lesser-equity

Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

Please advise, I think there's something messing with my connectivity.

Register Site Spy Member List Donate Search Today's Posts Mark Forums Read Forum Rules

Register


 Default 

Please advise, I think there's something messing with my connectivity.




Reply
Page 2 of 2 1 2
 
Thread Tools
  #11  
Old 1st Feb 2009, 08:18
Malware Group
  
Default Please advise, I think there's something messing with my connectivity.

Hi there

The file that concerns me most is this file -> G:\nhbivui.exe

As you can see it is located on the G: drive, try plugging your camera in and check to see if it is located there, if so then run flash disinfector on the drive, if not then carry on with the rest of the fix.
__________________
Proud member of ASAP & UNITE
__________________

My System: Steves Rig

Processor(s):
AMD Athlon 64x2 6000+
Motherboard:
ASUS M3N78 Pro
RAM Memory:
Corsair 4GB Dual Channel
Graphics Card(s):
NVIDIA GeForce 8400 GS
Sound Card:
Onboard
Hard Drive(s):
640GB Western Digital HD
Optical Drive(s):
LG Lightscribe
Case / PSU:
Cooling:
Stock HSF
Network / Internet:
20Mb Virgin Media Broadband
Monitor(s):
Hanns-G 19" Widescreen
Operating System(s):
Vista Premium 64x
  #12  
Old 5th Feb 2009, 05:57
Member Group
  
Default Please advise, I think there's something messing with my connectivity.

Hello,

sorry for not writing back sooner, but I have been busy at work. I remembered that I have a Multi Card Reader, and I guess it would work as a memory stick, right?

So I did what you told me until I got to the Combofix step. What is the Combofix? Where should I downloaded it?

Thanks for your help once again.

Kathy
  #13  
Old 5th Feb 2009, 06:56
Malware Group
  
Default Please advise, I think there's something messing with my connectivity.

Hi there

My mistake about combofix. I thought we had already downloaded the tool.

Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/comb...o-use-combofix

Download & save ComboFix to your Desktop ready for use but don't run it yet.
Instead do this...

Open notepad and copy/paste the text in the quotebox below into it:

Save this as CFScript.txt

Quote:
Filelook::
C:\WINDOWS\system32\GDS32.DLL
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{49700028-1cf5-11dd-8f9e-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{a0b2157e-ba11-11dd-818c-001e68e65d57}]
- Save this to your desktop as CFScript.txt
- Drag the CFScript.txt over onto Combofix.exe and release.



Combofix will then execute the script and produce a fresh log. post this back in your next reply
__________________
Proud member of ASAP & UNITE
  #14  
Old 5th Feb 2009, 07:26
Member Group
  
Default Please advise, I think there's something messing with my connectivity.

Here is the Combofix Log:

ComboFix 09-02-04.04 - Administrator 2009-02-05 22:17:56.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.936.1.2052.18.1979.1278 [GMT 8:00]
执行位置: c:\documents and settings\Administrator\桌面\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\桌面\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090205-0] *On-access scanning enabled* (Updated)
* 成功创造新还原点
.

((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\StormII
c:\program files\StormII\codec\aasc32.dll
c:\program files\StormII\codec\ac3filter.ax
c:\program files\StormII\codec\acelpdec.ax
c:\program files\StormII\codec\asusasv1.dll
c:\program files\StormII\codec\asusasv2.dll
c:\program files\StormII\codec\avidavicodec.dll
c:\program files\StormII\codec\AviSplitter.ax
c:\program files\StormII\codec\bass.dll
c:\program files\StormII\codec\bass_aac.dll
c:\program files\StormII\codec\bass_alac.dll
c:\program files\StormII\codec\bass_ape.dll
c:\program files\StormII\codec\bass_flac.dll
c:\program files\StormII\codec\bass_mpc.dll
c:\program files\StormII\codec\bass_tta.dll
c:\program files\StormII\codec\bass_wv.dll
c:\program files\StormII\codec\cddareader.ax
c:\program files\StormII\codec\cdxareader.ax
c:\program files\StormII\codec\ChpSrcFilter.ax
c:\program files\StormII\codec\clrviddd.dll
c:\program files\StormII\codec\CLVSD.ax
c:\program files\StormII\codec\coreavc.ax
c:\program files\StormII\codec\DCBassSource.ax
c:\program files\StormII\codec\divxdec.ax
c:\program files\StormII\codec\ff_kernelDeint.dll
c:\program files\StormII\codec\ff_liba52.dll
c:\program files\StormII\codec\ff_libdts.dll
c:\program files\StormII\codec\ff_libfaad2.dll
c:\program files\StormII\codec\ff_libmad.dll
c:\program files\StormII\codec\ff_realaac.dll
c:\program files\StormII\codec\ff_samplerate.dll
c:\program files\StormII\codec\ff_theora.dll
c:\program files\StormII\codec\ff_tremor.dll
c:\program files\StormII\codec\ff_unrar.dll
c:\program files\StormII\codec\ff_wmv9.dll
c:\program files\StormII\codec\ffdshow.ax
c:\program files\StormII\codec\ffdshow.ax.manifest
c:\program files\StormII\codec\FLT_ffdshow.dll
c:\program files\StormII\codec\FLVSplitter.ax
c:\program files\StormII\codec\frapsvid.dll
c:\program files\StormII\codec\iconv.dll
c:\program files\StormII\codec\keys.dat
c:\program files\StormII\codec\l3codecx.ax
c:\program files\StormII\codec\LCodcCMP.dll
c:\program files\StormII\codec\libavcodec.dll
c:\program files\StormII\codec\libmpeg2_ff.dll
c:\program files\StormII\codec\libmplayer.dll
c:\program files\StormII\codec\LMVRGBxf.dll
c:\program files\StormII\codec\LMVYUVxf.dll
c:\program files\StormII\codec\lsvxdec.dll
c:\program files\StormII\codec\mkunicode.dll
c:\program files\StormII\codec\mkx.dll
c:\program files\StormII\codec\mkzlib.dll
c:\program files\StormII\codec\mmamrdmx.ax
c:\program files\StormII\codec\mp3dmod.dll
c:\program files\StormII\codec\mp4.dll
c:\program files\StormII\codec\mp43dmod.dll
c:\program files\StormII\codec\mp4sdmod.dll
c:\program files\StormII\codec\MP4Splitter.ax
c:\program files\StormII\codec\MpaDecFilter.ax
c:\program files\StormII\codec\MpaSplitter.ax
c:\program files\StormII\codec\Mpeg2DecFilter.ax
c:\program files\StormII\codec\mpeg2dmx.ax
c:\program files\StormII\codec\MpegSplitter.ax
c:\program files\StormII\codec\mpg2splt.ax
c:\program files\StormII\codec\mpg4dmod.dll
c:\program files\StormII\codec\msvcr71.dll
c:\program files\StormII\codec\NDParser.ax
c:\program files\StormII\codec\Plugins\nppl3260.dll
c:\program files\StormII\codec\Plugins\nppl3260.xpt
c:\program files\StormII\codec\Plugins\nprpjplug.dll
c:\program files\StormII\codec\Plugins\nsJSRealPlayerPlugin.x pt
c:\program files\StormII\codec\PmpSplt.ax
c:\program files\StormII\codec\pncrt.dll
c:\program files\StormII\codec\pndx5016.dll
c:\program files\StormII\codec\pndx5032.dll
c:\program files\StormII\codec\Real\Codecs\14_43260.dll
c:\program files\StormII\codec\Real\Codecs\28_83260.dll
c:\program files\StormII\codec\Real\Codecs\atrc.dll
c:\program files\StormII\codec\Real\Codecs\cook.dll
c:\program files\StormII\codec\Real\Codecs\ddnt3260.dll
c:\program files\StormII\codec\Real\Codecs\dnet3260.dll
c:\program files\StormII\codec\Real\Codecs\drv1.dll
c:\program files\StormII\codec\Real\Codecs\drv2.dll
c:\program files\StormII\codec\Real\Codecs\drvc.dll
c:\program files\StormII\codec\Real\Codecs\hxltcolor.dll
c:\program files\StormII\codec\Real\Codecs\raac.dll
c:\program files\StormII\codec\Real\Codecs\ralf.dll
c:\program files\StormII\codec\Real\Codecs\rv10.dll
c:\program files\StormII\codec\Real\Codecs\rv20.dll
c:\program files\StormII\codec\Real\Codecs\rv30.dll
c:\program files\StormII\codec\Real\Codecs\rv40.dll
c:\program files\StormII\codec\Real\Codecs\sipr.dll
c:\program files\StormII\codec\Real\Common\objb3201.dll
c:\program files\StormII\codec\Real\Common\pnen3260.dll
c:\program files\StormII\codec\Real\Common\pngu3267.dll
c:\program files\StormII\codec\Real\Common\pnrs3260.dll
c:\program files\StormII\codec\Real\Common\rppr3260.dll
c:\program files\StormII\codec\Real\Plugins\audplin.dll
c:\program files\StormII\codec\Real\Plugins\authmgr.dll
c:\program files\StormII\codec\Real\Plugins\clbascauth.dll
c:\program files\StormII\codec\Real\Plugins\clntxres.dll
c:\program files\StormII\codec\Real\Plugins\ExtResources\core res.xrs
c:\program files\StormII\codec\Real\Plugins\fpsechnd.dll
c:\program files\StormII\codec\Real\Plugins\httpfsys.dll
c:\program files\StormII\codec\Real\Plugins\hxsdp.dll
c:\program files\StormII\codec\Real\Plugins\hxxml.dll
c:\program files\StormII\codec\Real\Plugins\imgrender.dll
c:\program files\StormII\codec\Real\Plugins\memfsys.dll
c:\program files\StormII\codec\Real\Plugins\mp3fformat.dll
c:\program files\StormII\codec\Real\Plugins\mp3render.dll
c:\program files\StormII\codec\Real\Plugins\mp4arender.dll
c:\program files\StormII\codec\Real\Plugins\ntlmauth.dll
c:\program files\StormII\codec\Real\Plugins\oggfformat.dll
c:\program files\StormII\codec\Real\Plugins\pacplin.dll
c:\program files\StormII\codec\Real\Plugins\plusplin.dll
c:\program files\StormII\codec\Real\Plugins\pxcb3210.dll
c:\program files\StormII\codec\Real\Plugins\ramfformat.dll
c:\program files\StormII\codec\Real\Plugins\ramrender.dll
c:\program files\StormII\codec\Real\Plugins\rarender.dll
c:\program files\StormII\codec\Real\Plugins\rmfformat.dll
c:\program files\StormII\codec\Real\Plugins\rmxfpln.dll
c:\program files\StormII\codec\Real\Plugins\rmxrend.dll
c:\program files\StormII\codec\Real\Plugins\rn5auth.dll
c:\program files\StormII\codec\Real\Plugins\rtfformat.dll
c:\program files\StormII\codec\Real\Plugins\rtrender.dll
c:\program files\StormII\codec\Real\Plugins\rvrender.dll
c:\program files\StormII\codec\Real\Plugins\sdpplin.dll
c:\program files\StormII\codec\Real\Plugins\security.dll
c:\program files\StormII\codec\Real\Plugins\smlfformat.dll
c:\program files\StormII\codec\Real\Plugins\smlrender.dll
c:\program files\StormII\codec\Real\Plugins\smmrender.dll
c:\program files\StormII\codec\Real\Plugins\smplfsys.dll
c:\program files\StormII\codec\Real\Plugins\stubdrm.dll
c:\program files\StormII\codec\Real\Plugins\tfilesys.dll
c:\program files\StormII\codec\Real\Plugins\vidplin.dll
c:\program files\StormII\codec\Real\Plugins\vidsite.dll
c:\program files\StormII\codec\Real\Plugins\vorbisrend.dll
c:\program files\StormII\codec\Real\Plugins\vsrlocal.dll
c:\program files\StormII\codec\Real\rpplugins\cn\embed_cn.dll
c:\program files\StormII\codec\Real\rpplugins\cn\rpclsvc_cn.d ll
c:\program files\StormII\codec\Real\rpplugins\embd3260.dll
c:\program files\StormII\codec\Real\rpplugins\rpcl3260.dll
c:\program files\StormII\codec\Real\rpplugins\rput3260.dll
c:\program files\StormII\codec\rmoc3260.dll
c:\program files\StormII\codec\RMSplt.ax
c:\program files\StormII\codec\Sc726dec.ax
c:\program files\StormII\codec\scsource.ax
c:\program files\StormII\codec\splitter.ax
c:\program files\StormII\codec\TomsMoComp_ff.dll
c:\program files\StormII\codec\ts.dll
c:\program files\StormII\codec\tsccvid.dll
c:\program files\StormII\codec\vmnc.dll
c:\program files\StormII\codec\wmsdmod.dll
c:\program files\StormII\codec\xvid.ax
c:\program files\StormII\codec\xvidcore.dll
c:\program files\StormII\current.ecs
c:\program files\StormII\jscript.dll
c:\program files\StormII\keys.dat
c:\program files\StormII\media\def\def.flv
c:\program files\StormII\media\def\def.ini
c:\program files\StormII\media\empty.swf
c:\program files\StormII\media\media4in1.swf
c:\program files\StormII\media\mediabp.swf
c:\program files\StormII\media\others.xml
c:\program files\StormII\media\others.xml.ini
c:\program files\StormII\media\toff.ini
c:\program files\StormII\media\video_material_list.xml
c:\program files\StormII\media\video_material_list.xml.ini
c:\program files\StormII\media\video_style_list.xml
c:\program files\StormII\media\video_style_list.xml.ini
c:\program files\StormII\Media2.dll
c:\program files\StormII\mee.db
c:\program files\StormII\mps.dll
c:\program files\StormII\msscript.ocx
c:\program files\StormII\msvcp60.dll
c:\program files\StormII\rndrmgr.dll
c:\program files\StormII\score.dll
c:\program files\StormII\sexpert.dll
c:\program files\StormII\Skin\暴风经典.zip
c:\program files\StormII\Skin\枫叶片片.zip
c:\program files\StormII\Skin\苹果风格.zip
c:\program files\StormII\spfa.dll
c:\program files\StormII\splayers.dll
c:\program files\StormII\sprobe.dll
c:\program files\StormII\Storm.exe
c:\program files\StormII\stormliv.exe
c:\program files\StormII\stormply.exe
c:\program files\StormII\StormRes.dll
c:\program files\StormII\subdecoder.dll
c:\program files\StormII\uninst.exe
c:\windows\RSBDBACKUP.DLL
c:\windows\system32\1.txt
d:\my documents\Favorites\链接

.
((((((((((((((((((((((((( 2009-01-05 至 2009-02-05 的新的档案 )))))))))))))))))))))))))))))))
.

2009-02-02 14:43 . 2009-02-02 14:43 2,688 --a------ c:\windows\system32\settings.aaw
2009-02-02 14:43 . 2009-02-02 14:43 960 --a------ c:\windows\system32\history.aaw
2009-02-01 18:34 . 2009-02-01 18:34 <DIR> d-------- c:\program files\CCleaner
2009-02-01 11:24 . 2009-02-01 11:24 <DIR> d-------- c:\windows\system32\Tencent
2009-01-31 23:16 . 2009-01-31 23:16 <DIR> d-------- C:\rsit
2009-01-31 08:17 . 2009-01-31 08:17 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-31 08:17 . 2009-01-31 08:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-31 08:17 . 2009-01-31 08:17 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-01-31 08:17 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-31 08:17 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-31 08:05 . 2009-01-31 08:05 <DIR> d-------- c:\program files\Common Files\Thunder Network
2009-01-30 22:51 . 2009-01-30 22:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\TEMP
2009-01-30 22:37 . 2009-01-30 22:37 <DIR> d-------- c:\program files\Trend Micro
2009-01-21 15:45 . 2009-01-21 15:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\IsolatedStorage
2009-01-21 15:43 . 2009-01-21 15:43 233,992 --a------ c:\windows\system32\iNterpret_nat.dll
2009-01-21 15:41 . 2009-01-21 15:41 <DIR> d-------- c:\program files\MSBuild
2009-01-21 15:39 . 2009-01-21 15:39 <DIR> d-------- c:\windows\system32\XPSViewer
2009-01-21 15:39 . 2009-01-21 15:39 <DIR> d-------- c:\program files\Reference Assemblies
2009-01-21 15:38 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-01-20 12:25 . 2009-01-20 12:25 <DIR> d-------- c:\program files\Common Files\Apple
2009-01-20 12:24 . 2009-01-20 12:24 <DIR> d-------- c:\program files\Apple Software Update
2009-01-20 12:24 . 2009-01-20 12:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-01-18 08:32 . 2009-01-18 08:32 <DIR> d-------- c:\windows\Intuit
2009-01-09 10:09 . 2009-01-09 10:09 <DIR> d-------- c:\program files\Google
2009-01-09 10:09 . 2009-01-09 10:09 <DIR> d-------- c:\program files\Common Files\supportsoft
2009-01-09 10:09 . 2007-07-30 14:44 3,518,464 --a------ c:\windows\system32\cdintf300.dll
2009-01-09 10:09 . 2007-06-28 14:09 1,843,200 --a------ c:\windows\system32\acXMLParser.dll
2009-01-09 10:07 . 2009-01-09 10:07 <DIR> d-------- c:\program files\Intuit
2009-01-09 10:07 . 2009-01-09 10:07 <DIR> d-------- c:\program files\Common Files\Intuit
2009-01-09 10:07 . 2009-01-09 10:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\SQL Anywhere 10
2009-01-09 10:07 . 2009-01-09 10:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Intuit
2009-01-09 10:07 . 2009-01-09 10:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\COMMON FILES
2009-01-09 10:07 . 2009-01-18 08:30 91 --a------ c:\windows\QBChanUtil_Trigger.ini
2009-01-09 10:06 . 2009-01-09 10:07 <DIR> d-------- c:\program files\MSXML 4.0
2009-01-09 10:06 . 2009-01-09 10:06 <DIR> d-------- c:\program files\Microsoft.NET
2009-01-09 09:20 . 2009-01-09 09:20 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Download Manager
2009-01-09 09:18 . 2009-01-09 09:18 <DIR> d-------- c:\program files\Akamai
2009-01-07 21:00 . 2009-01-07 21:00 <DIR> d-------- c:\windows\system32\LogFiles
2009-01-06 21:52 . 2009-01-06 21:52 <DIR> d-------- c:\program files\Windows Live Safety Center
2009-01-06 20:29 . 2009-01-06 20:29 <DIR> d-------- c:\program files\Common Files\Borland Shared
2009-01-06 20:29 . 2009-01-06 20:29 <DIR> d-------- C:\DBA Help
2009-01-06 20:28 . 2009-01-06 20:28 <DIR> d--h----- c:\program files\InstallShield Installation Information
2009-01-06 20:28 . 2009-01-06 20:28 <DIR> d-------- c:\program files\DBA Manufacturing
2009-01-06 20:28 . 2004-07-14 01:05 356,431 --a------ c:\windows\system32\GDS32.DLL
2009-01-06 20:27 . 2009-01-06 20:27 <DIR> d-------- c:\program files\Firebird

.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-12-23 11:43 --------- d-----w c:\program files\Alwil Software
2008-12-20 00:15 --------- d-----w c:\program files\Microsoft Silverlight
2008-12-20 00:14 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-12-20 00:13 --------- d-----w c:\program files\Windows Live SkyDrive
2008-12-20 00:13 --------- d-----w c:\program files\Microsoft
2008-12-19 03:10 --------- d-----w c:\program files\MSECache
2008-12-14 01:15 --------- d-----w c:\documents and settings\Administrator\Application Data\CANON INC
2008-12-14 01:15 --------- d-----w c:\documents and settings\Administrator\Application Data\CameraWindowDC
2008-12-12 17:01 3,088,896 ---ha-r c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 ---ha-r c:\windows\system32\dllcache\srv.sys
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-10 00:33 --------- d-----w c:\documents and settings\Administrator\Application Data\Skype
2008-12-10 00:32 --------- d-----w c:\program files\Skype
2008-12-10 00:32 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-12-04 14:55 307,560 ----a-w c:\windows\WLXPGSS.SCR
2008-12-02 14:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
2008-11-25 07:45 96,880 ----a-w c:\windows\system32\kakatool.dll
2008-11-25 07:44 100,976 ----a-w c:\windows\system32\UrlFilter.dll
2008-11-25 07:43 15,776 ----a-w c:\windows\system32\kknative.exe
2008-11-24 10:19 319,488 ----a-w c:\windows\HideWin.exe
2008-11-09 21:43 410,984 ----a-w c:\windows\system32\deploytk.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))) )))))))
.

c:\windows\system32\GDS32.DLL -- Not a PE file.
MD5: 90d8960de977e988caaa3c02800a1c52


------- Sigcheck -------

2008-02-11 04:29 493056 cda24020f9bd5e4f5d6f199b7eab8fd3 c:\windows\system32\winlogon.exe
2008-02-11 04:29 493056 cda24020f9bd5e4f5d6f199b7eab8fd3 c:\windows\system32\dllcache\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-05 24359720]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-12 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-04-30 1347584]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-04-30 1191936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2008-06-17 141848]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2008-11-27 81000]
"QuickTime Task"="c:\program files\Pure Codec\QTTask.exe" [2008-09-06 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\Administrator\「开始」菜单\程序\启动\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]
Loqu8 iCE v5.1.appref-ms [2009-01-21 290]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=ieprot.dll,kmon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"msacm.ac3filter"= ac3filter.acm
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 aaatimeo;aaatimeo;c:\windows\system32\drivers\aaat imeo.sys [2008-05-15 4928]
R0 AFAMgt;AFAMgt;c:\windows\system32\drivers\afamgt.s ys [2008-05-15 91707]
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix8 6.sys [2008-05-15 119808]
R0 amdbusdr;amdbusdr;c:\windows\system32\drivers\AmdB usDr.sys [2008-05-15 29696]
R0 amdeide;AMD EIDE 驱动程衼E;c:\windows\system32\drivers\AmdEide.sy s [2008-05-15 41216]
R0 ASH1205;SiI-3112 SATALink Controller;c:\windows\system32\drivers\ASH1205.sys [2008-05-15 47320]
R0 ata1200a;ata1200a;c:\windows\system32\drivers\ata1 200a.sys [2008-05-15 44998]
R0 atiide;atiide;c:\windows\system32\drivers\atiide.s ys [2008-05-15 6016]
R0 Cpq32fs2;Cpq32fs2;c:\windows\system32\drivers\CPQ3 2FS2.SYS [2008-05-15 64496]
R0 dontgo;Promise Removable Disk Control Driver;c:\windows\system32\drivers\dontgo.sys [2008-05-15 7680]
R0 fttxr52P;fttxr52P;c:\windows\system32\drivers\fttx r52P.sys [2008-05-15 160256]
R0 HpCISSm2;HpCISSm2;c:\windows\system32\drivers\hpci ssm2.sys [2006-05-28 23040]
R0 iaStor55;Intel RAID Controller;c:\windows\system32\drivers\iaStor55.sy s [2008-05-15 874240]
R0 iaStor70;Intel RAID Controller;c:\windows\system32\drivers\iaStor70.sy s [2008-05-15 277784]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.s ys [2008-05-15 91520]
R0 mvSata;mvSata;c:\windows\system32\drivers\mvsata.s ys [2008-05-15 43520]
R0 ql2200;ql2200;c:\windows\system32\drivers\ql2200.s ys [2006-08-31 379958]
R0 sisraidx;sisraidx;c:\windows\system32\drivers\sisr aidx.sys [2008-05-15 47616]
R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [2008-05-15 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [2008-05-15 52224]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2008-05-15 17920]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-23 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [2008-12-23 20560]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2008-04-14 14336]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]
S0 hptmv6;hptmv6;c:\windows\system32\drivers\hptmv6.s ys [2008-05-15 93696]
S0 rr172x;rr172x;c:\windows\system32\drivers\rr172x.s ys [2008-05-15 83200]
S0 rr174x;rr174x;c:\windows\system32\drivers\rr174x.s ys [2008-05-15 99968]
S0 rr2340;rr2340;c:\windows\system32\drivers\rr2340.s ys [2008-05-15 101888]
S2 3wareSrv;3ware Controller Service;c:\windows\system32\3waresrv.exe [2008-05-15 45056]
S2 ccosm;Contrl Center of Storm Media;c:\program files\StormII\stormliv.exe /asservice --> c:\program files\StormII\stormliv.exe [?]
S2 gupdate1c981dd96022bd0;Google Update Service (gupdate1c981dd96022bd0);c:\program files\Google\Update\GoogleUpdate.exe [2009-01-29 133104]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{49700028-1cf5-11dd-8f9e-806d6172696f}]
\Shell\AutoRun\command - H:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{a0b2157e-ba11-11dd-818c-001e68e65d57}]
\Shell\AutoRun\command - G:\nhbivui.exe
\Shell\explore\Command - G:\nhbivui.exe
\Shell\open\Command - G:\nhbivui.exe
.
‘计划任务’ 文件夹 里的内容

2008-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-484763869-1801674531-500.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-12 18:09]

2009-01-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-29 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-29 14:48]
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{32CD708B-60A7-4C00-9377-D73EAA495F0F} - c:\windows\system32\RavExt.dll


.
------- 而外的扫描 -------
.
uStart Page = hxxp://www.2345.com/lb.htm?223
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: 导出到 Microsoft Office Excel(&X) - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {05F5F404-7C24-4B39-B5CC-340CEDEB9C0D} - hxxp://imgcache.qq.com/qzone/client/photo/pages/QQPhotoDrawEx.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7c2whc6a.default\
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7c2whc6a.default\ext ensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7c2whc6a.default\ext ensions\piclens@cooliris.com\components\coolirisst ub.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dl l
FF - plugin: c:\program files\Google\Update\1.2.133.37\npGoogleOneClick7.d ll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Pure Codec\Plugins\npqtplugin.dll
FF - plugin: c:\program files\Pure Codec\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\Pure Codec\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\Pure Codec\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\Pure Codec\Real\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Pure Codec\Real\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Pure Codec\Real\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-05 22:21:15
Windows 5.1.2600 Service Pack 3 FAT NTAPI

扫描被隐藏的进程 。。。

扫描被隐藏的启动组 。。。

扫描被隐藏的文件 。。。

扫描完成
被隐藏的档案: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Conf\ g篘*慂Q\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\LocalService\AppEvents\Schemes\Apps\Con f\ g篘*慂Q\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Conf\ g篘*慂Q\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e* r*.*膥鯪\CLSID]
@="{809B6661-94C4-49E6-B6EC-3F0F862215AA}"

[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e* r*.*膥鯪\CurVer]
@="BDATuner.组件.1"

[HKEY_LOCAL_MACHINE\software\TENCENT\Q*Q*{^骮\SYS]
"PathRoot"="d:\\My Documents\\My Pictures\\2009_01_27"
"AddWaterPress"=dword:00000000
.
--------------------- 运行进程下的动态链接库 ---------------------

- - - - - - - > 'winlogon.exe'(892)
c:\windows\system32\netprovcredman.dll
.
------------------------ 其他运行进程 ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Firebird\Firebird_1_5\bin\fbguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsv c.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Firebird\Firebird_1_5\bin\fbserver.exe
.
************************************************** ************************
.
完成时间: 2009-02-05 22:22:51 - 电脑已重新启动
ComboFix-quarantined-files.txt 2009-02-05 14:22:50

Pre-Run: 16 个目录 21,802,876,928 可用字节
Post-Run: 16 个目录 21,828,796,416 可用字节

WindowsXP-KB310994-SP2-Pro-BootDisk-CHS.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect
c:\grldr="一键备份还原"

471 --- E O F --- 2009-01-15 19:01:42
  #15  
Old 5th Feb 2009, 16:43
Malware Group
  
Default Please advise, I think there's something messing with my connectivity.

Hi there

Im not seeing anything that would mess with connectivity which was your main reason for posting, what problems were you having with it.

Go to start menu - Select Run and in the command box type in notepad
Next - copy/paste the text in the code box below into it:

Quote:
Skipfix::

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{49700028-1cf5-11dd-8f9e-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{a0b2157e-ba11-11dd-818c-001e68e65d57}]
- Save this to your desktop as CFScript.txt
- Drag the CFScript.txt over onto Combofix.exe and release.



Combofix will then execute the script and produce a fresh log, post his back in your next reply

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner.

Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

This animation will guide you through the process:


**Note**

To optimize scanning time and produce a more sensible report for review:
Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan. You may disconnect from the internet once you begin the scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post back with the results from both logs
__________________
Proud member of ASAP & UNITE
Reply
Page 2 of 2 1 2

Register

Bookmarks

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to Make the Computer Slightly Faster by Messing About with the Processor tolet CPUs, Motherboards & RAM 7 11th Feb 2009 15:09
Windows Messing up ComputerGuy Windows Operating Systems 1 26th Jul 2008 12:27
Zone Alarms messing with my computer :-( loupylauraclams Virus, Spyware & Security 1 24th Apr 2008 05:29
Explorer.exe messing up. KingOmega Virus, Spyware & Security 27 13th Jan 2008 17:44
LAN Connectivity Roli Networking, Modems & VoIP 3 8th Aug 2007 09:28
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright ©2006 - 2009 Computer Juice.
Contact - Privacy - Sitemap - Top

Powered by vBulletin® Copyright ©2000 - 2009 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.