Jump to content

Stolen.Data etc.


Recommended Posts

Hi, I registered because I want to know about this.

This is my scan with malwarebytes yestrday

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.22.02

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

PC :: DENISPC [administrator]

22.1.2012 19:54:53

mbam-log-2012-01-22 (19-54-53).txt

Scan type: Custom scan

Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM

Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P

Objects scanned: 619

Time elapsed: 37 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Documents and Settings\PC\Application Data\data.dat (Stolen.Data) -> Quarantined and deleted successfully.

(end)

This is scan from today

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.22.02

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

PC :: DENISPC [administrator]

23.1.2012 22:45:43

mbam-log-2012-01-23 (22-45-43).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 179927

Time elapsed: 8 minute(s), 24 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

This is scan from today with DDS

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30

Run by PC at 23:59:54 on 2012-01-23

Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.2047.1035 [GMT 1:00]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\AVAST Software\Avast\defs\12012301\Sf.bin

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [soundMan] SOUNDMAN.EXE

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{DC0A1F09-A6F7-4B82-AFFC-AF395CCA1987} : DhcpNameServer = 192.168.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File

SecurityProviders: schannel.dll, credssp.dll, digest.dll

IFEO: clpsla.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"

IFEO: presentationhost.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"

IFEO: uninstall.exe - "c:\program files\tuneup utilities 2011\TUAutoReactivator32.exe"

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [2011-10-14 13616]

R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [2011-10-14 5632]

R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [2011-10-14 13616]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-21 435032]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-21 314456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-21 20568]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-21 44768]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2011-12-8 1527104]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-1-23 40776]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-7 10064]

R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [2011-11-18 28672]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-01-23 22:38:13 388096 ----a-r- c:\documents and settings\pc\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2012-01-23 22:38:12 -------- d-----w- c:\program files\Trend Micro

2012-01-23 22:35:30 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-01-23 00:01:25 -------- d-----w- c:\program files\Nero

2012-01-23 00:01:17 -------- d-----w- c:\documents and settings\all users\application data\Nero

2012-01-21 21:23:19 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-01-21 21:23:01 41184 ----a-w- c:\windows\avastSS.scr

2012-01-19 16:28:03 -------- d-----r- c:\program files\Skype

2012-01-19 15:31:50 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-01-19 15:31:50 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2012-01-18 23:33:46 -------- d-----w- c:\documents and settings\pc\application data\Malwarebytes

2012-01-18 23:33:40 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-01-18 23:33:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-01-18 14:27:04 -------- d-----w- c:\program files\AVAST Software

2012-01-18 14:27:04 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software

2012-01-15 01:24:45 -------- d-----w- c:\program files\FireFly Studios

2012-01-14 13:50:15 -------- d-----w- c:\program files\CCleaner

2012-01-14 02:07:41 -------- d-----w- c:\documents and settings\all users\application data\CPA_VA

2012-01-13 17:51:56 -------- d--h--w- c:\windows\system32\GroupPolicy

2012-01-13 14:57:11 -------- d-----w- c:\program files\BitTorrent

2012-01-13 14:56:28 -------- d-----w- c:\documents and settings\pc\local settings\application data\BitTorrent

2012-01-13 14:56:28 -------- d-----w- c:\documents and settings\pc\application data\BitTorrent

2012-01-12 02:54:23 222080 ------w- c:\windows\system32\MpSigStub.exe

2012-01-12 02:35:49 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-01-11 18:57:06 819200 ----a-w- c:\program files\windows media player\wmsetsdk.exe

2012-01-11 18:57:06 47616 ----a-w- c:\program files\windows media player\msoobci.dll

2012-01-11 18:56:37 -------- d-----w- c:\windows\RegisteredPackages

2012-01-11 17:54:04 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll

2012-01-11 17:54:04 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll

2012-01-11 17:54:03 470880 ----a-w- c:\windows\system32\d3dx10_43.dll

2012-01-11 17:54:03 248672 ----a-w- c:\windows\system32\d3dx11_43.dll

2012-01-11 17:54:02 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll

2012-01-11 17:53:43 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll

2012-01-11 17:53:24 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll

2012-01-11 17:53:06 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll

2012-01-11 17:52:48 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll

2012-01-11 17:52:28 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll

2012-01-11 17:51:58 -------- d-----w- c:\windows\Logs

2012-01-11 00:31:37 -------- d-----w- c:\program files\WhoCrashed

.

==================== Find3M ====================

.

2012-01-14 02:13:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-12-08 16:38:12 31552 ----a-w- c:\windows\system32\TURegOpt.exe

2011-12-08 16:31:34 29504 ----a-w- c:\windows\system32\uxtuneup.dll

2011-11-23 13:29:56 1868544 ----a-w- c:\windows\system32\win32k.sys

2011-11-20 11:10:53 285176 ----a-w- c:\windows\system32\nvdrsdb0.bin

2011-11-20 11:10:53 1 ----a-w- c:\windows\system32\nvdrssel.bin

2011-11-20 11:10:50 285176 ----a-w- c:\windows\system32\nvdrsdb1.bin

2011-11-10 04:54:13 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-11-10 02:27:10 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-11-04 19:19:40 919552 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:19:40 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-04 19:19:40 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-11-01 16:05:38 1289216 ----a-w- c:\windows\system32\ole32.dll

2011-10-28 05:31:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

.

============= FINISH: 0:04:32,43 ===============

This is ComboFix also from today

ComboFix 12-01-23.02 - PC 24.01.2012 0:14.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.2047.1196 [GMT 1:00]

Running from: c:\documents and settings\PC\My Documents\Downloads\ComboFix.exe

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\windows\alcrmv.exe

c:\windows\system32\drivers\Install.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-12-23 to 2012-01-23 )))))))))))))))))))))))))))))))

.

.

2012-01-23 22:38 . 2012-01-23 22:38 388096 ----a-r- c:\documents and settings\PC\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-01-23 22:38 . 2012-01-23 22:38 -------- d-----w- c:\program files\Trend Micro

2012-01-23 00:05 . 2012-01-23 00:18 -------- d-----w- c:\documents and settings\PC\Application Data\Nero

2012-01-23 00:01 . 2012-01-23 00:01 -------- d-----w- c:\program files\Common Files\Nero

2012-01-23 00:01 . 2012-01-23 00:01 -------- d-----w- c:\program files\Nero

2012-01-23 00:01 . 2012-01-23 00:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero

2012-01-21 21:23 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-01-21 21:23 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-01-21 21:23 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-01-21 21:23 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-01-21 21:23 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-01-21 21:23 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-01-21 21:23 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-01-21 21:23 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-01-21 21:23 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr

2012-01-21 21:23 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe

2012-01-19 16:28 . 2012-01-23 23:17 -------- d-----w- c:\documents and settings\PC\Application Data\Skype

2012-01-19 16:28 . 2012-01-19 16:28 -------- d-----r- c:\program files\Skype

2012-01-19 15:31 . 2012-01-22 13:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2012-01-19 15:31 . 2012-01-19 15:33 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-01-18 23:33 . 2012-01-18 23:33 -------- d-----w- c:\documents and settings\PC\Application Data\Malwarebytes

2012-01-18 23:33 . 2012-01-18 23:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-01-18 23:33 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-01-18 18:57 . 2012-01-18 18:57 -------- d-----w- c:\documents and settings\PC\Application Data\skypePM

2012-01-18 14:27 . 2012-01-21 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2012-01-18 14:27 . 2012-01-18 14:30 -------- d-----w- c:\program files\AVAST Software

2012-01-15 01:24 . 2012-01-15 01:24 -------- d-----w- c:\program files\FireFly Studios

2012-01-14 13:50 . 2012-01-14 13:50 -------- d-----w- c:\program files\CCleaner

2012-01-14 02:07 . 2012-01-14 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\CPA_VA

2012-01-13 17:51 . 2012-01-13 17:51 -------- d--h--w- c:\windows\system32\GroupPolicy

2012-01-13 14:57 . 2012-01-13 14:57 -------- d-----w- c:\program files\BitTorrent

2012-01-13 14:56 . 2012-01-23 20:42 -------- d-----w- c:\documents and settings\PC\Application Data\BitTorrent

2012-01-13 14:56 . 2012-01-13 14:56 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\BitTorrent

2012-01-12 02:54 . 2011-11-15 13:29 222080 ------w- c:\windows\system32\MpSigStub.exe

2012-01-12 02:35 . 2012-01-12 02:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-01-11 18:57 . 2004-08-11 00:45 819200 ----a-w- c:\program files\Windows Media Player\wmsetsdk.exe

2012-01-11 18:57 . 2004-08-11 00:45 47616 ----a-w- c:\program files\Windows Media Player\msoobci.dll

2012-01-11 17:54 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll

2012-01-11 17:54 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll

2012-01-11 17:54 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll

2012-01-11 17:54 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll

2012-01-11 17:54 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll

2012-01-11 17:53 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll

2012-01-11 17:53 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll

2012-01-11 17:53 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll

2012-01-11 17:52 . 2007-07-19 17:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll

2012-01-11 17:52 . 2007-05-16 15:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll

2012-01-11 17:51 . 2012-01-14 13:55 -------- d-----w- c:\windows\Logs

2012-01-11 16:02 . 2012-01-11 20:02 -------- d-----w- c:\documents and settings\PC\Application Data\ImgBurn

2012-01-11 15:32 . 2012-01-11 15:32 -------- d-----w- c:\program files\ImgBurn

2012-01-11 00:31 . 2012-01-21 17:35 -------- d-----w- c:\program files\WhoCrashed

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-14 02:13 . 2008-04-14 11:00 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-12-08 16:38 . 2011-12-16 21:21 31552 ----a-w- c:\windows\system32\TURegOpt.exe

2011-12-08 16:31 . 2011-12-16 21:41 29504 ----a-w- c:\windows\system32\uxtuneup.dll

2011-11-23 13:29 . 2011-10-14 18:06 1868544 ----a-w- c:\windows\system32\win32k.sys

2011-11-10 04:54 . 2011-11-18 18:17 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-11-10 02:27 . 2011-11-18 18:17 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-11-04 19:19 . 2011-10-14 18:08 919552 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:19 . 2011-10-14 18:08 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-04 19:19 . 2011-10-14 18:08 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-11-01 16:05 . 2011-10-14 18:06 1289216 ----a-w- c:\windows\system32\ole32.dll

2011-10-28 05:31 . 2011-10-14 18:05 33280 ----a-w- c:\windows\system32\csrsrv.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2011-10-14 . E17798E1E6FF1CA9C67B8576570E05EE . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]

"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-10-08 203072]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders schannel.dll, credssp.dll, digest.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

"ACPW05EN"="c:\program files\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" /pid ACPW05EN

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"CanonMyPrinter"=c:\program files\Canon\MyPrinter\BJMyPrt.exe /logon

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

"CanonSolutionMenu"=c:\program files\Canon\SolutionMenu\CNSLMAIN.exe /logon

"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe"

"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

.

R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [14.10.2011 19:14 13616]

R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [14.10.2011 19:14 5632]

R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [14.10.2011 19:14 13616]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [21.1.2012 22:23 435032]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [21.1.2012 22:23 314456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21.1.2012 22:23 20568]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [8.12.2011 17:34 1527104]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [7.10.2010 13:34 10064]

R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [18.11.2011 18:20 28672]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]

S4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Contents of the 'Scheduled Tasks' folder

.

.

------- Supplementary Scan -------

.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)

SafeBoot-CLPSLS

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-01-24 00:21

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2012-01-24 00:24:42

ComboFix-quarantined-files.txt 2012-01-23 23:24

.

Pre-Run: 24.667.037.696 bytes free

Post-Run: 25.019.076.608 bytes free

.

- - End Of File - - E5E03BDEFA28E11DA535BD588445108B

attach.rar

Link to post
Share on other sites

Hi Rayleigh and :welcome:

Hi, I registered because I want to know about this.

You want from us more information about that infection, right? Here you go:

http://www.avira.com/en/support-threats-description-product/tid/6831/tlang/en

This is my scan with malwarebytes yestrday
This is scan from today

Have you checked for new updates before you scan today? It seems to me that you have not done it.

This is ComboFix also from today

Why do you use ComboFix without the recommendation of someone who is trained to work with such tools? It's really dangerous. Please take a look on this article: Please DO NOT USE COMBOFIX on your own without supervision!!!

If you need help about this infection, let me know.

Link to post
Share on other sites

Hi Rayleigh and :welcome:

You want from us more information about that infection, right? Here you go:

http://www.avira.com...d/6831/tlang/en

Have you checked for new updates before you scan today? It seems to me that you have not done it.

Why do you use ComboFix without the recommendation of someone who is trained to work with such tools? It's really dangerous. Please take a look on this article: Please DO NOT USE COMBOFIX on your own without supervision!!!

If you need help about this infection, let me know.

Sry for using ComboFix :)

Don't really understant this with alvira?? I had alvira last week but I removed it...

What to do next??

Yes, yestrday I updated before scaning I think, but today it was update from yestrday...sry again...

Link to post
Share on other sites

Don't really understant this with alvira?? I had alvira last week but I removed it...

I thought that you are looking for information about infection, so I gave this link to Avira. I do not suggest you to install it if that's what you mean.

Step 1

Let's start with ComboFix uninstall process. Follow the instructions here:

http://www.bleepingc...bofix#uninstall

Step 2

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.

Then run ResetTeaTimer.exe.

This will only take a few seconds.

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates. If an update is found, it will download and install the latest version. If you already have difficulty, for your convenience we have video on YouTube, which shows visually how to do that.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, please post these log(s):

  1. Malwarebytes' Anti-Malware log
  2. a new fresh DDS log files

Link to post
Share on other sites

Step 1

Uninstalled

Step 2

Disabled

ResetTeaTimer said that there's no TeaTimer...I hope that's OK

Step 3

Updated

MBAM quick scan - clean

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.24.01

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

PC :: DENISPC [administrator]

24.1.2012 1:34:40

mbam-log-2012-01-24 (01-34-40).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 179609

Time elapsed: 3 minute(s), 33 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

DDS

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30

Run by PC at 1:40:53 on 2012-01-24

Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.2047.1509 [GMT 1:00]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

mRun: [soundMan] SOUNDMAN.EXE

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{DC0A1F09-A6F7-4B82-AFFC-AF395CCA1987} : DhcpNameServer = 192.168.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

SecurityProviders: schannel.dll, credssp.dll, digest.dll

.

============= SERVICES / DRIVERS ===============

.

R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [2011-10-14 13616]

R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [2011-10-14 5632]

R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [2011-10-14 13616]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-21 435032]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-21 314456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-21 20568]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-21 44768]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2011-12-8 1527104]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-7 10064]

R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [2011-11-18 28672]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-01-23 22:38:12 -------- d-----w- c:\program files\Trend Micro

2012-01-23 00:01:25 -------- d-----w- c:\program files\Nero

2012-01-23 00:01:17 -------- d-----w- c:\documents and settings\all users\application data\Nero

2012-01-21 21:23:19 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-01-21 21:23:01 41184 ----a-w- c:\windows\avastSS.scr

2012-01-19 16:28:03 -------- d-----r- c:\program files\Skype

2012-01-19 15:31:50 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-01-19 15:31:50 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy

2012-01-18 23:33:46 -------- d-----w- c:\documents and settings\pc\application data\Malwarebytes

2012-01-18 23:33:40 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-01-18 23:33:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-01-18 14:27:04 -------- d-----w- c:\program files\AVAST Software

2012-01-18 14:27:04 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software

2012-01-15 01:24:45 -------- d-----w- c:\program files\FireFly Studios

2012-01-14 13:50:15 -------- d-----w- c:\program files\CCleaner

2012-01-14 02:07:41 -------- d-----w- c:\documents and settings\all users\application data\CPA_VA

2012-01-13 17:51:56 -------- d--h--w- c:\windows\system32\GroupPolicy

2012-01-13 14:57:11 -------- d-----w- c:\program files\BitTorrent

2012-01-13 14:56:28 -------- d-----w- c:\documents and settings\pc\local settings\application data\BitTorrent

2012-01-13 14:56:28 -------- d-----w- c:\documents and settings\pc\application data\BitTorrent

2012-01-12 02:54:23 222080 ------w- c:\windows\system32\MpSigStub.exe

2012-01-12 02:35:49 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-01-11 18:57:06 819200 ----a-w- c:\program files\windows media player\wmsetsdk.exe

2012-01-11 18:57:06 47616 ----a-w- c:\program files\windows media player\msoobci.dll

2012-01-11 18:56:37 -------- d-----w- c:\windows\RegisteredPackages

2012-01-11 17:54:04 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll

2012-01-11 17:54:04 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll

2012-01-11 17:54:03 470880 ----a-w- c:\windows\system32\d3dx10_43.dll

2012-01-11 17:54:03 248672 ----a-w- c:\windows\system32\d3dx11_43.dll

2012-01-11 17:54:02 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll

2012-01-11 17:53:43 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll

2012-01-11 17:53:24 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll

2012-01-11 17:53:06 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll

2012-01-11 17:52:48 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll

2012-01-11 17:52:28 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll

2012-01-11 17:51:58 -------- d-----w- c:\windows\Logs

2012-01-11 00:31:37 -------- d-----w- c:\program files\WhoCrashed

.

==================== Find3M ====================

.

2012-01-14 02:13:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-12-08 16:38:12 31552 ----a-w- c:\windows\system32\TURegOpt.exe

2011-12-08 16:31:34 29504 ----a-w- c:\windows\system32\uxtuneup.dll

2011-11-23 13:29:56 1868544 ----a-w- c:\windows\system32\win32k.sys

2011-11-20 11:10:53 285176 ----a-w- c:\windows\system32\nvdrsdb0.bin

2011-11-20 11:10:53 1 ----a-w- c:\windows\system32\nvdrssel.bin

2011-11-20 11:10:50 285176 ----a-w- c:\windows\system32\nvdrsdb1.bin

2011-11-10 04:54:13 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-11-10 02:27:10 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-11-04 19:19:40 919552 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:19:40 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-04 19:19:40 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-11-01 16:05:38 1289216 ----a-w- c:\windows\system32\ole32.dll

2011-10-28 05:31:00 33280 ----a-w- c:\windows\system32\csrsrv.dll

.

============= FINISH: 1:42:25,90 ===============

attach.zip

Link to post
Share on other sites

You are rightly concerned about, because if you looked at this article for this infection, you may have seen what it is capable of:

Backdoor

Contact server:

The following:

• ekinox.no-ip.**********:3060

As a result it may send information and remote control could be provided.

Sends information about:

• Capture screen

• Information about the Windows operating system

Remote control capabilities:

• Start keylog

• Visit a website

Stealing

– A logging routine is started after the following website is visited, which contains one of the following substrings in the URL:

• bankofamerica.com

• facebook.com

I suggest you do at least one additional scan.

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Nothing

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=f3deba10c4ecf643a58cb68ccb43fa64

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-24 04:01:57

# local_time=2012-01-24 05:01:57 (+0100, Central European Standard Time)

# country="Croatia"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 60359 60359 0 0

# compatibility_mode=8192 67108863 100 0 3758 3758 0 0

# scanned=46481

# found=0

# cleaned=0

# scan_time=2269

Link to post
Share on other sites

Okay, check with Kaspersky.

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the log in the upper right

AVPfront.gif

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

avpsettings.gif

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

Link to post
Share on other sites

Especially Facebook. Have you attention to my previous post?

http://forums.malwarebytes.org/index.php?showtopic=105109&view=findpost&p=520084

Stealing

– A logging routine is started after the following website is visited, which contains one of the following substrings in the URL:

• bankofamerica.com

• facebook.com

Especially for those sites.

Link to post
Share on other sites

Are you still with me?

Yes, I'm here :)

Is something wrong?

I scan my PC every day 2-3 time with updated malwarebytes and there's nothing on it...

I changed almost every pass that was important to me, and there was no problems with someone else entering my accounts etc.

So I think I'm good for now...

You can close this thread if you want, if something happens I'll contact you to open it again.

Is that OK??

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.