Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: Remove Trojan

  1. 2008-02-25, 21:59 #11
    viktors
    viktors is offline
    Member
    Join Date
    Aug 2007
    Posts
    41

    Default

    ok i will try ,but i want to thx you ,i can't find virus with avast,my windows is perfect now,but i will try to do scan on kaspersky ,THANKS KATANA
  2. 2008-02-25, 22:50 #12
    katana
    katana is offline
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    It may seem as if the machine is clean, but there will still be traces of the infection left.


    Custom CFScript
    • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

      Code:
      Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06b29fd3-1db4-11db-bfd6-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09fdd8f8-1c8f-11db-ad05-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09fdd8f9-1c8f-11db-ad05-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b9b3d5c-843d-11db-94ae-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d88e402-5391-11db-89a0-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0fc63043-f880-11da-a36c-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{115a6136-61c0-11db-ba62-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1407af90-e818-11db-bed4-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15a85c6b-2477-11db-b3d9-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1cf0c3b7-314e-11db-afb6-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1cf0c3b8-314e-11db-afb6-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1cf0c3b9-314e-11db-afb6-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e61c96a-9284-11db-bbd2-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21625153-1f39-11db-b4e3-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25cf27b6-e9b3-11db-bf03-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{283a0679-1d6d-11db-9a2f-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ad31e43-09ae-11db-b07e-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3268b536-f701-11db-a4e9-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32a631dc-4f17-11db-aaa5-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35597886-94d5-11db-b6c5-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37065c43-10cf-11db-b6e1-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42d38890-3755-11db-aee6-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43084710-c977-11db-9bfc-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44c11a9d-fa23-11da-abfc-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{467169d2-f7ec-11da-a697-adfaa39dba8b}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4832dcc3-14c4-11db-9104-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4832dcc5-14c4-11db-9104-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4832dcc6-14c4-11db-9104-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4de4593f-a720-11dc-8ab7-b4b8026ac03f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{525da15c-52ed-11db-954e-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52b35e90-940f-11db-b39f-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5859915c-3eab-11db-86d0-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{595ade36-d85b-11db-a517-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f0beec3-135f-11db-a3dd-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f0beec5-135f-11db-a3dd-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61e8b136-4247-11db-a301-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6362c043-fc6a-11da-8dca-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{637be710-60e3-11db-b542-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bf4286a-fbcc-11db-afe1-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d3c81ea-deb7-11db-a86d-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6dfea443-0950-11db-b714-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7197dbe8-1a9a-11db-a584-82a0fe1011cb}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{750441b6-c8b8-11db-8515-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{753a3adc-b909-11db-8cb3-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75fef743-fd47-11da-923e-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77c77390-8692-11db-a81a-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a951390-b697-11db-92a5-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b671bc2-1112-11db-a19e-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b671bc3-1112-11db-a19e-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c7e12c2-18a1-11db-ae1f-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f785b36-38d6-11db-8a12-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83fb4836-82f9-11db-988c-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8552c7b6-8774-11db-a00c-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b9065b6-672b-11db-8860-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8dae3b37-89de-11db-b93c-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8dcc5390-680b-11db-9c10-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{929d8b90-97eb-11db-826e-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92c3828e-054d-11db-b341-841311d8bdea}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93e4c0c3-1726-11db-9d38-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c1969a8-c431-11dc-8afa-000c765fda06}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e26c936-4a20-11db-b4c8-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e57719f-226b-11db-9524-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a53333c3-0678-11db-a4d9-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af310143-0df3-11db-98ef-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b04f9dea-b9ba-11db-a35f-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1e1e9d3-2483-11db-bb13-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b20a8336-ed02-11db-9f95-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3b61636-dfa2-11db-9852-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6ff9636-890e-11db-903b-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{baae2179-2142-11db-829d-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{baff5dc3-08f1-11db-92cc-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc41939e-2b01-11db-b3cc-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd98325c-4fd2-11db-9b4b-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf203c6a-98b5-11db-a6fb-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c12a9bc2-f93c-11da-a152-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c12a9bc3-f93c-11da-a152-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c14b0102-3832-11db-8644-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c219fb1f-1aa6-11db-ae19-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2e60bc2-0a71-11db-a77d-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2e60bc3-0a71-11db-a77d-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4007490-d7a6-11db-94fe-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7499a6a-020c-11dc-8608-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c815e4c3-f9f6-11da-800f-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8c12f7a-1f01-11db-b695-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c925259f-1b07-11db-8af6-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d360ad00-c9ee-11dc-8b13-8b66f7537dd7}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d46aacf9-1a4e-11db-a581-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ded153c3-0612-11db-ba35-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0f85536-dac6-11db-a43f-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3f1a5fb-2c48-11db-8c34-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4ab73c3-1265-11db-b9f1-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9f83a23-fa14-11da-b62d-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eed9e66a-c9c3-11db-bc5c-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f085265c-518a-11db-a2ad-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2510736-39a6-11db-aab7-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f43fce10-8064-11db-b020-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f43fce11-8064-11db-b020-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fdf7a000-141e-11db-a3df-cd5be6804acc}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffd175c3-1010-11db-8b14-806d6172696f}]
    • Save this as CFScript.txt and place it on your desktop.




    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.


    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY
  3. 2008-02-26, 02:12 #13
    viktors
    viktors is offline
    Member
    Join Date
    Aug 2007
    Posts
    41

    Default

    ok here is my log
    ComboFix 08-02-25.3 - Viktor Salonski 2008-02-26 2:07:47.2 - FAT32x86
    Microsoft Windows XP Professional 5.1.2600.2.1251.381.1033.18.434 [GMT 1:00]
    Running from: C:\Documents and Settings\Viktor Salonski\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Viktor Salonski\Desktop\CFScript.txt
    * Created a new restore point.
    ((((((((((((((((((((((((( Files Created from 2008-01-26 to 2008-02-26 )))))))))))))))))))))))))))))))
    .

    2008-02-25 17:55 . 2008-02-25 17:55 <DIR> d-------- C:\WINDOWS\ERUNT
    2008-02-25 16:59 . 2008-02-25 15:14 <DIR> d-------- C:\SDFix
    2008-02-24 22:58 . 2006-04-24 10:30 59,392 --a------ C:\windows.pif
    2008-02-24 22:54 . 2008-02-24 22:54 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-02-24 22:20 . 2008-02-24 22:20 <DIR> d-------- C:\Program Files\Alwil Software
    2008-02-24 22:20 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
    2008-02-24 22:20 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
    2008-02-24 22:20 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2008-02-24 22:20 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-02-24 22:20 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2008-02-24 22:20 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-02-24 22:20 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-02-24 22:20 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-02-24 19:42 . 2008-02-24 19:42 <DIR> d--hs---- C:\FOUND.037
    2008-02-22 20:57 . 2008-02-22 20:57 <DIR> d-------- C:\WINDOWS\system32\VIRepair
    2008-02-22 14:12 . 2008-02-22 14:12 28,672 --a------ C:\WINDOWS\system32\klfv.exe
    2008-02-22 14:07 . 2008-02-22 14:07 <DIR> d-------- C:\Program Files\FolderVault
    2008-02-22 14:07 . 2008-02-22 14:07 921,654 --a------ C:\WINDOWS\stones6865E094.bmp
    2008-02-22 14:07 . 2008-02-22 14:07 135,168 --a------ C:\WINDOWS\system32\Lock.dll
    2008-02-22 14:07 . 2008-02-22 14:11 1,940 --a------ C:\WINDOWS\system32\fv2.lic
    2008-02-22 14:07 . 2008-02-22 14:07 19 --a------ C:\WINDOWS\CTDChannels_Version.6865E094.cdf
    2008-02-22 13:50 . 2008-02-22 13:50 <DIR> d-------- C:\Program Files\Folder Lock
    2008-02-22 13:50 . 2007-12-02 19:54 79,920 --a------ C:\WINDOWS\system32\FLKill.exe
    2008-02-22 13:50 . 2008-02-22 14:20 20 --a------ C:\sccfg.sys
    2008-02-21 19:54 . 2008-02-21 19:54 <DIR> d--hs---- C:\FOUND.036
    2008-02-20 21:38 . 2008-02-20 21:38 <DIR> d-------- C:\Program Files\RipCast 1.9
    2008-02-19 17:40 . 2008-02-19 17:40 <DIR> d--hs---- C:\FOUND.035
    2008-02-18 20:00 . 2008-02-18 20:00 <DIR> d-------- C:\Program Files\Audacity 1.3 Beta (Unicode)
    2008-02-18 20:00 . 2008-02-18 20:00 <DIR> d-------- C:\Documents and Settings\Viktor Salonski\Application Data\Audacity
    2008-02-18 19:56 . 2008-02-18 19:56 220 --a------ C:\WINDOWS\system32\test.aok
    2008-02-18 19:55 . 2008-02-18 19:55 <DIR> d-------- C:\Program Files\Ultra Video Converter
    2008-02-18 19:55 . 2007-04-12 14:19 129,024 --a------ C:\WINDOWS\system32\AVERM.dll
    2008-02-18 19:55 . 2006-09-26 13:57 28,672 --a------ C:\WINDOWS\system32\AVEQT.dll
    2008-02-18 14:18 . 2008-02-18 14:18 <DIR> d--hs---- C:\FOUND.034
    2008-02-16 14:04 . 2008-02-16 14:04 <DIR> d-------- C:\Documents and Settings\Viktor Salonski\Application Data\ViStart
    2008-02-16 13:58 . 2008-02-16 13:58 78,942 --a------ C:\WINDOWS\Icon_2.ico
    2008-02-16 13:50 . 2008-02-16 13:50 <DIR> d-------- C:\Program Files\WinFlip
    2008-02-16 13:50 . 2008-02-16 13:50 <DIR> d-------- C:\Program Files\TrueTransparency
    2008-02-16 13:50 . 2008-02-16 13:50 <DIR> d-------- C:\Program Files\Styler
    2008-02-16 13:50 . 2007-11-30 05:56 329,029 --a------ C:\WINDOWS\system32\viwc.exe
    2008-02-16 13:47 . 2008-02-16 13:47 78,942 --a------ C:\WINDOWS\Icon_1.ico
    2008-02-16 13:46 . 2008-02-16 13:46 <DIR> d-------- C:\WINDOWS\system32\VITrans
    2008-02-16 13:19 . 2008-02-16 13:19 <DIR> d-------- C:\Program Files\Safarp
    2008-02-16 03:36 . 2008-02-16 03:36 <DIR> d-------- C:\k
    2008-02-15 22:21 . 2007-12-12 16:11 851 --a------ C:\ma477.bin
    2008-02-15 19:19 . 2008-02-15 19:19 <DIR> d-------- C:\Program Files\Apple Software Update
    2008-02-15 19:19 . 2008-02-15 19:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2008-02-15 15:24 . 2008-02-15 15:24 <DIR> d-------- C:\Program Files\Common Files\xing shared
    2008-02-15 14:24 . 2008-02-15 14:24 <DIR> d-------- C:\Documents and Settings\Viktor Salonski\Application Data\Styler
    2008-02-15 14:23 . 2008-02-15 14:23 <DIR> d-------- C:\VTPFiles
    2008-02-15 14:23 . 2006-12-03 17:15 111,104 --a------ C:\WINDOWS\system32\Uharc.exe
    2008-02-15 14:23 . 2006-12-03 17:15 19,968 --a------ C:\WINDOWS\system32\reico.exe
    2008-02-15 14:23 . 2006-12-03 17:14 8,636 --a------ C:\WINDOWS\system32\modifype.exe
    2008-02-15 14:21 . 2008-02-15 14:21 <DIR> d-------- C:\Vista Transformation Pack 8.0.1
    2008-02-15 14:20 . 2008-02-15 14:20 <DIR> d-------- C:\MediaCoder 0.6.1 Build 4031
    2008-02-15 14:20 . 2008-02-15 14:21 <DIR> d-------- C:\Audacity 1.3.4 Beta
    2008-02-14 21:35 . 2008-02-14 21:35 <DIR> d-------- C:\Documents and Settings\Viktor Salonski\Application Data\Ulead Systems
    2008-02-14 21:33 . 2008-02-14 21:33 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems
    2008-02-14 21:26 . 2008-02-14 21:26 <DIR> d-------- C:\Program Files\Bad CD DVD Reader
    2008-02-14 21:18 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
    2008-02-14 21:18 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
    2008-02-14 21:16 . 2008-02-14 21:16 <DIR> d-------- C:\Winamp 5 Full 5.5
    2008-02-14 21:13 . 2008-02-14 21:13 <DIR> d-------- C:\Ulead PhotoImpact X3
    2008-02-14 21:12 . 2008-02-14 21:13 <DIR> d-------- C:\SuperRam 5.1.14.2008e
    2008-02-14 21:12 . 2008-02-14 21:12 <DIR> d-------- C:\BAD CDDVD Reader
    2008-02-14 14:16 . 2008-02-14 14:16 <DIR> d-------- C:\Program Files\Nexus_Radio
    2008-02-14 13:59 . 2008-02-14 13:59 <DIR> d-------- C:\Program Files\Nexus Radio
    2008-02-14 13:55 . 2008-02-14 13:55 <DIR> d-------- C:\Program Files\JLC's Software
    2008-02-14 13:55 . 2008-02-14 13:55 <DIR> d-------- C:\Documents and Settings\Viktor Salonski\Application Data\JLC's Software
    2008-02-14 13:51 . 2008-02-14 13:51 <DIR> d-------- C:\Nexus Radio 2.1
    2008-02-14 13:51 . 2008-02-14 13:51 <DIR> d-------- C:\JLC's Internet TV 1.1.0
    2008-02-13 20:03 . 2008-02-13 20:03 <DIR> d-------- C:\Program Files\Ocean Technology
    2008-02-13 20:03 . 2008-02-13 20:03 <DIR> d-------- C:\Documents and Settings\Viktor Salonski\Application Data\InstallShield
    2008-02-13 20:03 . 2006-03-14 02:26 53,248 --a------ C:\WINDOWS\system32\ImageOle.dll
    2008-02-11 20:24 . 2008-02-11 20:24 <DIR> d-------- C:\Program Files\GameHouse
    2008-02-11 13:00 . 2008-02-11 13:00 <DIR> d--hs---- C:\FOUND.033
    2008-02-10 20:50 . 2008-02-10 21:00 26 --a------ C:\WINDOWS\Zone.Identifier
    2008-02-10 02:44 . 2008-02-10 02:44 45,056 --a------ C:\WINDOWS\system32\fsmgmt.dll
    2008-02-09 15:29 . 2008-02-09 15:29 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
    2008-02-09 15:29 . 2008-02-09 15:29 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
    2008-02-09 15:28 . 2008-02-09 15:28 <DIR> d-------- C:\Program Files\Eclypse
    2008-02-09 11:53 . 2008-02-25 18:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-02-09 11:53 . 2008-02-09 11:53 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-02-02 17:22 . 2008-02-02 17:22 <DIR> d-------- C:\Program Files\Zuma Deluxe
    2008-01-28 17:32 . 2008-02-24 22:23 81,984 --a------ C:\WINDOWS\system32\bdod.bin
    2008-01-28 17:19 . 2008-01-28 17:19 <DIR> d--hs---- C:\FOUND.032

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-24 21:18 17,920 ----a-w C:\WINDOWS\system32\secpol.exe
    2008-01-14 15:19 --------- d-----w C:\Program Files\Common Files\NSV
    2008-01-12 21:18 --------- d-----w C:\Program Files\SpeedFan
    2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    2008-01-10 12:00 --------- d-----w C:\Program Files\PATRICIAN
    2008-01-08 21:18 --------- d-----w C:\Program Files\SourceTec
    2007-12-26 15:34 --------- d-----w C:\Program Files\DFX
    2007-12-26 15:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\DFX
    2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
    2007-12-08 05:21 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-12-06 11:01 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
    2007-12-06 11:00 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-12-06 04:59 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
    2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
    2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
    2007-06-29 18:45 17 ----a-w C:\Program Files\Sims2Pack Clean Installer.ini
    2007-08-08 13:32 801 --sha-w C:\WINDOWS\system32\mmf.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2462d2d8-b36e-44ab-84bf-c5a9383d2429}]
    2007-11-08 12:11 1502232 --a------ C:\Program Files\Nexus_Radio\tbNexu.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2318C2B1-4965-11D4-9B18-009027A5CD4F}
    {E0E899AB-F487-11D5-8D29-0050BA6940E3}
    {2462D2D8-B36E-44AB-84BF-C5A9383D2429}

    [HKEY_CLASSES_ROOT\clsid\{2462d2d8-b36e-44ab-84bf-c5a9383d2429}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{2462D2D8-B36E-44AB-84BF-C5A9383D2429}"= C:\Program Files\Nexus_Radio\tbNexu.dll [2007-11-08 12:11 1502232]

    [HKEY_CLASSES_ROOT\clsid\{2462d2d8-b36e-44ab-84bf-c5a9383d2429}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:56 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-04 18:06 68856]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-15 17:20 6803456]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-15 15:23 185896]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
    "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoTrayItemsDisplay"= 00000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsmgmt]
    fsmgmt.dll 2008-02-10 02:44 45056 C:\WINDOWS\system32\fsmgmt.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
    --a------ 2006-04-13 11:09 49152 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    --------- 2005-12-07 22:57 30208 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
    "C:\\Program Files\\Icq\\ICQLite\\ICQLite.exe"=
    "C:\\Program Files\\DC++\\DCPlusPlus.exe"=
    "C:\\WINDOWS\\System32\\autmgr32.exe"=
    "C:\\Program Files\\NetMeeting\\conf.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Real\\RealOne Player\\REALPLAY.EXE"=
    "C:\\TOTALCMD\\totalcmd.exe"=
    "C:\\Program Files\\ApexDC++\\ApexDC.exe"=
    "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
    "D:\\Program Files\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"=
    "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
    "C:\\WINDOWS\\System32\\rtcshare.exe"=
    "C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

    R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 22:56]
    S2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe []
    S3 ES-620;Edisonsoft ES-620 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\ES-620.sys [2003-04-17 11:42]
    S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2006-12-24 15:49]
    S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2006-12-24 15:49]
    S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2006-12-24 15:49]
    S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2006-12-24 15:49]
    S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2006-12-24 15:49]
    S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
    S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\z530bus.sys [2006-12-24 15:49]
    S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z530mdfl.sys [2006-12-24 15:49]
    S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\z530mdm.sys [2006-12-24 15:49]
    S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\z530mgmt.sys [2006-12-24 15:49]
    S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\z530obex.sys [2006-12-24 15:49]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-02-25 21:47:02 C:\WINDOWS\Tasks\{1C82364A-8B8D-40B7-A7BC-F7E694BE0141}_PRIVATE-B55B9C7_Viktor Salonski.job"
    - C:\WINDOWS\system32\mobsync.exeT /Schedule=
    "2008-02-22 16:16:10 C:\WINDOWS\Tasks\1-Click Maintenance.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    "2008-02-22 12:10:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-26 02:10:20
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-02-26 2:11:12
    ComboFix-quarantined-files.txt 2008-02-26 01:11:10
    ComboFix2.txt 2008-02-25 16:30:34
    .
    2008-02-21 18:57:29 --- E O F ---
  4. 2008-02-26, 17:29 #14
    katana
    katana is offline
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    Any news on the Kaspersky scan yet ?
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY
  5. 2008-02-26, 19:02 #15
    viktors
    viktors is offline
    Member
    Join Date
    Aug 2007
    Posts
    41

    Default

    i will try to do that now
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules