Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

soft.update365.us - soft.update999.cn - alman.nad virus [RESOLVED]

Started by asetat , May 31 2008 08:14 PM

  • This topic is locked This topic is locked

#1
asetat
Posted 31 May 2008 - 08:14 PM

asetat

    New Member

  • Member
  • Pip
  • 4 posts
hi there ,

Inspite of being very careful , I'm having troubles with that stupid trojan and virus alerts for 2 days now.. I tried kaspersky6 and nod32 to detect and clean the reason but had no luck till then..

well, here are the details..

I cannot see temporary internet files folder which should be in :

C:\Documents and Settings\Administrator\Local Settings folder.


and those gifs are created periodically , after deleting , they appear again some time later in C:\Documents and Settings\Administrator\Local Settings\Temp folder.

Posted Image

nod32 is alerting like crazy about those gifs , you can see the quarantine screenshots below

Posted Image

Posted Image


finally, you can see the combofix and hijackthis logs below..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:13:06, on 01.06.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Autodesk\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
C:\Program Files\Autodesk\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SolidWorks\COSMOSFloWorks\FloWorks\binCFW\StandAloneSlv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\mspaint.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8171A73-9B72-4831-9CC4-D09BAFD783BD}: NameServer = 4.2.2.2,4.2.2.4
O21 - SSODL: JavaView - {DA191DE0-AA86-D04E-4B87-2A3D4928BE99} - C:\WINDOWS\AppPatch\Jview.dll
O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk Inc - C:\Program Files\Autodesk\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - - C:\Program Files\Autodesk\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Remote Solver for COSMOSFloWorks 2007 - Unknown owner - C:\Program Files\SolidWorks\COSMOSFloWorks\FloWorks\binCFW\StandAloneSlv.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

--
End of file - 8647 bytes


ComboFix 08-05-29.1 - Administrator 2008-06-01 4:09:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1254.1.1055.18.497 [GMT 3:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-TRK.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\ravmonlog
C:\WINDOWS\system32\gmnait.cfg
C:\WINDOWS\system32\jyjlt.cfg
C:\WINDOWS\system32\lariytrz.cfg
C:\WINDOWS\system32\oqrthc.cfg
C:\WINDOWS\system32\sehhter.cfg
C:\WINDOWS\system32\smmhbsrv.sys
C:\WINDOWS\system32\xfgnxfn.cfg

.
((((((((((((((((((((((((( Files Created from 2008-05-01 to 2008-06-01 )))))))))))))))))))))))))))))))
.

2008-06-01 03:03 . 2008-06-01 03:03 <DIR> d-------- C:\WINDOWS\system32\tr
2008-06-01 03:03 . 2008-06-01 03:03 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-01 03:03 . 2008-06-01 03:03 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-01 03:00 . 2008-06-01 03:00 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-01 02:46 . 2004-08-03 22:29 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2008-06-01 02:46 . 2004-08-03 22:29 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2008-06-01 02:46 . 2004-08-03 22:29 11,935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys
2008-06-01 02:46 . 2004-08-03 22:29 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys
2008-06-01 02:46 . 2004-08-03 22:29 11,807 --------- C:\WINDOWS\system32\drivers\wadv07nt.sys
2008-06-01 02:46 . 2004-08-03 22:29 11,295 --------- C:\WINDOWS\system32\drivers\wadv08nt.sys
2008-06-01 02:44 . 2004-08-04 00:36 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2008-06-01 02:08 . 2008-06-01 02:08 <DIR> d-------- C:\fsaua.data
2008-05-31 21:08 . 2008-05-31 21:08 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-31 21:08 . 2008-05-31 21:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-31 21:07 . 2008-05-31 21:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-31 11:43 . 2008-05-31 11:43 <DIR> d-------- C:\Program Files\Marsu-Fix
2008-05-31 11:43 . 2008-05-31 11:43 159,847 --a------ C:\WINDOWS\Marsu-Fix Uninstaller.exe
2008-05-31 11:39 . 2008-05-31 11:39 <DIR> d-------- C:\Program Files\ESET
2008-05-31 11:30 . 2008-05-31 11:30 2,828 --ahs---- C:\WINDOWS\klif.spi
2008-05-31 05:20 . 2003-05-31 06:15 280 ---hs---- C:\WINDOWS\system32\ydgn.cfg
2008-05-31 05:20 . 2008-05-31 05:20 280 ---hs---- C:\WINDOWS\system32\dhugtj.cfg
2008-05-30 19:33 . 2008-05-30 19:33 18,048 --a------ C:\WINDOWS\system32\drivers\eth8023.sys
2008-05-30 19:28 . 2008-05-31 06:15 552 ---hs---- C:\WINDOWS\system32\sthth.cfg
2008-05-30 19:28 . 2008-05-30 19:28 280 ---hs---- C:\WINDOWS\system32\dscef.cfg
2008-05-30 19:28 . 2008-05-30 19:28 144 ---hs---- C:\WINDOWS\system32\xfgnfx.cfg
2008-05-30 19:28 . 2008-05-30 19:28 144 ---hs---- C:\WINDOWS\system32\kduy.cfg
2008-05-30 19:28 . 2008-05-30 19:28 144 ---hs---- C:\WINDOWS\system32\chmfcmh.cfg
2008-05-30 19:20 . 2008-05-30 19:20 144 ---hs---- C:\WINDOWS\system32\ghjkdr.cfg
2008-05-30 19:20 . 2008-05-30 19:35 24 --a------ C:\WINDOWS\system32\pzwmaime.sys
2008-05-30 17:45 . 2008-05-30 17:45 45,748 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-05-30 17:38 . 2008-05-30 17:39 <DIR> d-------- C:\Program Files\Picasa2
2008-05-30 17:38 . 2008-05-30 17:38 <DIR> d-------- C:\Program Files\Google
2008-05-30 17:16 . 2008-05-30 17:17 <DIR> d-------- C:\Program Files\eMule
2008-05-19 01:03 . 2008-05-19 01:03 <DIR> d-------- C:\Program Files\Total Training
2008-05-18 08:23 . 2008-05-18 08:23 <DIR> d-------- C:\WINDOWS\system32\3Planesoft
2008-05-18 08:23 . 2008-05-18 08:23 <DIR> d-------- C:\Program Files\Flag 3D Screensaver
2008-05-18 08:23 . 2008-05-18 08:23 <DIR> d-------- C:\Program Files\3Planesoft Screensaver Manager
2008-05-16 19:40 . 2008-05-16 19:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\My Games
2008-05-13 19:57 . 2008-05-13 19:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Printer Info Cache
2008-05-13 19:57 . 2008-05-22 13:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Image Zone Express

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-01 00:39 9,216 ----a-w C:\WINDOWS\AppPatch\AcXtrnel.dll
2008-05-31 23:03 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-05-31 19:49 --------- d-----w C:\Program Files\QuickTime
2008-05-31 18:10 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-05-31 08:44 13,824 ----a-w C:\WINDOWS\AppPatch\Jview.dll
2008-05-31 02:16 --------- d-----w C:\Program Files\Save Flash
2008-05-30 16:33 27,136 ----a-w C:\WINDOWS\AppPatch\AcPlugin.dll
2008-05-23 12:48 --------- d-----w C:\Documents and Settings\Administrator\Application Data\IM
2008-05-16 18:13 --------- d-----w C:\Program Files\Macromedia
2008-05-16 16:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-13 16:47 --------- d-----w C:\Documents and Settings\Administrator\Application Data\HP
2008-05-04 16:30 --------- d-----w C:\Documents and Settings\Administrator\Application Data\BSplayer PRO
2008-05-04 15:22 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ICQ
2008-04-26 19:11 --------- d-----w C:\Program Files\ICQ6
2008-04-23 22:21 --------- d-----w C:\Program Files\Windows Desktop Search
2008-04-21 00:19 --------- d-----w C:\Program Files\Common Files\Macromedia Shared
2008-04-21 00:19 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-04-14 16:15 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 16:03 331,264 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 16:01 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 16:01 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 16:01 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 16:01 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 16:01 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 16:01 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 16:01 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 15:59 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-14 15:58 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll
2008-04-14 15:58 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll
2008-04-14 15:58 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-14 15:58 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 15:44 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 15:44 73,344 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 15:44 68,480 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 15:44 46,464 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 15:44 120,064 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 15:43 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 15:43 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 15:43 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 15:42 799,872 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 15:42 154,112 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 15:40 78,336 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 15:40 78,336 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 15:40 40,576 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 15:40 37,376 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 15:40 24,704 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 15:39 49,152 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 15:39 40,192 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 15:38 64,896 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 15:38 552,960 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 15:38 51,840 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 15:37 65,536 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 15:37 272,896 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 15:37 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 15:36 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 15:36 57,600 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 15:36 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 15:35 52,352 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 15:35 44,672 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 15:35 41,472 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 15:35 41,088 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 15:34 39,680 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 15:33 30,208 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 15:33 23,168 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 15:33 187,776 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-14 06:00 988,160 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 06:00 424,960 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 06:00 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-13 23:52 --------- d-----w C:\Documents and Settings\Administrator\Application Data\VidaOne
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2004-08-08 16:20 520 --sh--w C:\WINDOWS\system32\fxwmbime.sys
2004-08-08 02:21 520 --sh--w C:\WINDOWS\system32\xzfhbjpg.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97421D0D-E07F-40DF-8F07-99597B9585AD}]
2008-06-01 01:59 45056 --a------ C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 12:33 16132608 C:\WINDOWS\RTHDCPL.exe]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2008-05-31 21:09 4579328]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 19:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"JavaView"= {DA191DE0-AA86-D04E-4B87-2A3D4928BE99} - C:\WINDOWS\AppPatch\Jview.dll [2008-05-31 11:44 13824]
"ThunderAdvise"= {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll [2008-06-01 01:59 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= divxa32.acm
"SENTINEL"= snti386.dll
"VIDC.ACDV"= ACDV.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programlar^Başlangıē^SolidWorks Task Scheduler Engine.lnk]
path=C:\Documents and Settings\Administrator\Start Menu\Programlar\Başlangıē\SolidWorks Task Scheduler Engine.lnk
backup=C:\WINDOWS\pss\SolidWorks Task Scheduler Engine.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programlar^Başlangıē^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programlar\Başlangıē\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programlar^Başlangıē^Adobe Acrobat Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programlar\Başlangıē\Adobe Acrobat Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programlar^Başlangıē^AutoCAD Startup Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programlar\Başlangıē\AutoCAD Startup Accelerator.lnk
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programlar^Başlangıē^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programlar\Başlangıē\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programlar^Başlangıē^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programlar\Başlangıē\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programlar^Başlangıē^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programlar\Başlangıē\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-01-11 20:54 623992 D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-09-25 10:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-09-20 16:35 202024 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bittorrent]
C:\WINDOWS\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 19:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
--a------ 2007-09-06 16:08 136136 C:\Program Files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-12-10 22:52 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:35 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 10:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 16:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
d:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Real Desktop]
C:\Program Files\Real Desktop\Real Desktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SolidWorks_CheckForUpdates]
-ra------ 2007-09-10 15:15 6460696 C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
d:\Program Files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Dassault Systemes\\B17\\intel_a\\code\\bin\\orbixd.exe"=
"C:\\Program Files\\Dassault Systemes\\B17\\intel_a\\code\\bin\\CNEXT.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 2008\\3dsmax.exe"=
"C:\\Program Files\\Autodesk\\Maya2008\\bin\\maya.exe"=
"C:\\Program Files\\seba14mods\\µtorrent 1.7.2 Leecher Pack\\utorrent 1.7.2_mult10_leecher.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\seba14mods\\µtorrent 1.7.2 Leecher Pack\\utorrent 1.7.2_original.exe"=
"C:\\Program Files\\seba14mods\\µtorrent 1.7.2 Leecher Pack\\utorrent 1.7.2_mult100_leecher.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\eMule\\emule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12697:TCP"= 12697:TCP:NortonAV
"18203:TCP"= 18203:TCP:NortonAV
"13088:TCP"= 13088:TCP:NortonAV

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 15:22]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-10-18 12:39]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
R1 LUMDriver;LUMDriver;C:\WINDOWS\system32\drivers\LUMDriver.sys [2006-10-13 23:53]
R2 BBDemon;Backbone Service;"C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe" -service []
R2 MSSQL$AUTODESKVAULT;MSSQL$AUTODESKVAULT;"C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe" -sAUTODESKVAULT []
R2 Remote Solver for COSMOSFloWorks 2007;Remote Solver for COSMOSFloWorks 2007;"C:\Program Files\SolidWorks\COSMOSFloWorks\FloWorks\binCFW\StandAloneSlv.exe" [2007-07-23 10:05]
S2 cdralw;NVIDIA Compatible Windows Miniport Driver;C:\WINDOWS\system32\DRIVERS\nvmini.sys []
S3 eth8023;eth8023;C:\WINDOWS\system32\drivers\eth8023.sys [2008-05-30 19:33]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;"C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE" -i AUTODESKVAULT []
S3 V0330VID;WebCam Vista;C:\WINDOWS\system32\DRIVERS\V0330Vid.sys [2006-09-12 20:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-01 04:13:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\Ad-Watch Real-Time Scanner]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\AWRTPD.sys"
.
Completion time: 2008-06-01 4:17:10
ComboFix-quarantined-files.txt 2008-06-01 01:16:57

10 Dizin 96,321,646,592 bayt boş
14 Dizin 96,291,745,792 bayt boş

WindowsXP-KB310994-SP2-Pro-BootDisk-TRK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

313 --- E O F --- 2008-05-31 08:46:13



well, any idea please?

I don't want to format my pc,I have almost 50 gb program data installed :)

Edited by asetat, 31 May 2008 - 08:15 PM.

  • 0

Advertisements

#2
asetat
Posted 01 June 2008 - 05:31 AM

asetat

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
any ideas please?

:)
  • 0

#3
asetat
Posted 02 June 2008 - 04:20 PM

asetat

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
..

Edited by asetat, 02 June 2008 - 04:21 PM.

  • 0

#4
asetat
Posted 02 June 2008 - 04:20 PM

asetat

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
don't need anymore..

I just formatted the pc..

that damnn thing drove me crazy..
  • 0

#5
Rorschach112
Posted 02 June 2008 - 04:57 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP