Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dont know what it is


  • This topic is locked This topic is locked
2 replies to this topic

#1 malec

malec

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:38 AM

Posted 28 December 2009 - 06:12 PM

i scanned my computer with avira premium and it found 27 viruses
then i defragged my discks with perfectdisk but didnt helped so i decided to scan it with combofix and the log is here
ComboFix 09-12-27.04 - SATAN 2009-12-28 22:37:47.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1023.702 [GMT 1:00]
Uruchomiony z: c:\downloads\programy\progz\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\desktop.ini
c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\SATAN\Ustawienia lokalne\Temporary Internet Files\udRemove.exe
c:\recycler\S-1-5-21-1454471165-842925246-725345543-1003
c:\recycler\S-1-5-21-682003330-507921405-2146912999-1003

----- BITS: Możliwe zainfekowane strony -----

hxxp://armmf.adobe.com
.
((((((((((((((((((((((((( Pliki utworzone od 2009-11-28 do 2009-12-28 )))))))))))))))))))))))))))))))
.

2009-12-28 21:28 . 2009-12-28 21:28 396288 ----a-w- c:\windows\system32\CF13442.exe
2009-12-28 21:21 . 2009-12-28 21:21 -------- d-----w- C:\modele
2009-12-28 11:05 . 2009-12-28 11:05 -------- d-----w- c:\windows\nview
2009-12-28 11:05 . 2008-05-16 13:01 446464 ----a-w- c:\windows\system32\nvudisp.exe
2009-12-28 11:05 . 2008-05-16 10:48 446464 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-12-28 11:04 . 2008-05-16 13:01 6557408 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys
2009-12-28 11:04 . 2008-05-16 13:01 6557408 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-12-28 11:04 . 2008-05-16 13:01 6108928 -c--a-w- c:\windows\system32\dllcache\nv4_disp.dll
2009-12-28 11:04 . 2008-05-16 13:01 6108928 ----a-w- c:\windows\system32\nv4_disp.dll
2009-12-27 01:21 . 2003-08-08 14:33 188928 ----a-w- c:\documents and settings\SATAN\Dane aplikacji\Gadu-Gadu\backup\MoRiEnTeS\GaduReader.exe
2009-12-26 18:53 . 2009-12-26 18:53 -------- d-----w- c:\documents and settings\SATAN\Dane aplikacji\Avira
2009-12-26 17:03 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-26 17:03 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-26 17:03 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-26 17:03 . 2009-12-26 17:03 -------- d-----w- c:\program files\Avira
2009-12-26 15:49 . 2009-12-26 15:49 -------- d-----w- c:\program files\MySecretFolder
2009-12-26 00:43 . 2009-12-26 17:03 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Avira

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-28 21:30 . 2008-06-10 20:22 -------- d-----w- c:\program files\FlashGet
2009-12-28 18:54 . 2009-01-07 23:39 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-12-28 15:31 . 2009-10-12 14:30 -------- d-----w- c:\program files\Unlocker
2009-12-28 13:47 . 2009-01-24 20:58 -------- d-----w- c:\documents and settings\SATAN\Dane aplikacji\Hamachi
2009-12-28 09:09 . 2008-12-31 09:44 -------- d-----w- c:\program files\SpeedFan
2009-12-27 12:38 . 2008-12-04 09:22 -------- d-----w- c:\documents and settings\SATAN\Dane aplikacji\GanymedeNet
2009-12-26 19:05 . 2009-10-09 21:51 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-26 18:59 . 2008-11-24 20:30 -------- d-----w- c:\program files\LimeWire
2009-12-24 17:24 . 2008-12-09 16:44 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\TEMP
2009-12-23 02:21 . 2006-10-09 17:04 -------- d-----w- c:\program files\Gadu-Gadu
2009-12-22 10:37 . 2009-04-12 18:04 -------- d-----w- c:\documents and settings\SATAN\Dane aplikacji\Skype
2009-12-09 18:38 . 2009-02-02 15:55 -------- d-----w- c:\documents and settings\SATAN\Dane aplikacji\AIMP
2009-11-30 16:16 . 2009-05-13 19:43 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-23 23:13 . 2009-11-23 23:13 7168 ----a-w- c:\documents and settings\SATAN\Dane aplikacji\Thinstall\VideoMach 5.0.5\40000064f00002i\mplayerc.exe
2009-11-23 22:37 . 2009-11-23 22:42 187772 ----a-w- c:\windows\PCHEALTH\HELPCTR\Config\Cache\Professional_32_1045.dat
2009-11-20 00:00 . 2008-12-22 14:03 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-11-17 10:39 . 2008-12-12 14:30 -------- d-----w- c:\program files\Ganymede
2009-11-15 18:08 . 2009-11-15 18:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Dane aplikacji\NVIDIA Corporation
2009-11-13 15:12 . 2009-11-13 15:09 -------- d-----w- c:\documents and settings\SATAN\Dane aplikacji\Ventrilo
2009-11-07 09:28 . 2009-02-01 16:02 -------- d-----w- c:\program files\RocketDock
2009-10-25 08:33 . 2001-10-26 16:15 88816 ----a-w- c:\windows\system32\perfc015.dat
2009-10-25 08:33 . 2001-10-26 16:15 499510 ----a-w- c:\windows\system32\perfh015.dat
2009-10-23 21:51 . 2009-10-23 21:51 2395944 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2009-10-07 09:05 . 2009-10-07 09:05 232712 ----a-w- c:\windows\system32\PDBoot.exe
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-05-10 2111176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvIcon"="c:\program files\KM-Software\Theme XPack\apps\Vista Drive Icon\DrvIcon.exe" [2008-07-07 45056]
"MSF_Monitor"="c:\progra~1\MYSECR~1\MSFMON.exe" [2009-03-24 89928]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Administrator\Menu Start\Programy\Autostart\
Hyperdesk_uninst0.lnk - c:\documents and settings\All Users.WINDOWS\Dane aplikacji\The Skins Factory\Hyperdesk\HyperdeskEngine.exe [2008-12-4 1273856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-02-02 04:23 229376 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^SATAN^Menu Start^Programy^Autostart^Reboot.exe]
path=c:\documents and settings\SATAN\Menu Start\Programy\Autostart\Reboot.exe
backup=c:\windows\pss\Reboot.exeStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wru

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 21:51 15360 -c----w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-08-08 12:11 490952 -c--a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
2007-09-25 08:10 2007088 ----a-w- c:\program files\FlashGet\flashget.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
2007-05-10 14:36 2111176 ----a-w- c:\program files\Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
2008-08-25 10:36 1168264 ----a-w- c:\program files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 21:51 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nowe Gadu-Gadu]
2009-05-28 09:23 10486376 ----a-w- c:\program files\Nowe Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-16 13:01 13529088 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-16 13:01 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-16 13:01 1630208 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
2002-07-12 10:15 106496 -c--a-w- c:\windows\SiSUSBrg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-03-27 15:01 24103720 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-11-10 04:43 136600 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Downloads\\CS\\hlds.exe"=
"c:\\Downloads\\CS\\hl.exe"=
"c:\\Program Files\\Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Downloads\\CS\\hltv.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Downloads\\Nowy folder (4)\\q2\\r1q2_multi_2\\r1q2.exe"=
"c:\\Downloads\\Nowy folder (4)\\q2\\r1q2_multi_2\\quake2.exe"=
"c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Dane aplikacji\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Downloads\\Nowy folder (4)\\Prawie jak Gry\\T-36F\\FlashFXP v3.6.0.1240\\FlashFXP v3.6.0.1240.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10881:TCP"= 10881:TCP:10881
"10884:TCP"= 10884:TCP:10884
"12880:TCP"= 12880:TCP:12880
"12881:TCP"= 12881:TCP:12881

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2009-12-26 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-12-26 108289]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [2009-12-26 434945]
R2 MSF32;MSF32;c:\program files\MySecretFolder\MSF32.SYS [2009-12-26 43856]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-11-24 717296]
S3 cpuz130;cpuz130;\??\c:\docume~1\SATAN\USTAWI~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\SATAN\USTAWI~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 npkycryp;npkycryp;\??\c:\program files\Lineage II\system\npkycryp.sys --> c:\program files\Lineage II\system\npkycryp.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-29 356920]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.onet.pl/
IE: &Ściągnij przy pomocy FlashGet'a - c:\program files\FlashGet\jc_link.htm
IE: &Ściągnij wszystko przy pomocy FlashGet'a - c:\program files\FlashGet\jc_all.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: {C3A0777C-4B7E-4B48-86A4-2FDE7E90BE5E} = 80.54.184.10 194.204.159.1
FF - ProfilePath - c:\documents and settings\SATAN\Dane aplikacji\Mozilla\Firefox\Profiles\cka43wwj.default\
FF - prefs.js: browser.search.selectedEngine - GooglePL
FF - prefs.js: browser.startup.homepage - hxxp://www.organizujemy.pl/
FF - plugin: c:\documents and settings\All Users.WINDOWS\Dane aplikacji\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\documents and settings\SATAN\Dane aplikacji\Mozilla\Firefox\Profiles\cka43wwj.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\SATAN\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll
FF - plugin: c:\documents and settings\SATAN\Dane aplikacji\Nowe Gadu-Gadu\_userdata\nppl3260.dll
FF - plugin: c:\documents and settings\SATAN\Dane aplikacji\Nowe Gadu-Gadu\_userdata\nprpjplug.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPBILLARD8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCARDS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPROULETTE.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Opera\program\plugins\npganymedenet.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll

---- FIREFOX - SPOSB POSTĘPOWANIA ----
FF - user.js: browser.startup.homepage - hxxp://www.organizujemy.pl/

FF - user.js: browser.search.selectedEngine - GooglePL.
- - - - USUNIĘTO PUSTE WPISY - - - -

WebBrowser-{196C3A46-4758-433D-A600-802C804AF39C} - (no file)
MSConfigStartUp-ares - c:\program files\Ares\Ares.exe
MSConfigStartUp-Cmaudio - cmicnfg.cpl
MSConfigStartUp-CmiRemoveDir - c:\windows\CMIRMR~1.EXE
MSConfigStartUp-DriverUpdaterPro - c:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe
MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
MSConfigStartUp-Octoshape Streaming Services - c:\documents and settings\SATAN\Dane aplikacji\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
MSConfigStartUp-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe
AddRemove-SiS7002 - c:\windows\UnSiSUSB.exe PCI\VEN_1039&DEV_7002



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-28 22:42
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesw ...

skanowanie ukrytych wpisw autostartu ...

skanowanie ukrytych plikw ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-350281380-233495102-1455855570-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(512)
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

- - - - - - - > 'lsass.exe'(568)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
Czas ukończenia: 2009-12-28 22:45:10
ComboFix-quarantined-files.txt 2009-12-28 21:44

Przed: 13020995584 bajtw wolnych
Po: 13114261504 bajtw wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect 1 /usepmtimer /NoExecute=OptIn

- - End Of File - - E93091C5792A57E87D7EA2644E53BE2E

Edited by malec, 28 December 2009 - 06:45 PM.


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:38 PM

Posted 07 January 2010 - 06:34 PM

Hello,

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Untick the following boxes on the right side of the Gmer screen.
    Sections
    IAT/EAT
    Files
    Show All
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.



Then please post back here with the following:
  • log.txt
  • info.txt
  • Gmer log
Thanks

unite.jpg


#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:38 PM

Posted 11 January 2010 - 09:21 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users