Jump to content

Lee20

Members
  • Posts

    7
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi Sceen317, I thank you so much for walking me through these steps. I updated Adobe Reader and hope I can remain malware-free from nowon. I guess this thread can closed now. Thanks for your time, Greetz, Lee
  2. Hello again, as I mentioned before, there are currently no noticeable issues. I am just trying to make sure every part of the malware has been removed. Everything is running fine as far as I can tell. AhnLab-V3 2011.03.06.02 2011.03.06 - AntiVir 7.11.4.71 2011.03.04 - Antiy-AVL 2.0.3.7 2011.03.06 - Avast 4.8.1351.0 2011.02.23 - Avast5 5.0.677.0 2011.03.05 - AVG 10.0.0.1190 2011.03.05 - BitDefender 7.2 2011.03.06 - CAT-QuickHeal 11.00 2011.03.06 - ClamAV 0.96.4.0 2011.03.05 - Commtouch 5.2.11.5 2011.03.05 - Comodo 7890 2011.03.06 - DrWeb 5.0.2.03300 2011.03.06 - Emsisoft 5.1.0.2 2011.03.06 - eSafe 7.0.17.0 2011.03.03 - eTrust-Vet 36.1.8198 2011.03.04 - F-Prot 4.6.2.117 2011.03.05 - F-Secure 9.0.16440.0 2011.03.06 - Fortinet 4.2.254.0 2011.03.06 - GData 21 2011.03.06 - Ikarus T3.1.1.97.0 2011.03.06 - Jiangmin 13.0.900 2011.03.06 - K7AntiVirus 9.92.4032 2011.03.05 - Kaspersky 7.0.0.125 2011.03.06 - McAfee 5.400.0.1158 2011.03.06 - McAfee-GW-Edition 2010.1C 2011.03.06 - Microsoft 1.6603 2011.03.06 - NOD32 5929 2011.03.06 - Norman 6.07.03 2011.03.05 - nProtect 2011-02-10.01 2011.02.15 - Panda 10.0.3.5 2011.03.05 - PCTools 7.0.3.5 2011.03.06 - Prevx 3.0 2011.03.06 - Rising 23.47.06.03 2011.03.06 - Sophos 4.63.0 2011.03.06 - SUPERAntiSpyware 4.40.0.1006 2011.03.05 - Symantec 20101.3.0.103 2011.03.06 - TheHacker 6.7.0.1.145 2011.03.06 - TrendMicro 9.200.0.1012 2011.03.06 - TrendMicro-HouseCall 9.200.0.1012 2011.03.06 - VBA32 3.12.14.3 2011.03.04 - VIPRE 8613 2011.03.06 - ViRobot 2011.3.6.4343 2011.03.05 - VirusBuster 13.6.236.0 2011.03.05 - Additional information Show all MD5 : eb77db354791a5932ca559b6f6374e95 SHA1 : 3b29aa577ea3830aae462b31239db6f7752d5a92 SHA256: 113816d464941c92a952f5593552e889cfda7e0389dc1b64031c3077c3cf7043 ssdeep: 6144:rK2j7VA5sHXPdamGdWY9r3NUrLwsG6Z3xAsuwKN2m/fN7:uoVIqMmGdWY9NUvKsLXm/l7 File size : 442880 bytes First seen: 2011-02-27 13:28:41 Last seen : 2011-03-06 09:51:31 Magic: PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit TrID: DirectShow filter (77.7%) Win32 Executable MS Visual C++ (generic) (14.5%) Win32 Executable Generic (3.2%) Win32 Dynamic Link Library (generic) (2.9%) Generic Win/DOS Executable (0.7%) sigcheck: publisher....: Microsoft Corporation copyright....: © Microsoft Corporation. All rights reserved. product......: Microsoft_ Windows_ Operating System description..: Shell extensions for sharing original name: ntshrui.dll internal name: ntshrui file version.: 6.1.7601.17514 (win7sp1_rtm.101119-1850) comments.....: n/a signers......: - signing date.: - verified.....: Unsigned PEiD: - PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x1F65 timedatestamp....: 0x4CE7B97E (Sat Nov 20 12:05:18 2010) machinetype......: 0x14C (Intel I386) [[ 4 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 .text, 0x1000, 0x2E44C, 0x2E600, 6.47, d2313ecbd6d9a888e7fb7142eea43679 .data, 0x30000, 0x1004, 0x1000, 2.69, 38a39fcf6a31c357494b86daa6825c6a .rsrc, 0x32000, 0x3A3F8, 0x3A400, 5.59, 0cf88ab3ad1401d9c44ada312acce3e7 .reloc, 0x6D000, 0x2280, 0x2400, 6.66, cd08d9dc41335fa52b4a9d4e2730b57b [[ 9 import(s) ]] api_ms_win_security_base_l1_1_0.dll: GetSidSubAuthority, GetSecurityDescriptorDacl, EqualPrefixSid, InitializeSecurityDescriptor, MakeAbsoluteSD2, AddAce, DeleteAce, GetFileSecurityW, InitializeAcl, AddAccessDeniedAceEx, AccessCheck, DuplicateToken, IsValidSid, GetLengthSid, CopySid, SetFileSecurityW, GetSidSubAuthorityCount, EqualSid, SetSecurityDescriptorDacl, SetSecurityDescriptorOwner, GetAclInformation, GetAce, GetSecurityDescriptorOwner, IsWellKnownSid, CreateWellKnownSid, GetSecurityDescriptorLength, IsValidSecurityDescriptor, MakeSelfRelativeSD, GetTokenInformation, SetSecurityDescriptorControl, AddAccessAllowedAceEx, GetSecurityDescriptorControl, MapGenericMask gdi32.dll: GetDeviceCaps, GetStockObject, GetLayout, SetBkMode, GetTextExtentPoint32W, GetTextMetricsW, CreateFontW, SelectObject, SetTextColor, DeleteObject kernel32.dll: GetModuleHandleW, MulDiv, GlobalSize, SetErrorMode, WideCharToMultiByte, LoadResource, LockResource, GetComputerNameExW, SetUnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, InterlockedExchange, LoadLibraryExA, InterlockedCompareExchange, DelayLoadFailureHook, InitializeCriticalSectionAndSpinCount, GlobalAlloc, GlobalFree, GlobalLock, GlobalUnlock, GetUserDefaultLCID, FindFirstFileW, FindNextFileW, FindClose, CompareStringW, GetFileAttributesW, GetCurrentThread, GetCurrentProcess, GetSystemDirectoryW, GetVolumePathNameW, GetVolumeInformationW, FormatMessageW, CreateMutexW, WaitForSingleObject, ReleaseMutex, CloseHandle, lstrcmpiW, FreeLibrary, GetWindowsDirectoryW, GetDriveTypeW, InitOnceExecuteOnce, DisableThreadLibraryCalls, Sleep, HeapFree, GetProcessHeap, HeapAlloc, CompareStringOrdinal, LocalReAlloc, DeleteCriticalSection, InitializeCriticalSection, LeaveCriticalSection, EnterCriticalSection, GetComputerNameW, GetLastError, lstrlenW, LocalAlloc, SetLastError, LoadLibraryW, GetProcAddress, LocalFree, InterlockedDecrement, InterlockedIncrement, FindResourceExW, CreateActCtxW, ReleaseActCtx, ActivateActCtx, DeactivateActCtx, GetModuleFileNameW, GetLocaleInfoW, UnhandledExceptionFilter, GetUserDefaultUILanguage msvcrt.dll: memset, wcschr, _wcsnicmp, _vsnwprintf, _wcsicmp, memcpy, towlower, memmove, _XcptFilter, malloc, free, _initterm, _amsg_exit, _unlock, __dllonexit, _lock, iswalpha, _onexit, _except_handler4_common ntdll.dll: RtlInitUnicodeString, RtlMapGenericMask, RtlDosPathNameToNtPathName_U, NtOpenFile, EtwTraceMessage, EtwGetTraceEnableFlags, EtwGetTraceEnableLevel, EtwGetTraceLoggerHandle, EtwRegisterTraceGuidsW, EtwUnregisterTraceGuids, EtwEventRegister, EtwEventUnregister, EtwEventWrite, WinSqmAddToStream, WinSqmIsOptedIn, RtlFreeUnicodeString, RtlCreateUnicodeString, RtlNtStatusToDosError propsys.dll: PropVariantToBoolean, PropVariantToUInt32, PropVariantToStringAlloc, PropVariantToGUID, VariantToBuffer shell32.dll: SHGetFolderPathW, SHCreateShellItemArrayFromDataObject, -, -, SHGetFileInfoW, SHCreateItemWithParent, -, ShellExecuteW, ShellExecuteExW, SHGetIDListFromObject, -, -, -, -, -, SHCreateItemFromParsingName, -, -, -, SHCreateShellItemArrayFromIDLists, SHParseDisplayName, SHChangeNotify, SHCreateShellItemArrayFromShellItem, SHCreateItemFromIDList, SHGetFolderPathEx, SHGetKnownFolderItem shlwapi.dll: SHSetValueW, -, -, -, -, -, SHGetValueW, PathCombineW, -, PathCanonicalizeW, PathBuildRootW, PathGetDriveNumberW, PathRemoveFileSpecW, StrStrW, -, StrDupW, StrCmpIW, PathAppendW, PathIsDirectoryW, PathFileExistsW, PathStripToRootW, SHStrDupA, -, StrRChrW, -, -, -, -, -, -, -, StrChrW, PathRemoveBackslashW, PathIsUNCW, StrCSpnW, PathRemoveBlanksW, PathFindFileNameW, PathCommonPrefixW, SHStrDupW, -, -, SHRegGetValueW, -, PathIsRootW, PathIsNetworkPathW, -, -, -, -, - user32.dll: DialogBoxParamW, IsProcessDPIAware, CreatePopupMenu, InsertMenuItemW, InsertMenuW, GetLastActivePopup, SwitchToThisWindow, RegisterClassW, GetCursorPos, UnregisterClassW, DefWindowProcW, FindWindowW, GetClassNameW, CreateWindowExW, GetWindow, DeleteMenu, GetAncestor, FlashWindowEx, OpenClipboard, EmptyClipboard, SetClipboardData, CloseClipboard, MapDialogRect, SetWindowPos, GetKeyState, GetWindowTextLengthW, GetWindowTextW, RegisterClipboardFormatW, ClientToScreen, LoadMenuW, GetSubMenu, GetMenuItemCount, GetMenuItemInfoW, SetMenuItemInfoW, SetForegroundWindow, TrackPopupMenu, DestroyMenu, GetSysColor, LoadIconW, DestroyIcon, GetDC, DrawTextW, ReleaseDC, LoadCursorW, SetCursor, GetSystemMetrics, IsWindowVisible, GetClientRect, BeginDeferWindowPos, DeferWindowPos, EndDeferWindowPos, GetWindowRect, MapWindowPoints, DestroyWindow, PostMessageW, SetWindowTextW, EndDialog, GetDlgItemTextW, CheckRadioButton, SetFocus, IsDlgButtonChecked, SetDlgItemTextW, ShowWindow, SendDlgItemMessageW, GetDlgItem, CheckDlgButton, EnableWindow, GetParent, SetWindowLongW, GetWindowLongW, SendMessageW, LoadStringW [[ 15 export(s) ]] CanShareFolder, DllCanUnloadNow, DllGetClassObject, GetLocalPathFromNetResource, GetLocalPathFromNetResourceA, GetLocalPathFromNetResourceW, GetNetResourceFromLocalPath, GetNetResourceFromLocalPathA, GetNetResourceFromLocalPathW, IsFolderPrivateForUser, IsPathShared, IsPathSharedA, IsPathSharedW, SetFolderPermissionsForSharing, ShowShareFolderUI ExifTool: file metadata CharacterSet: Unicode CodeSize: 189952 CompanyName: Microsoft Corporation EntryPoint: 0x1f65 FileDescription: Shell extensions for sharing FileFlagsMask: 0x003f FileOS: Windows NT 32-bit FileSize: 432 kB FileSubtype: 0 FileType: Win32 DLL FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850) FileVersionNumber: 6.1.7601.17514 ImageVersion: 6.1 InitializedDataSize: 252416 InternalName: ntshrui LanguageCode: English (U.S.) LegalCopyright: Microsoft Corporation. All rights reserved. LinkerVersion: 9.0 MIMEType: application/octet-stream MachineType: Intel 386 or later, and compatibles OSVersion: 6.1 ObjectFileType: Executable application OriginalFilename: ntshrui.dll PEType: PE32 ProductName: Microsoft Windows Operating System ProductVersion: 6.1.7601.17514 ProductVersionNumber: 6.1.7601.17514 Subsystem: Windows GUI SubsystemVersion: 6.1 TimeStamp: 2010:11:20 13:05:18+01:00 UninitializedDataSize: 0 VT Community 0 This file has never been reviewed by any VT Community member. Be the first one to comment on it! ESET found no infects - log file : ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK Securitycheck Log Results of screen317's Security Check version 0.99.9 Windows 7 (UAC is enabled) Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Avira AntiVir Personal - Free Antivirus WMI entry may not exist for antivirus; attempting automatic update. Avira successfully updated! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 24 Adobe Flash Player 10.2.152.26 Adobe Reader 9.4.2 - Deutsch Out of date Adobe Reader installed! Mozilla Firefox (3.6.15) ```````````````````````````````` Process Check: objlist.exe by Laurent Avira Antivir avgnt.exe Avira Antivir avguard.exe ``````````End of Log```````````` I really hope there is nothing to find and I can safely go back to using the comp. for private purposes. Thanks, Lee
  3. Hi, here are the 2 logs. I just noticed avira reactivated after the combofix reboot and was aktive while dds ran, I hope this didnt cause any problems. Thank you again for spending your time checking if all is clean or not, it really helps me alot! DDS Log DDS (Ver_10-12-12.02) - NTFS_AMD64 Run by Lee Sch at 2:51:10,39 on 02.03.2011 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4027.2667 [GMT 1:00] AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} ============== Running Processes =============== C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\nvvsvc.exe C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\WLANExt.exe C:\windows\system32\conhost.exe C:\windows\System32\spoolsv.exe C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\windows\system32\rundll32.exe C:\windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe C:\windows\system32\conhost.exe C:\windows\system32\svchost.exe -k imgsvc C:\windows\system32\ThpSrv.exe C:\windows\system32\TODDSrv.exe C:\windows\system32\nvvsvc.exe C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe C:\Program Files\TOSHIBA\TECO\TecoService.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\windows\system32\SearchIndexer.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files\Toshiba\Power Saver\TPwrMain.exe C:\Program Files\Toshiba\SmoothView\SmoothView.exe C:\Program Files\Toshiba\FlashCards\TCrdMain.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\ThpSrv.exe C:\Program Files\Toshiba\TECO\Teco.exe C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe C:\Program Files (x86)\Logitech\SetPoint\SetPoint.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe C:\windows\system32\taskeng.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\servicing\TrustedInstaller.exe C:\windows\system32\wuauclt.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\windows\system32\DllHost.exe C:\windows\system32\DllHost.exe C:\Users\Lee Sch\Desktop\dds.scr C:\windows\system32\conhost.exe C:\windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://toshiba.msn.com uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll mRun: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe mRun: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" dRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Logitech\SetPoint\SetPoint.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Free YouTube to Mp3 Converter - C:\Users\Lee Sch\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm IE: Nach Microsoft &Excel exportieren - C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL {9030D464-4C02-4ABF-8ECC-5164760863C6} {B164E929-A1B6-4A06-B104-2CD0E90A88FF} {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE mRun-x64: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe mRun-x64: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s mRun-x64: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun-x64: [ThpSrv] C:\windows\system32\thpsrv /logon mRun-x64: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r mRun-x64: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe mRun-x64: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe mRun-x64: [smartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe mRun-x64: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe mRun-x64: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe mRun-x64: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE ================= FIREFOX =================== FF - ProfilePath - C:\Users\LEESCH~1\AppData\Roaming\Mozilla\Firefox\Profiles\fknjbp8e.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=mcafee&p= FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Lee Sch\AppData\Roaming\Mozilla\plugins\npoctoshape.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - C:\Program Files (x86)\McAfee\SiteAdvisor FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} ============= SERVICES / DRIVERS =============== R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\Windows\System32\drivers\thpdrv.sys [2009-6-29 34880] R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\System32\drivers\Thpevm.sys [2009-6-29 14784] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904] R2 AntiVirSchedulerService;Avira AntiVir Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-8-13 135336] R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-8-13 267944] R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-8-13 83120] R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200] R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [2011-2-8 101048] R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2010-4-6 258928] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\System32\drivers\TVALZFL.sys [2009-6-19 14472] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-5-14 2320920] R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-1-10 603896] R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-6-29 70656] R3 enecirhid;ENE CIR HID Receiver;C:\Windows\System32\drivers\enecirhid.sys [2009-5-19 14848] R3 enecirhidma;ENE CIR HIDmini Filter;C:\Windows\System32\drivers\enecirhidma.sys [2008-4-24 6656] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-5-14 56344] R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2010-5-26 164464] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2010-1-28 86120] R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2010-5-14 35008] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-5-14 330856] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560] R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2010-2-23 835952] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 acpials;ALS-Sensorfilter;C:\Windows\System32\drivers\acpials.sys [2009-7-14 9728] S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-5-14 51512] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-24 59392] S4 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-5-14 1800808] =============== Created Last 30 ================ 2011-03-02 01:40:24 -------- d-sh--w- C:\$RECYCLE.BIN 2011-03-02 01:33:37 98816 ----a-w- C:\windows\sed.exe 2011-03-02 01:33:37 89088 ----a-w- C:\windows\MBR.exe 2011-03-02 01:33:37 256512 ----a-w- C:\windows\PEV.exe 2011-03-02 01:33:37 161792 ----a-w- C:\windows\SWREG.exe 2011-02-25 07:41:40 7947600 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{8352A644-7BA7-42EC-AF58-6B0079CC135C}\mpengine.dll 2011-02-24 11:25:07 -------- d-----w- C:\windows\System32\SPReview 2011-02-24 11:24:16 -------- d-----w- C:\windows\System32\EventProviders 2011-02-24 11:20:16 48976 ----a-w- C:\windows\System32\netfxperf.dll 2011-02-24 11:20:16 1942856 ----a-w- C:\windows\System32\dfshim.dll 2011-02-24 11:20:09 1130824 ----a-w- C:\windows\SysWow64\dfshim.dll 2011-02-24 11:20:06 5563776 ----a-w- C:\windows\System32\ntoskrnl.exe 2011-02-24 11:20:04 59392 ----a-w- C:\windows\System32\drivers\TsUsbFlt.sys 2011-02-24 11:20:04 3715584 ----a-w- C:\windows\System32\mstscax.dll 2011-02-24 11:20:04 1838080 ----a-w- C:\windows\System32\d3d10warp.dll 2011-02-24 11:20:04 14967808 ----a-w- C:\Program Files\DVD Maker\OmdBase.dll 2011-02-24 11:20:04 12288 ----a-w- C:\windows\System32\TsUsbRedirectionGroupPolicyExtension.dll 2011-02-24 11:20:02 3215872 ----a-w- C:\windows\SysWow64\mstscax.dll 2011-02-24 11:17:59 94208 ----a-w- C:\windows\SysWow64\eappgnui.dll 2011-02-24 11:16:39 529408 ----a-w- C:\windows\System32\wbemcomn.dll 2011-02-24 11:16:39 524288 ----a-w- C:\windows\System32\wmicmiplugin.dll 2011-02-24 11:16:39 1225216 ----a-w- C:\windows\System32\wbem\wbemcore.dll 2011-02-24 11:16:34 933376 ----a-w- C:\windows\System32\SmiEngine.dll 2011-02-24 11:16:30 199168 ----a-w- C:\windows\System32\PkgMgr.exe 2011-02-24 11:16:14 422912 ----a-w- C:\windows\System32\drvstore.dll 2011-02-24 11:16:14 399872 ----a-w- C:\windows\System32\dpx.dll 2011-02-23 09:08:12 321024 ----a-w- C:\windows\System32\d3d10_1core.dll 2011-02-23 09:08:12 219136 ----a-w- C:\windows\SysWow64\d3d10_1core.dll 2011-02-23 09:08:12 197120 ----a-w- C:\windows\System32\d3d10_1.dll 2011-02-23 09:08:12 161792 ----a-w- C:\windows\SysWow64\d3d10_1.dll 2011-02-23 09:08:11 870912 ----a-w- C:\windows\SysWow64\XpsPrint.dll 2011-02-23 09:08:11 1465344 ----a-w- C:\windows\System32\XpsPrint.dll 2011-02-23 09:08:10 475648 ----a-w- C:\windows\System32\XpsGdiConverter.dll 2011-02-23 09:08:10 288256 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll 2011-02-18 22:51:46 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll 2011-02-18 22:51:46 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll 2011-02-18 12:58:51 214016 ----a-w- C:\windows\System32\winsrv.dll 2011-02-16 09:36:19 38224 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-02-15 22:44:30 -------- d-----w- C:\Program Files (x86)\SpywareBlaster 2011-02-15 22:39:18 -------- d-----w- C:\Users\Lee Sch\AntivirProgs 2011-02-15 22:15:31 -------- d-----w- C:\Users\LEESCH~1\AppData\Roaming\Malwarebytes 2011-02-15 22:15:08 -------- d-----w- C:\PROGRA~3\Malwarebytes 2011-02-15 22:15:05 24152 ----a-w- C:\windows\System32\drivers\mbam.sys 2011-02-15 22:15:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-02-11 14:21:52 -------- d-----w- C:\Users\LEESCH~1\AppData\Local\Installer5404 2011-02-11 14:16:01 -------- d-----w- C:\Users\LEESCH~1\AppData\Local\Installer5840 2011-02-10 10:01:17 -------- d-----w- C:\Program Files (x86)\VideoLAN 2011-02-09 08:37:15 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb 2011-02-09 08:37:15 1638912 ----a-w- C:\windows\System32\mshtml.tlb 2011-02-09 08:37:09 612864 ----a-w- C:\windows\System32\vbscript.dll 2011-02-09 08:37:09 428032 ----a-w- C:\windows\SysWow64\vbscript.dll 2011-02-09 08:37:07 3129344 ----a-w- C:\windows\System32\win32k.sys 2011-02-09 08:37:05 715776 ----a-w- C:\windows\System32\kerberos.dll 2011-02-09 08:37:05 542208 ----a-w- C:\windows\SysWow64\kerberos.dll 2011-02-09 08:36:00 70656 ----a-w- C:\windows\SysWow64\fontsub.dll 2011-02-09 08:36:00 46080 ----a-w- C:\windows\System32\atmlib.dll 2011-02-09 08:36:00 366592 ----a-w- C:\windows\System32\atmfd.dll 2011-02-09 08:36:00 34304 ----a-w- C:\windows\SysWow64\atmlib.dll 2011-02-09 08:36:00 294400 ----a-w- C:\windows\SysWow64\atmfd.dll 2011-02-09 08:36:00 100864 ----a-w- C:\windows\System32\fontsub.dll ==================== Find3M ==================== 2011-02-24 11:31:29 175616 ----a-w- C:\windows\System32\msclmd.dll 2011-02-24 11:31:29 152576 ----a-w- C:\windows\SysWow64\msclmd.dll 2011-02-02 16:11:20 270720 ------w- C:\windows\System32\MpSigStub.exe 2011-01-10 19:09:30 8952 ----a-w- C:\windows\SysWow64\vpncategories.dll 2011-01-10 19:09:01 28920 ----a-w- C:\windows\SysWow64\vpnevents.dll ============= FINISH: 2:51:30,56 =============== ________________________________________________________________________________________________________________ Combofix Log ComboFix 11-02-28.07 - Lee Sch 02.03.2011 2:34.2.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4027.2842 [GMT 1:00] ausgef
  4. Hello again To start of - im not experiencing any issues/problems at the moment. I only noticed the trojan since it doubled the " ^^ `` " symbols and googled it. I am not sure if you need this information, but I found spy.qwas.exe (Trojan.SpyEyes) with MBAM and then deleted it. A scan with Avira then marked JAVA/OpenConnect.AI as an unwanted virus and removed it. (this all happend a few days ago). Currently, neither MBAM nor Avira finds any unwanted programs. My main problem is that not finding anything doesnt mean nothing is there. Here are the logs you requested, i hope the language in the mbam log is no problem since there are no warnings etc. : Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5891 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 27.02.2011 12:33:17 mbam-log-2011-02-27 (12-33-17).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 173248 Laufzeit: 1 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschl
  5. Thank you for the reply. I am still not sure if I am completely clean and if it is possible for you to help me I would thank you for doing so. Greets, Lee
  6. Hello Malwarebytes, I recently ( yesterday ) had a problem with spy.qwas.exe and after I am not sure wether it has been successfully removed after reading through a few threads here. I am using Windows 7 found the infect via Avira and used Malwarebytes quick-scan to remove and then delete all files found. In addition to that, I ran ComboFix. All symptoms seem to be gone but I don't know if all is really safe. A Full Malwarebytes and an Avira scan both showed me 0 infects/warnings. I am a bit worried if it is really gone since it managed to get to my online banking ( which automatically locked up so nothing happend except for me having to reactivate it ). I am not sure which Logs to post since the Malwarebytes log contains no information except for that there are 0 infects etc.. Should i do any further actions? Thanks in advance. Greets, Lee
  7. Hello Maniac, Im not sure if its ok to post this as a reply to this thread but I had the exact same problem with spy.qwas and after reading this thread I am not sure wether it has been successfully removed. I am using Windows 7 and used Malwarebytes quick-scan to remove and then delete all files found. In addition to that, I ran ComboFix. All symptoms seem to be gone but I don't know if all is really safe. Should i do any further actions? Thanks in advance. Greets, Lee
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.