EE}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{EFD0F834-286E-4CFD-B225-5B088F074B97}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{1D7FE7B7-BED4-4F5C-AC10-6CB935AF09FF}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{8FEB0402-6565-4B46-8331-50B761DB49B0}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{0ACD558E-BDCE-4B45-8C69-D5E7F5518E32}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{E6C26182-2D9A-4DFF-AA5E-14BADBF83EC3}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 OpenCASE Media Agent;OpenCASE Media Agent;"C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe" [2008-03-17 14:46]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;C:\Windows\system32\drivers\AVer88xHD.sys [2007-04-08 23:47]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 03:30]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 19:15:10
Windows 6.0.6000 NTFS

scanning hidden processes ...
scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-15 19:16:11
ComboFix-quarantined-files.txt 2008-04-15 23:16:06

Pre-Run: 400,946,167,808 bytes free
Post-Run: 401,053,085,696 bytes free
.
2008-04-09 00:14:41 --- E O F ---

i'v got the cry_tap-2 virus can you help ? [CLOSED]

#1
3made

Posted 15 April 2008 - 06:09 PM

Advertisements

#2
greyknight17

Posted 20 April 2008 - 04:35 PM

#3
greyknight17

Posted 26 April 2008 - 06:45 PM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

i'v got the cry_tap-2 virus can you help ? [CLOSED]

#1 3made Posted 15 April 2008 - 06:09 PM

Advertisements

#2 greyknight17 Posted 20 April 2008 - 04:35 PM

#3 greyknight17 Posted 26 April 2008 - 06:45 PM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Sign In

#1
3made

Posted 15 April 2008 - 06:09 PM

#2
greyknight17

Posted 20 April 2008 - 04:35 PM

#3
greyknight17

Posted 26 April 2008 - 06:45 PM