Jump to content


Honorary Members
  • Posts

  • Joined

  • Last visited

Everything posted by elero

  1. That's why I think a progress bar is not necessary
  2. Thank you, so I won't get the trick?
  3. Can anyone send me a PM with details? My wife shouldn't run with admin account
  4. Is that true? No update in limited user account?
  5. Will MBAM also get this icon?
  6. You can try TrendMicro HouseCall which also works with Firefox instead of Panda Active Scan
  7. Thank you for MBAM and the great help!
  8. IceSword did it, the keys are gone Thank you for your help!
  9. Hello! The machine can get onto this forum and AVG updates! But it seems that there are some registry keys that can't be deleted: HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gaopdxserv.sys\modules HKEY_LOCAL_MACHINE\System\ControlSet003\Services\gaopdxserv.sys\modules I tried to delete it with regedit, but I got the message that the keys couldn't be deleted Is there any way to get rid of these keys?
  10. Sorry, it seems that AVG Anti-Rootkit has deleted the file? MBAM log file is clean now: Malwarebytes' Anti-Malware 1.33 Database version: 1666 Windows 5.1.2600 Service Pack 3 19.01.2009 13:46:32 mbam-log-2009-01-19 (13-46-32).txt Scan type: Quick Scan Objects scanned: 54274 Time elapsed: 3 minute(s), 43 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ___________________________________________________________ RootRepeal: Drivers: Found 134 drivers (0 hidden)! Processes: Found 38 processes (0 hidden, 0 locked) Stealth Objects: Found 116 stealth objects! Hidden Services: Found 1 hidden services! When I want to copy the file I get this: (see screenshot) So the machine isn't clean?
  11. ROOTREPEAL © AD, 2007-2008 ================================================== Scan Time: 2009/01/19 11:07 Program Version: Version Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: 1394BUS.SYS Image Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS Address: 0xF7607000 Size: 57344 File Visible: - Status: - Name: Aavmker4.SYS Image Path: C:\WINDOWS\System32\Drivers\Aavmker4.SYS Address: 0xF77AF000 Size: 19072 File Visible: - Status: - Name: ACPI.sys Image Path: ACPI.sys Address: 0xF748F000 Size: 188800 File Visible: - Status: - Name: ACPI_HAL Image Path: \Driver\ACPI_HAL Address: 0x804D7000 Size: 2265088 File Visible: - Status: - Name: afd.sys Image Path: C:\WINDOWS\System32\drivers\afd.sys Address: 0xB6E1A000 Size: 138496 File Visible: - Status: - Name: arp1394.sys Image Path: C:\WINDOWS\system32\DRIVERS\arp1394.sys Address: 0xF7877000 Size: 60800 File Visible: - Status: - Name: aswFsBlk.sys Image Path: C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys Address: 0xF77EF000 Size: 32768 File Visible: - Status: - Name: aswMon2.SYS Image Path: C:\WINDOWS\System32\Drivers\aswMon2.SYS Address: 0xB67B7000 Size: 87296 File Visible: - Status: - Name: aswRdr.SYS Image Path: C:\WINDOWS\System32\Drivers\aswRdr.SYS Address: 0xB5386000 Size: 15136 File Visible: - Status: - Name: aswSP.SYS Image Path: C:\WINDOWS\System32\Drivers\aswSP.SYS Address: 0xB6D37000 Size: 131072 File Visible: - Status: - Name: aswTdi.SYS Image Path: C:\WINDOWS\System32\Drivers\aswTdi.SYS Address: 0xF740E000 Size: 41152 File Visible: - Status: - Name: atapi.sys Image Path: atapi.sys Address: 0xF796F000 Size: 98304 File Visible: - Status: - Name: atapi.sys Image Path: atapi.sys Address: 0x00000000 Size: 0 File Visible: - Status: - Name: atksgt.sys Image Path: C:\WINDOWS\system32\DRIVERS\atksgt.sys Address: 0xB56D8000 Size: 271360 File Visible: - Status: - Name: atl01_xp.sys Image Path: C:\WINDOWS\system32\DRIVERS\atl01_xp.sys Address: 0xBA6DD000 Size: 35840 File Visible: - Status: - Name: ATMFD.DLL Image Path: C:\WINDOWS\System32\ATMFD.DLL Address: 0xBFFA9000 Size: 286720 File Visible: - Status: - Name: audstub.sys Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys Address: 0xF7AC0000 Size: 3072 File Visible: - Status: - Name: Beep.SYS Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS Address: 0xF79D3000 Size: 4224 File Visible: - Status: - Name: BOOTVID.dll Image Path: C:\WINDOWS\system32\BOOTVID.dll Address: 0xF7897000 Size: 12288 File Visible: - Status: - Name: Cdfs.SYS Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS Address: 0xBAF4E000 Size: 63744 File Visible: - Status: - Name: cdrom.sys Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys Address: 0xBA69D000 Size: 62976 File Visible: - Status: - Name: CLASSPNP.SYS Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS Address: 0xF7657000 Size: 53248 File Visible: - Status: - Name: disk.sys Image Path: disk.sys Address: 0xF7647000 Size: 36352 File Visible: - Status: - Name: dmio.sys Image Path: dmio.sys Address: 0xF7832000 Size: 154112 File Visible: - Status: - Name: dmload.sys Image Path: dmload.sys Address: 0xF798B000 Size: 5888 File Visible: - Status: - Name: drmk.sys Image Path: C:\WINDOWS\system32\drivers\drmk.sys Address: 0xF744E000 Size: 61440 File Visible: - Status: - Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xB6C9D000 Size: 98304 File Visible: No Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF79E3000 Size: 8192 File Visible: No Status: - Name: Dxapi.sys Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys Address: 0xB6E92000 Size: 12288 File Visible: - Status: - Name: dxg.sys Image Path: C:\WINDOWS\System32\drivers\dxg.sys Address: 0xBF9C3000 Size: 73728 File Visible: - Status: - Name: dxgthk.sys Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys Address: 0xF7A9B000 Size: 4096 File Visible: - Status: - Name: Fips.SYS Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS Address: 0xBAFAE000 Size: 44672 File Visible: - Status: - Name: fltmgr.sys Image Path: fltmgr.sys Address: 0xBAFE0000 Size: 129792 File Visible: - Status: - Name: Fs_Rec.SYS Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS Address: 0xF79D1000 Size: 7936 File Visible: - Status: - Name: ftdisk.sys Image Path: ftdisk.sys Address: 0xF7858000 Size: 126336 File Visible: - Status: - Name: gaopdxcfqxblak.sys Image Path: C:\WINDOWS\system32\drivers\gaopdxcfqxblak.sys Address: 0xB6F50000 Size: 163840 File Visible: - Status: Hidden from Windows API! Name: GEARAspiWDM.sys Image Path: C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys Address: 0xBAB72000 Size: 9984 File Visible: - Status: - Name: hal.dll Image Path: C:\WINDOWS\system32\hal.dll Address: 0x80700000 Size: 134400 File Visible: - Status: - Name: HDAudBus.sys Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys Address: 0xB999E000 Size: 163840 File Visible: - Status: - Name: HIDCLASS.SYS Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS Address: 0xBAF6E000 Size: 36864 File Visible: - Status: - Name: HIDPARSE.SYS Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS Address: 0xF776F000 Size: 28672 File Visible: - Status: - Name: hidusb.sys Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys Address: 0xB6F40000 Size: 10368 File Visible: - Status: - Name: HTTP.sys Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys Address: 0xB5155000 Size: 264832 File Visible: - Status: - Name: imapi.sys Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys Address: 0xBA6AD000 Size: 42112 File Visible: - Status: - Name: intelppm.sys Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys Address: 0xBA6ED000 Size: 40448 File Visible: - Status: - Name: ipnat.sys Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys Address: 0xB6E64000 Size: 152832 File Visible: - Status: - Name: ipsec.sys Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys Address: 0xB6F15000 Size: 75264 File Visible: - Status: - Name: isapnp.sys Image Path: isapnp.sys Address: 0xF7617000 Size: 37632 File Visible: - Status: - Name: kbdclass.sys Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys Address: 0xBA629000 Size: 25216 File Visible: - Status: - Name: kbdhid.sys Image Path: C:\WINDOWS\system32\DRIVERS\kbdhid.sys Address: 0xB6F2C000 Size: 14720 File Visible: - Status: - Name: KDCOM.DLL Image Path: C:\WINDOWS\system32\KDCOM.DLL Address: 0xF7987000 Size: 8192 File Visible: - Status: - Name: kmixer.sys Image Path: C:\WINDOWS\system32\drivers\kmixer.sys Address: 0xB4CC3000 Size: 172416 File Visible: - Status: - Name: ks.sys Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys Address: 0xB9943000 Size: 143360 File Visible: - Status: - Name: KSecDD.sys Image Path: KSecDD.sys Address: 0xBAF17000 Size: 92288 File Visible: - Status: - Name: lirsgt.sys Image Path: C:\WINDOWS\system32\DRIVERS\lirsgt.sys Address: 0xF7817000 Size: 18048 File Visible: - Status: - Name: mnmdd.SYS Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS Address: 0xF79D5000 Size: 4224 File Visible: - Status: - Name: mouclass.sys Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys Address: 0xBA621000 Size: 23552 File Visible: - Status: - Name: mouhid.sys Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys Address: 0xB6F34000 Size: 12288 File Visible: - Status: - Name: MountMgr.sys Image Path: MountMgr.sys Address: 0xF7627000 Size: 42368 File Visible: - Status: - Name: mrxdav.sys Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys Address: 0xB5743000 Size: 180608 File Visible: - Status: - Name: mrxsmb.sys Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys Address: 0xB6D7F000 Size: 455296 File Visible: - Status: - Name: Msfs.SYS Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS Address: 0xF778F000 Size: 19072 File Visible: - Status: - Name: msgpc.sys Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys Address: 0xF76D7000 Size: 35072 File Visible: - Status: - Name: mssmbios.sys Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys Address: 0xF7923000 Size: 15488 File Visible: - Status: - Name: Mup.sys Image Path: Mup.sys Address: 0xBAE43000 Size: 105344 File Visible: - Status: - Name: NDIS.sys Image Path: NDIS.sys Address: 0xBAE5D000 Size: 182656 File Visible: - Status: - Name: ndistapi.sys Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys Address: 0xBAB6A000 Size: 10112 File Visible: - Status: - Name: ndisuio.sys Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys Address: 0xB6D5B000 Size: 14592 File Visible: - Status: - Name: ndiswan.sys Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys Address: 0xB992C000 Size: 91520 File Visible: - Status: - Name: NDProxy.SYS Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS Address: 0xF745E000 Size: 40576 File Visible: - Status: - Name: netbios.sys Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys Address: 0xBAFBE000 Size: 34688 File Visible: - Status: - Name: netbt.sys Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys Address: 0xB6E3C000 Size: 162816 File Visible: - Status: - Name: nic1394.sys Image Path: C:\WINDOWS\system32\DRIVERS\nic1394.sys Address: 0xBA6CD000 Size: 61824 File Visible: - Status: - Name: Npfs.SYS Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS Address: 0xF7797000 Size: 30848 File Visible: - Status: - Name: Ntfs.sys Image Path: Ntfs.sys Address: 0xBAE8A000 Size: 574976 File Visible: - Status: - Name: ntoskrnl.exe Image Path: C:\WINDOWS\system32\ntoskrnl.exe Address: 0x804D7000 Size: 2265088 File Visible: - Status: - Name: Null.SYS Image Path: C:\WINDOWS\System32\Drivers\Null.SYS Address: 0xB70B7000 Size: 2944 File Visible: - Status: - Name: nv4_disp.dll Image Path: C:\WINDOWS\System32\nv4_disp.dll Address: 0xBF9D5000 Size: 6111232 File Visible: - Status: - Name: nv4_mini.sys Image Path: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys Address: 0xB99DA000 Size: 6557408 File Visible: - Status: - Name: ohci1394.sys Image Path: ohci1394.sys Address: 0xF75F7000 Size: 61696 File Visible: - Status: - Name: parport.sys Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys Address: 0xB9966000 Size: 80384 File Visible: - Status: - Name: PartMgr.sys Image Path: PartMgr.sys Address: 0xF770F000 Size: 19712 File Visible: - Status: - Name: ParVdm.SYS Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS Address: 0xB6691000 Size: 7040 File Visible: - Status: - Name: pci.sys Image Path: pci.sys Address: 0xF747E000 Size: 68224 File Visible: - Status: - Name: PCI_PNP2096 Image Path: \Driver\PCI_PNP2096 Address: 0x00000000 Size: 0 File Visible: No Status: - Name: pciide.sys Image Path: pciide.sys Address: 0xF7A4F000 Size: 3328 File Visible: - Status: - Name: PCIIDEX.SYS Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS Address: 0xF7707000 Size: 28672 File Visible: - Status: - Name: PnpManager Image Path: \Driver\PnpManager Address: 0x804D7000 Size: 2265088 File Visible: - Status: - Name: portcls.sys Image Path: C:\WINDOWS\system32\drivers\portcls.sys Address: 0xB70FA000 Size: 147456 File Visible: - Status: - Name: psched.sys Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys Address: 0xB991B000 Size: 69120 File Visible: - Status: - Name: ptilink.sys Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys Address: 0xBA639000 Size: 17792 File Visible: - Status: - Name: PxHelp20.sys Image Path: PxHelp20.sys Address: 0xF7667000 Size: 35712 File Visible: - Status: - Name: rasacd.sys Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys Address: 0xB8708000 Size: 8832 File Visible: - Status: - Name: rasl2tp.sys Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys Address: 0xF76A7000 Size: 51328 File Visible: - Status: - Name: raspppoe.sys Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys Address: 0xF76B7000 Size: 41472 File Visible: - Status: - Name: raspptp.sys Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys Address: 0xF76C7000 Size: 48384 File Visible: - Status: - Name: raspti.sys Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys Address: 0xBA631000 Size: 16512 File Visible: - Status: - Name: RAW Image Path: \FileSystem\RAW Address: 0x804D7000 Size: 2265088 File Visible: - Status: - Name: rdbss.sys Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys Address: 0xB6DEF000 Size: 175744 File Visible: - Status: - Name: RDPCDD.sys Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys Address: 0xF79D7000 Size: 4224 File Visible: - Status: - Name: rdpdr.sys Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys Address: 0xB98DA000 Size: 196224 File Visible: - Status: - Name: redbook.sys Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys Address: 0xF7697000 Size: 57728 File Visible: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xF76E7000 Size: 45056 File Visible: No Status: - Name: RtkHDAud.sys Image Path: C:\WINDOWS\system32\drivers\RtkHDAud.sys Address: 0xB711E000 Size: 4927488 File Visible: - Status: - Name: SCSIPORT.SYS Image Path: C:\WINDOWS\System32\Drivers\SCSIPORT.SYS Address: 0xF74BE000 Size: 98304 File Visible: - Status: - Name: serenum.sys Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys Address: 0xBAB76000 Size: 15744 File Visible: - Status: - Name: serial.sys Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys Address: 0xBA6BD000 Size: 65536 File Visible: - Status: - Name: spcu.sys Image Path: spcu.sys Address: 0xF74D6000 Size: 1048576 File Visible: No Status: - Name: sptd Image Path: \Driver\sptd Address: 0x00000000 Size: 0 File Visible: No Status: - Name: sr.sys Image Path: sr.sys Address: 0xBAFCE000 Size: 73472 File Visible: - Status: - Name: srv.sys Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys Address: 0xB557E000 Size: 333952 File Visible: - Status: - Name: swenum.sys Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys Address: 0xF79C5000 Size: 4352 File Visible: - Status: - Name: sysaudio.sys Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys Address: 0xB664B000 Size: 60800 File Visible: - Status: - Name: tcpip.sys Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys Address: 0xB6EBC000 Size: 361600 File Visible: - Status: - Name: TDI.SYS Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS Address: 0xBA641000 Size: 20480 File Visible: - Status: - Name: termdd.sys Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys Address: 0xF76F7000 Size: 40704 File Visible: - Status: - Name: tmcomm.sys Image Path: C:\WINDOWS\system32\drivers\tmcomm.sys Address: 0xB55D0000 Size: 97280 File Visible: - Status: - Name: update.sys Image Path: C:\WINDOWS\system32\DRIVERS\update.sys Address: 0xB9828000 Size: 384768 File Visible: - Status: - Name: usbccgp.sys Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys Address: 0xF77B7000 Size: 32128 File Visible: - Status: - Name: USBD.SYS Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS Address: 0xF79CF000 Size: 8192 File Visible: - Status: - Name: usbehci.sys Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys Address: 0xBA649000 Size: 30208 File Visible: - Status: - Name: usbhub.sys Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys Address: 0xF742E000 Size: 59520 File Visible: - Status: - Name: USBPORT.SYS Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS Address: 0xB997A000 Size: 147456 File Visible: - Status: - Name: usbprint.sys Image Path: C:\WINDOWS\system32\DRIVERS\usbprint.sys Address: 0xF7787000 Size: 25856 File Visible: - Status: - Name: usbuhci.sys Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys Address: 0xBA651000 Size: 20608 File Visible: - Status: - Name: vga.sys Image Path: C:\WINDOWS\System32\drivers\vga.sys Address: 0xF7777000 Size: 20992 File Visible: - Status: - Name: VIDEOPRT.SYS Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS Address: 0xB99C6000 Size: 81920 File Visible: - Status: - Name: VolSnap.sys Image Path: VolSnap.sys Address: 0xF7637000 Size: 53760 File Visible: - Status: - Name: wanarp.sys Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys Address: 0xF7887000 Size: 34560 File Visible: - Status: - Name: watchdog.sys Image Path: C:\WINDOWS\System32\watchdog.sys Address: 0xF77BF000 Size: 20480 File Visible: - Status: - Name: wdmaud.sys Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys Address: 0xB59A0000 Size: 83072 File Visible: - Status: - Name: Win32k Image Path: \Driver\Win32k Address: 0xBF800000 Size: 1847296 File Visible: - Status: - Name: win32k.sys Image Path: C:\WINDOWS\System32\win32k.sys Address: 0xBF800000 Size: 1847296 File Visible: - Status: - Name: WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\WMILIB.SYS Address: 0xF7989000 Size: 8192 File Visible: - Status: - Name: WMIxWDM Image Path: \Driver\WMIxWDM Address: 0x804D7000 Size: 2265088 File Visible: - Status: -
  12. elero


    So I also have to format the USB stick?
  13. I can't find the file in Windows Explorer, why this? Hidden files are visible AVG update doesn't work and I can't connect to this forum on the infected machine
  14. elero


  15. Malwarebytes' Anti-Malware 1.33 Database version: 1665 Windows 5.1.2600 Service Pack 3 18.01.2009 14:02:31 mbam-log-2009-01-18 (14-02-27).txt Scan type: Quick Scan Objects scanned: 54417 Time elapsed: 2 minute(s), 21 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\gaopdxxwhowipl.dll (Trojan.DNSChanger) -> No action taken. ________________________________________________________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:18:25, on 18.01.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programme\Lexmark 1200 Series\lxczbmgr.exe C:\Programme\FreePDF_XP\fpassist.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Lexmark 1200 Series\lxczbmon.exe C:\Programme\Winamp\winampa.exe C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Programme\Java\jre6\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Programme\AVG\AVG8\avgui.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\AVG\AVG8\avgscanx.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Dokumente und Einstellungen\Bia\Desktop\trendmicro.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orf.at/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Programme\Lexmark 1200 Series\lxczbmgr.exe" O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\jp2iexp.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra button: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 6470 bytes
  16. elero


    No, what's that? I also think it is an infection, because I can't connect to this forum on the other machine One file can't be deleted by MBAM How can I get rid of this: Files Infected: C:\WINDOWS\system32\gaopdxxwhowipl.dll (Trojan.DNSChanger) -> No action taken. mbam_log_2009_01_18__14_02_27_.txt mbam_log_2009_01_18__14_02_27_.txt
  17. elero


    The same goes for Daemon Tools? mbam_log_2009_01_18__02_22_41_.txt mbam_log_2009_01_18__02_22_41_.txt
  18. http://www.wilderssecurity.com/showpost.ph...amp;postcount=8 B)
  19. So I shouldn't save any exe-files in the C:\Users\ directory?
  20. What about the rootkit detection rate of MBAM compared to F-Secure Blacklight? Do i still need F-Secure Blacklight? (also see http://www.malwarebytes.org/forums/index.php?showtopic=4131)
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.