Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Rdriv.sys - Please help!

  • Please log in to reply



    New Member

  • Member
  • Pip
  • 1 posts
Please can you help me??
This is my log. I need some help with the Rdriv.sys troyan

Logfile of HijackThis v1.99.1
Scan saved at 18:45:18, on 14/09/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Archivos de programa\DLink\Software Bluetooth\bin\btwdins.exe
C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
C:\Archivos de programa\ewido\security suite\ewidoguard.exe
C:\Archivos de programa\HP\hpcoretech\hpcmpmgr.exe
C:\Archivos de programa\Archivos comunes\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Archivos de programa\Logitech\MouseWare\system\em_exec.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\Microsoft Office\Office\3082\msoffice.exe
C:\Archivos de programa\DLink\Software Bluetooth\BTTray.exe
C:\Archivos de programa\Microsoft Office\Office\OSA.EXE
C:\Archivos de programa\Outlook Express\msimn.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Archivos de programa\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.es/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Archivos de programa\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Archivos de programa\Archivos comunes\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\RunServices: [Microsoft Windows Scaner] scaner.exe
O4 - HKLM\..\RunServices: [boqamah] dytevevi.exe
O4 - HKLM\..\RunServices: [uteyilix] givohise.exe
O4 - HKLM\..\RunServices: [Dxedases] asdxxxfes.exe
O4 - HKLM\..\RunServices: [Sakemsneql] simenu.exe
O4 - HKLM\..\RunServices: [apyginapygin] simenu.exe
O4 - HKLM\..\RunServices: [Casddwqs] vcxvzgqefa.exe
O4 - HKLM\..\RunServices: [igamatu] atecaca.exe
O4 - HKLM\..\RunServices: [upyxo] yujixit.exe
O4 - HKLM\..\RunServices: [Pantera] pantera.exe
O4 - HKLM\..\RunServices: [Whitechix] brightx.exe
O4 - HKLM\..\RunServices: [Hollaback] slvhosts.exe
O4 - HKLM\..\RunServices: [Windows SpooltPrint Service] spooltsrv.exe
O4 - HKLM\..\RunServices: [DownNow] downite.exe
O4 - HKLM\..\RunServices: [Vsample] winxpsock.exe
O4 - HKLM\..\RunServices: [lify] yujixit.exe
O4 - HKLM\..\RunServices: [Windows Spoolsre Service] spoolsre.exe
O4 - HKLM\..\RunServices: [Martini] pinmart.exe
O4 - HKLM\..\RunServices: [avbeawd] cxzewa.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Barra de acceso directo de Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: BTTray.lnk = C:\Archivos de programa\DLink\Software Bluetooth\BTTray.exe
O4 - Global Startup: Inicio de Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &Search - http://kz.bar.need2f...earch.html?p=KZ
O8 - Extra context menu item: Enviar a &Bluetooth - C:\Archivos de programa\DLink\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Investigador - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\DLink\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\DLink\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\ARCHIV~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\ARCHIV~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn...eUC/MsnUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFE0DF75-50ED-4B5B-A2BB-7B95C1A25024}: NameServer =
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: 16504 - Unknown owner - \\\Admin$\eraseme_86241.exe (file missing)
O23 - Service: 41723 - Unknown owner - \\\Admin$\eraseme_43352.exe (file missing)
O23 - Service: 55434 - Unknown owner - \\\Admin$\eraseme_62132.exe (file missing)
O23 - Service: 62711 - Unknown owner - \\\Admin$\eraseme_07215.exe (file missing)
O23 - Service: 78267 - Unknown owner - \\\Admin$\eraseme_01274.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Archivos de programa\DLink\Software Bluetooth\bin\btwdins.exe
O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Archivos de programa\ewido\security suite\ewidoguard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Windows Debugger - Unknown owner - C:\WINNT\sysnt.exe
  • 0


Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP