Jump to content

Detected some backdoor trojans


Recommended Posts

This is my malwarebytes's log

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8311

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

12/11/2011 10:49:07 AM
mbam-log-2011-12-11 (10-49-07).txt

Scan type: Quick scan
Objects scanned: 171164
Time elapsed: 10 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\016.exe (Backdoor.CycBot) -> Value: 016.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\B79.exe (Backdoor.CycBot) -> Value: B79.exe -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files (x86)\LP\E518\016.exe (Backdoor.CycBot) -> Quarantined and deleted successfully.

DDS.Txt log

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_27
Run by Silent at 11:03:04 on 2011-12-11
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.2046.888 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
C:\Program Files (x86)\GameTracker\GSInGameService.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Simba\Simba.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\explorer.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\explorer.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.sharewareisland.com
mStart Page = hxxp://www.sharewareisland.com
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:63535
uSearchAssistant = hxxp://www.sharewareisland.com/quicksearch.aspx
mSearchAssistant = hxxp://www.sharewareisland.com/quicksearch.aspx
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
uURLSearchHooks: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo2.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
mURLSearchHooks: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo2.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
BHO: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo2.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
TB: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo2.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\Silent\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
StartupFolder: C:\Users\Silent\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTOSH~1.LNK - C:\Program Files (x86)\Auto Shutdown\AutoShutdown.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{364DEB28-6DEE-44A1-91EA-3D0EF968A93F} : DhcpNameServer = 10.26.32.1
TCP: Interfaces\{55A8E47B-3F02-4ECE-A842-C32F1E49717B} : DhcpNameServer = 10.0.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
BHO-X64: uTorrentBar - No File
BHO-X64: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo2.dll
BHO-X64: Veoh Web Player - No File
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll
TB-X64: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Program Files (x86)\Veoh_Web_Player\prxtbVeo2.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
Hosts: 66.235.120.101 http://www.qbyrd.com/
Hosts: 74.208.10.249 gs.apple.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Silent\AppData\Roaming\Mozilla\Firefox\Profiles\vxio2tv6.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Silent\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Silent\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Myibay Firefox extension: firefox1@myibay.com - %profile%\extensions\firefox1@myibay.com
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Giraffic;Veoh Giraffic Video Accelerator;C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service --> C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service [?]
R2 GS In-Game Service;GS In-Game Service;C:\Program Files (x86)\GameTracker\GSInGameService.exe [2011-4-29 1677096]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2011-10-5 288088]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-9-18 2358656]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2011-9-10 21712]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-12-11 18:47:54 -------- d-----w- C:\Users\Silent\AppData\Roaming\88A6F
2011-12-11 18:47:37 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C33858A2-CD70-4DD3-84D1-889F33875C1B}\offreg.dll
2011-12-11 18:47:26 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C33858A2-CD70-4DD3-84D1-889F33875C1B}\mpengine.dll
2011-12-11 18:45:04 -------- d-----w- C:\Program Files (x86)\LP
2011-12-11 15:50:57 -------- d-----w- C:\Program Files (x86)\6F429
2011-12-11 14:32:47 -------- d-----w- C:\Users\Silent\AppData\Local\{AD6271C8-29A4-487C-BD94-61CB00999FA7}
2011-12-11 14:31:13 -------- d-----w- C:\Users\Silent\AppData\Local\{DF1A17C0-AA2B-470C-842D-5CBD4B61AA62}
2011-12-10 15:47:09 -------- d-----w- C:\Users\Silent\AppData\Local\{07A040ED-3E89-47EF-977A-865A32CCC447}
2011-12-10 15:45:35 -------- d-----w- C:\Users\Silent\AppData\Local\{6C5E98F1-960A-439A-89E0-38D2083994FA}
2011-12-09 14:28:56 -------- d-----w- C:\Users\Silent\AppData\Local\{02CEE87E-0A6B-4697-8C77-BD22586A057F}
2011-12-09 14:27:20 -------- d-----w- C:\Users\Silent\AppData\Local\{86BF1420-0103-43A2-ACE2-5CAEDF8A8719}
2011-12-09 08:09:26 -------- d-----w- C:\Users\Silent\AppData\Local\AutoShutdown
2011-12-09 08:08:43 -------- d-----w- C:\Program Files (x86)\Auto Shutdown
2011-12-08 14:19:47 -------- d-----w- C:\Users\Silent\AppData\Local\{5840E828-F538-46B2-9534-CCF6194633A6}
2011-12-08 14:18:11 -------- d-----w- C:\Users\Silent\AppData\Local\{75D5F7BC-4070-4A28-A61E-9B7B949E390C}
2011-12-07 14:17:22 -------- d-----w- C:\Users\Silent\AppData\Local\{A6D32175-14A1-412D-8A08-8134048FAE32}
2011-12-06 14:22:49 -------- d-----w- C:\Users\Silent\AppData\Local\{0FCCFA7E-9DBA-42D7-AB1B-92086D3184A1}
2011-12-06 14:21:13 -------- d-----w- C:\Users\Silent\AppData\Local\{EA6B59C2-F22D-4A33-B495-F28322CDE287}
2011-12-05 14:24:14 -------- d-----w- C:\Users\Silent\AppData\Local\{5640BACE-38E7-4194-8751-E35BB9C3B498}
2011-12-04 23:11:17 -------- d-----w- C:\Program Files (x86)\Key Mouse Genie
2011-12-04 23:11:10 249856 ------w- C:\Windows\Setup1.exe
2011-12-04 23:11:06 73216 ----a-w- C:\Windows\ST6UNST.EXE
2011-12-04 14:57:38 -------- d-----w- C:\Users\Silent\AppData\Local\{4E27D69A-34EF-4BEF-AC72-769F7797F8B5}
2011-12-04 14:55:58 -------- d-----w- C:\Users\Silent\AppData\Local\{430794BB-E058-46A0-B122-6DEE56D7018B}
2011-12-03 15:29:49 -------- d-----w- C:\Users\Silent\AppData\Local\{114AFBFA-9199-4718-B986-FFE11B05D363}
2011-12-03 15:28:17 -------- d-----w- C:\Users\Silent\AppData\Local\{89AF5009-CE93-4FEB-9180-3FE3418733CE}
2011-12-03 02:13:01 -------- d-----w- C:\Users\Silent\AppData\Local\{3758CEBA-5ED7-466F-859F-E5687B46B250}
2011-12-03 02:12:32 -------- d-----w- C:\Users\Silent\AppData\Local\{01AF1BB8-748D-4AC4-A548-88BC83963F1B}
2011-12-02 20:31:45 -------- d-----w- C:\Users\Silent\AppData\Local\TSVNCache
2011-12-02 20:25:36 -------- d-----w- C:\Users\Silent\AppData\Roaming\TortoiseSVN
2011-12-02 20:21:04 -------- d-----w- C:\Users\Silent\AppData\Roaming\Subversion
2011-12-02 20:20:42 -------- d-----w- C:\Program Files (x86)\Common Files\TortoiseOverlays
2011-12-02 20:20:39 -------- d-----w- C:\Program Files\Common Files\TortoiseOverlays
2011-12-02 20:20:38 -------- d-----w- C:\Program Files\TortoiseSVN
2011-12-02 19:56:26 -------- d-----w- C:\Simba
2011-12-02 19:44:59 348160 ----a-w- C:\Windows\system\msvcr71.dll
2011-12-02 14:12:05 -------- d-----w- C:\Users\Silent\AppData\Local\{99FD21BD-C48F-4EDD-8800-E0F84733B854}
2011-12-02 14:10:44 -------- d-----w- C:\Users\Silent\AppData\Local\{45ED114B-DADF-4182-8AFB-844AF684560D}
2011-12-02 08:18:41 348160 ----a-w- C:\Windows\System32\msvcr71.dll
2011-12-01 07:53:18 -------- d-----w- C:\Users\Silent\AppData\Local\{A943FB5C-5BB1-4CB2-982F-CC4A28ED0CC4}
2011-12-01 07:51:30 -------- d-----w- C:\Users\Silent\AppData\Local\{1214FD65-123E-4541-966B-B6F9131619D9}
2011-11-30 15:50:08 -------- d-----w- C:\Users\Silent\AppData\Local\{856AC223-E866-4CF7-9EC5-706BAA5B1A27}
2011-11-30 15:49:57 -------- d-----w- C:\Users\Silent\AppData\Local\{4D08F30A-1738-4A68-AFBE-357A1FAEE695}
2011-11-30 03:49:29 -------- d-----w- C:\Users\Silent\AppData\Local\{8F1109CE-D850-4CD3-A156-A63F680246F2}
2011-11-30 03:47:54 -------- d-----w- C:\Users\Silent\AppData\Local\{AC484A02-E3F7-4151-ACAE-4AD75DD11841}
2011-11-29 14:19:17 -------- d-----w- C:\Users\Silent\AppData\Local\{B1579EEB-35E1-4444-8B37-09203C95E676}
2011-11-29 14:17:40 -------- d-----w- C:\Users\Silent\AppData\Local\{359AFCAF-0E65-4C83-A1DC-3934E027F0A4}
2011-11-28 14:03:52 -------- d-----w- C:\Users\Silent\AppData\Local\{2DF8C178-D6AE-4298-A65F-EC73EA943B79}
2011-11-28 14:02:34 -------- d-----w- C:\Users\Silent\AppData\Local\{E4E12018-1112-407B-AD55-0D500C99E7FC}
2011-11-27 14:11:46 -------- d-----w- C:\Users\Silent\AppData\Local\{82054EF3-3DF8-489C-A634-7545C4D21525}
2011-11-27 14:10:25 -------- d-----w- C:\ProgramData\DivX
2011-11-27 14:10:11 -------- d-----w- C:\Users\Silent\AppData\Local\{5C1A9FEA-142E-4ABA-8DA9-D4D499C42A76}
2011-11-27 01:19:38 158056 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2011-11-27 00:30:32 -------- d-----w- C:\Users\Silent\AppData\Local\{8A9F3A84-5BF8-4A00-AA8B-CC7EBA3A6AEE}
2011-11-27 00:28:58 -------- d-----w- C:\Users\Silent\AppData\Local\{B070C566-8A0A-48CC-8388-BA6AAA64CE19}
2011-11-27 00:26:26 -------- d-----w- C:\Users\Silent\AppData\Local\{ABA75D94-7F41-47F3-A27D-C3DE1CEF9FEB}
2011-11-24 05:52:34 -------- d-----w- C:\Users\Silent\AppData\Local\{8319C73E-A60E-44AD-92C6-5FDAD4073533}
2011-11-24 05:51:07 -------- d-----w- C:\Users\Silent\AppData\Local\{5A95D510-E74E-4177-94D1-295D58E8C9C9}
2011-11-24 05:47:35 -------- d-----w- C:\Users\Silent\AppData\Local\{7C46EAA1-479D-4517-8C40-17465492823A}
2011-11-24 05:45:53 -------- d-----w- C:\Users\Silent\AppData\Local\{86F1F1AF-3B8D-4FB1-8E5A-564C8A7F7508}
2011-11-23 17:40:39 -------- d-----w- C:\Users\Silent\AppData\Local\{EA554292-F823-4941-9195-3204EA67A222}
2011-11-23 17:39:18 -------- d-----w- C:\Users\Silent\AppData\Local\{14FA9EA3-1A32-4F05-B4BB-D7E82C6B578B}
2011-11-23 14:37:05 -------- d-----w- C:\Users\Silent\AppData\Local\{C2106C28-16AF-406D-AC0F-C5ABA1842376}
2011-11-23 14:22:18 -------- d-----w- C:\Users\Silent\AppData\Local\{C68BED96-6E4E-4970-886C-2F1FD6ADF6CA}
2011-11-22 14:21:32 -------- d-----w- C:\Users\Silent\AppData\Local\{1A7E6184-05E0-4E75-8E48-B56D293AA843}
2011-11-22 14:19:57 -------- d-----w- C:\Users\Silent\AppData\Local\{B51CBAB2-2A88-48F9-9CC9-CD1FB9B2A571}
2011-11-21 14:37:46 -------- d-----w- C:\Users\Silent\AppData\Local\{86DC5C39-4B04-437A-8F33-AB93A092E136}
2011-11-21 14:36:09 -------- d-----w- C:\Users\Silent\AppData\Local\{43BF3E9E-3582-4D4F-A59D-BFD3717B12C3}
2011-11-21 02:33:42 -------- d-----w- C:\Users\Silent\AppData\Local\{562143CB-E961-4530-BF3C-8E447FB2D419}
2011-11-20 14:33:16 -------- d-----w- C:\Users\Silent\AppData\Local\{7F434A88-77F5-474B-A96E-38E7A748C403}
2011-11-20 14:31:39 -------- d-----w- C:\Users\Silent\AppData\Local\{86EBBED9-6D28-440C-87D8-B9964884C6FC}
2011-11-20 01:14:39 -------- d-----w- C:\Users\Silent\AppData\Local\{B709793F-3293-45BB-952A-89C1CC26BF87}
2011-11-20 01:13:35 -------- d-----w- C:\Users\Silent\AppData\Local\{979DACAD-7629-4A2D-AAC3-13C8DBFEBFC3}
2011-11-19 13:13:09 -------- d-----w- C:\Users\Silent\AppData\Local\{2FBFA570-0B4D-4B78-B40A-88DAB8D47573}
2011-11-19 13:11:31 -------- d-----w- C:\Users\Silent\AppData\Local\{0E072B45-EA9C-4EBD-90A4-A631ADB1D4C2}
2011-11-18 13:55:24 -------- d-----w- C:\Users\Silent\AppData\Local\{F88635B3-5098-48B6-B3A8-AF4A4852C01D}
2011-11-18 13:53:43 -------- d-----w- C:\Users\Silent\AppData\Local\{2099F93D-1656-4771-89BE-C937A4FF7D86}
2011-11-17 14:11:48 -------- d-----w- C:\Users\Silent\AppData\Local\{2F41527A-0370-41B3-B250-007EA4C47F39}
2011-11-17 14:11:37 -------- d-----w- C:\Users\Silent\AppData\Local\{6109CA15-96C3-42A9-8765-9DDAE374ED05}
2011-11-17 06:49:47 -------- d-----w- C:\Program Files (x86)\Ask.com
2011-11-17 02:11:11 -------- d-----w- C:\Users\Silent\AppData\Local\{A30487F8-09D2-4FE9-9CCF-0742556DA597}
2011-11-17 02:10:59 -------- d-----w- C:\Users\Silent\AppData\Local\{A69399A4-56BC-4989-9010-4763AFD2702D}
2011-11-16 14:10:32 -------- d-----w- C:\Users\Silent\AppData\Local\{7250D029-7D46-453D-A37A-66027367AA51}
2011-11-16 14:09:06 -------- d-----w- C:\Users\Silent\AppData\Local\{E6361CFE-A2E3-45FB-B8D4-0100DDADE154}
2011-11-15 13:55:45 -------- d-----w- C:\Users\Silent\AppData\Local\{21CF04CD-3421-49B4-AB63-2D34811909D2}
2011-11-15 13:54:32 -------- d-----w- C:\Users\Silent\AppData\Local\{7ADC17FF-81C9-4240-9FA9-4C1985CCB3EA}
2011-11-14 18:43:13 -------- d-----w- C:\Users\Silent\AppData\Local\{8527D8C6-ED59-450A-BFC7-2CD02990403D}
2011-11-14 18:42:25 -------- d-----w- C:\Users\Silent\AppData\Local\{41B8CDBE-45C9-4554-B394-9C20F1DC08A4}
2011-11-14 17:45:58 -------- d-----w- C:\Users\Silent\AppData\Local\{8564A08F-63C1-4C57-96DB-C69DE65314E8}
2011-11-14 17:45:12 -------- d-----w- C:\Users\Silent\AppData\Local\{0193752F-C3A0-4262-8A19-34F7867D0907}
2011-11-14 17:30:12 -------- d-----w- C:\Users\Silent\AppData\Local\{48C30FAE-A5B0-4446-AC2F-A269FC4A7195}
2011-11-14 17:29:25 -------- d-----w- C:\Users\Silent\AppData\Local\{787A3405-0187-4C24-BDB7-B5B8923F27B4}
2011-11-14 16:51:58 -------- d-----w- C:\Users\Silent\AppData\Local\{86B46405-ED0B-46E1-9203-87F1B7FC7EB8}
2011-11-14 16:41:47 -------- d-----w- C:\Users\Silent\AppData\Local\{E990242F-C9A7-486C-9B32-735BAAC1D796}
2011-11-14 16:40:16 -------- d-----w- C:\Users\Silent\AppData\Local\{613F863A-DA1B-4B27-89E8-3022F5274EF9}
2011-11-14 15:14:58 -------- d-----w- C:\Users\Silent\AppData\Local\{ED1A7BED-9685-4E52-91B2-C2C83D65B35D}
2011-11-14 14:32:48 -------- d-----w- C:\Users\Silent\AppData\Local\{B1D6F34B-C62B-4070-8FE4-A7C0F79EE8E9}
2011-11-14 14:08:07 -------- d-----w- C:\Users\Silent\AppData\Local\{7E9DD49C-8EA6-47A6-BE80-4F5876F7CA48}
2011-11-14 14:06:31 -------- d-----w- C:\Users\Silent\AppData\Local\{E76D1207-FA79-49AD-B8CB-A7D6658D31FC}
2011-11-13 14:29:01 -------- d-----w- C:\Users\Silent\AppData\Local\{99817E7B-F048-4044-BF59-DE70704B2267}
2011-11-13 14:27:23 -------- d-----w- C:\Users\Silent\AppData\Local\{76B2232B-BD99-4FC2-8394-275B3AF6389E}
2011-11-12 13:46:19 -------- d-----w- C:\Users\Silent\AppData\Local\{6A30E6F3-EE22-4F8B-A3C3-95CDFB8CA0CE}
2011-11-12 13:44:50 -------- d-----w- C:\Users\Silent\AppData\Local\{4F91C24E-AC57-444D-B3A8-1EA730ED526E}
2011-11-12 04:23:05 -------- d-----r- C:\Program Files (x86)\Skype
2011-11-11 19:17:23 -------- d-----w- C:\Users\Silent\AppData\Local\{1B726F14-B8F5-487E-B4BF-8B350BB689A5}
2011-11-11 19:16:04 -------- d-----w- C:\Users\Silent\AppData\Local\{67F5A944-EB6F-4B7E-87FA-B369C0DD6BBA}
.
==================== Find3M ====================
.
2011-10-03 23:41:58 165680 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2011-10-03 23:41:58 146736 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2011-10-03 23:41:56 320816 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll
2011-10-03 23:41:56 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2011-10-03 23:41:56 130864 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-29 04:03:32 3144704 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 11:04:19.39 ===============

ESET scanner picked up some more viruses.

C:\Program Files (x86)\6F429\lvvm.exe a variant of Win32/Kryptik.XCM trojan

C:\Program Files (x86)\Cheat Engine 6.1\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB application

C:\Program Files (x86)\LP\E518\1E49.tmp a variant of Win32/Kryptik.XCM trojan

Attach.txt

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Hi and welcome to Malwarebytes.

I'm afraid I have bad news.

Your logs reveal a backdoor trojan. A backdoor severely compromises system integrity.

A compromised system may allow illicit network connections, disabling of security software, modifying critical system files and collection and transmiission of personal identifiable information without your consent.

I recommend that you disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. If it were on my PC I would not hesitate for a moment to do so. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

Should you have any questions, please feel free to ask.

Let me know what you decide.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.