Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Getting attacked by 7gafd33ja90a.com


  • This topic is locked This topic is locked
2 replies to this topic

#1 Arbo82

Arbo82

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:01 AM

Posted 12 November 2010 - 07:07 AM

Adding in content from another post. ~ OB

im getting attacked for some weeks by the upper mantioned URL's and some other almost every minute and always when I confirm something with the enter button im getting warned by Norton online security 2011 that someone has attempted to enter my PC.

Obvious problems: My PC seems to be slower then before, My IE8.0/9.0 and as well firefox (actually every brower) is slow, often hanging or freeze completely, sometimes i can't open the browser and always IE opens about 6-8 pages (seen in start manager) even though I've opend only 2 or 3 pages.

Sometimes curious Homepage are popping up in a new window

Until the problem has appeared for the first time, My PC (with is quite new)hast crashed about 5 times with blue screen and a systemrecovery was necessary to get it working again.

My system is WIN 7 64 bit. Browser as the problem appeard IE 8, now IE 9 and for test issues firefox as well.

I have tried out trojan remover and Malewarebytes didn't found anything, Spybot found some cockies but didn't solve the problem,

Could you help me pelase??

End of added content. ~ OB

does nobody have an Idea?
here are my DDS anf Gmer Log files:





==== Installed Programs ======================


Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0 - Deutsch
CamStudio
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help English
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Polish
CCC Help Portuguese
CCC Help Spanish
CH Control Manager
Corel Graphics - Windows Shell Extension
CorelDRAW Graphics Suite X5
CorelDRAW Graphics Suite X5 - Capture
CorelDRAW Graphics Suite X5 - Common
CorelDRAW Graphics Suite X5 - Connect
CorelDRAW Graphics Suite X5 - Custom Data
CorelDRAW Graphics Suite X5 - DE
CorelDRAW Graphics Suite X5 - Draw
CorelDRAW Graphics Suite X5 - Filters
CorelDRAW Graphics Suite X5 - FontNav
CorelDRAW Graphics Suite X5 - IPM
CorelDRAW Graphics Suite X5 - PHOTO-PAINT
CorelDRAW Graphics Suite X5 - Photozoom Plugin
CorelDRAW Graphics Suite X5 - Redist
CorelDRAW Graphics Suite X5 - Setup Files
CorelDRAW Graphics Suite X5 - VBA
CorelDRAW Graphics Suite X5 - VideoBrowser
CorelDRAW Graphics Suite X5 - VSTA
CorelDRAW Graphics Suite X5 - WT
CorelDRAW® Graphics Suite X5
DivX-Setup
Dortmund City
eMule
eReg
EVEREST Ultimate Edition v5.50
Express Gate
Feedback Tool
FliteStar
GNS400W-500W Trainer
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
ICQ7.2
Indeo® Software
Java™ 6 Update 15
JDownloader
JeppView / JeppView FliteDeck
Junk Mail filter update
Malwarebytes' Anti-Malware
Microsoft Choice Guard
Microsoft Corporation
Microsoft Flight Simulator 2004 - Das Jahrhundert der Luftfahrt
Microsoft Flight Simulator X
Microsoft Flight Simulator X Service Pack 1
Microsoft Flight Simulator X Service Pack 2
Microsoft Office XP Professional mit FrontPage
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
Mozilla Firefox (3.6.11)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser und SDK
Nero 8 Ultra Edition HD
neroxml
Norton Internet Security
OnlineControl 1.2
pc_met für Windows
PDF24 Creator 2.8.6
Platform
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
SideWinder Force Feedback 2
Skype™ 4.2
SP2 - Ariane Boeing 737-900ER X2
SpeedFan (remove only)
Spybot - Search & Destroy
Trojan Remover 6.8.2
TuneUp Utilities
TuneUp Utilities Language Pack (de-DE)
TurboV EVO
VC80CRTRedist - 8.0.50727.4053
VCRedistSetup
VIA Plattform-Geräte-Manager
Visual Basic for Applications ® Core
Visual Basic for Applications ® Core - English
Visual Basic for Applications ® Core - German
Vuze
webGAMET
Windows Live-Uploadtool
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Sync
WinZip 14.5

==== End Of File ===========================



DDS (Ver_10-11-10.01) - NTFS_AMD64
Run by Lindner at 12:49:51,88 on 12.11.2010
Internet Explorer: 9.0.7930.16406
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.4094.2792 [GMT 1:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\ASUS.SYS\config\DVMExportService.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\OnlineControl\ocontrol.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
E:\Downloads programme allgemein\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www-t-online.de/
mWinlogon: Userinit=c:\windows\syswow64\userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\IPSBHO.DLL
BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ONLINE~1.LNK - C:\Program Files (x86)\OnlineControl\ocontrol.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Nach Microsoft &Excel exportieren - C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000
IE: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{DBC80044-A445-435b-BC74-9C25C1C588A9}
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
mRun-x64: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming

================= FIREFOX ===================

FF - ProfilePath - C:\Users\myname\AppData\Roaming\Mozilla\Firefox\Profiles\xhlkmjkk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www-t-online.de/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1201000.025\SymDS64.sys [2010-11-5 450096]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1201000.025\SymEFA64.sys [2010-11-5 821808]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);C:\Windows\System32\drivers\tdrpm258.sys [2010-7-21 1477728]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20101104.001\BHDrvx64.sys [2010-11-4 953904]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20101111.001\IDSviA64.sys [2010-10-19 476720]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1201000.025\Ironx64.sys [2010-11-5 168496]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1201000.025\symnets.sys [2010-11-5 381488]
R2 afcdpsrv;Acronis Nonstop Backup service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-7-21 2480048]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-5-27 203264]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-8-28 90112]
R2 cpuz134;cpuz134;C:\Windows\System32\drivers\cpuz134_x64.sys [2010-7-21 21480]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2009-7-17 319488]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe [2010-11-5 126904]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-5-28 275968]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-7-6 1403200]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2010-7-21 251488]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-5-27 6856192]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-5-27 264192]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-10-21 132656]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-8-19 239616]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-2-24 11856]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2010-7-14 1250816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-11-10 1153368]
S3 SaiH0C2D;SaiH0C2D;C:\Windows\System32\drivers\SaiH0C2D.sys [2007-7-2 176128]

=============== Created Last 30 ================

2010-11-10 12:54:10 -------- d-----w- C:\Users\myname\AppData\Local\Apps
2010-11-10 10:25:36 -------- d-----w- C:\Users\myname\Neuer Ordner
2010-11-10 09:53:24 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2010-11-10 09:53:24 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2010-11-05 12:41:28 821808 ----a-r- C:\Windows\System32\drivers\NISx64\1201000.025\SymEFA64.sys
2010-11-05 12:41:28 715824 ----a-r- C:\Windows\System32\drivers\NISx64\1201000.025\srtsp64.sys
2010-11-05 12:41:28 450096 ----a-r- C:\Windows\System32\drivers\NISx64\1201000.025\SymDS64.sys
2010-11-05 12:41:28 40496 ----a-r- C:\Windows\System32\drivers\NISx64\1201000.025\srtspx64.sys
2010-11-05 12:41:28 381488 ----a-r- C:\Windows\System32\drivers\NISx64\1201000.025\symnets.sys
2010-11-05 12:41:28 168496 ----a-r- C:\Windows\System32\drivers\NISx64\1201000.025\Ironx64.sys
2010-11-05 12:41:19 -------- d-----w- C:\Windows\System32\drivers\NISx64\1201000.025
2010-11-03 08:37:48 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2010-11-03 08:37:48 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2010-11-03 08:37:48 552960 ----a-w- C:\Windows\System32\msdri.dll
2010-11-03 08:37:48 288256 ----a-w- C:\Windows\System32\MSNP.ax
2010-11-03 08:37:48 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
2010-11-03 08:37:48 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2010-11-03 08:37:48 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2010-11-03 08:37:39 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2010-10-23 16:38:29 -------- d-----w- C:\Program Files (x86)\MSECache
2010-10-23 14:48:03 -------- d-----w- C:\Program Files (x86)\pdf24
2010-10-20 22:29:41 -------- d-----w- C:\Users\myname\AppData\Roaming\Tific
2010-10-20 22:29:40 -------- d-----w- C:\Users\myname\AppData\Local\Symantec
2010-10-19 17:33:37 -------- d-----w- C:\Users\myname\AppData\Local\Mozilla
2010-10-18 21:54:22 521448 ----a-w- C:\Windows\System32\deployJava1.dll
2010-10-18 17:24:58 -------- d-----w- C:\PROGRA~3\SITEguard
2010-10-18 17:24:31 -------- d-----w- C:\Program Files (x86)\Common Files\iS3
2010-10-18 17:24:31 -------- d-----w- C:\PROGRA~3\STOPzilla!
2010-10-18 08:49:13 77312 ----a-w- C:\Windows\SysWow64\ztvunace26.dll
2010-10-18 08:49:13 75264 ----a-w- C:\Windows\SysWow64\unacev2.dll
2010-10-18 08:49:13 69632 ----a-w- C:\Windows\SysWow64\ztvcabinet.dll
2010-10-18 08:49:13 162304 ----a-w- C:\Windows\SysWow64\ztvunrar36.dll
2010-10-18 08:49:13 153088 ----a-w- C:\Windows\SysWow64\UNRAR3.dll
2010-10-18 08:49:12 -------- d-----w- C:\Users\Lindner\AppData\Roaming\Simply Super Software
2010-10-18 08:49:12 -------- d-----w- C:\Program Files (x86)\Trojan Remover
2010-10-18 08:49:12 -------- d-----w- C:\PROGRA~3\Simply Super Software
2010-10-17 22:17:18 -------- d-----w- C:\Windows\SysWow64\wbem\en-US
2010-10-17 22:17:16 -------- d-----w- C:\Windows\System32\wbem\en-US
2010-10-17 22:12:11 94208 ----a-w- C:\Program Files (x86)\Internet Explorer\de\iediag.resources.dll
2010-10-17 22:10:45 899072 ----a-w- C:\Windows\System32\d2d1.dll
2010-10-17 22:09:28 -------- d-----w- C:\Program Files (x86)\Feedback Tool
2010-10-17 16:01:25 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2010-10-17 16:01:25 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2010-10-17 16:01:01 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2010-10-17 16:01:01 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2010-10-17 16:01:00 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
2010-10-17 16:01:00 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
2010-10-17 16:01:00 2085376 ----a-w- C:\Windows\System32\ole32.dll
2010-10-17 16:01:00 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll
2010-10-17 16:01:00 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-10-17 16:01:00 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL

==================== Find3M ====================

2010-11-05 12:42:04 174640 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2010-09-26 10:59:40 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2010-09-21 13:07:42 737280 ----a-w- C:\Windows\iun6002.exe
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-08-31 22:46:36 1355264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2010-08-31 22:44:32 367104 ----a-w- C:\Windows\SysWow64\html.iec
2010-08-31 22:44:30 1448448 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2010-08-31 22:44:24 1122304 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-08-31 22:44:06 424960 ----a-w- C:\Windows\SysWow64\vbscript.dll
2010-08-31 22:43:22 23552 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-08-31 22:43:12 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2010-08-31 22:43:12 114176 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2010-08-31 22:43:10 76800 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe
2010-08-31 22:43:10 74752 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2010-08-31 22:43:02 448512 ----a-w- C:\Windows\System32\html.iec
2010-08-31 22:41:56 601088 ----a-w- C:\Windows\System32\vbscript.dll
2010-08-31 22:40:56 76800 ----a-w- C:\Windows\System32\tdc.ocx
2010-08-31 22:40:40 215552 ----a-w- C:\Windows\System32\msls31.dll
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-29 11:07:46 176694 ----a-w- C:\Windows\Addictive Pitts Uninstaller.exe
2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-08-16 06:50:45 1137664 ----a-w- C:\Windows\System32\FntCache.dll
2010-08-16 06:50:43 1543168 ----a-w- C:\Windows\System32\DWrite.dll
2010-08-16 06:50:42 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2010-08-16 06:50:42 1844224 ----a-w- C:\Windows\System32\d3d10warp.dll
2010-08-16 06:14:36 1076224 ----a-w- C:\Windows\SysWow64\DWrite.dll
2010-08-16 06:14:24 737280 ----a-w- C:\Windows\SysWow64\d2d1.dll
2010-08-16 06:14:24 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2010-08-16 06:14:24 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

============= FINISH: 12:50:35,45 ===============





GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-12 13:06:05
Windows 6.1.7600
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x32 0xB7 0x40 0x69 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x36 0x5E 0x53 0x8E ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xFD 0x9F 0xFD 0xAB ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x32 0xB7 0x40 0x69 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x36 0x5E 0x53 0x8E ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xFD 0x9F 0xFD 0xAB ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7530CD85-2949-1911-5F4C-BE80E0E56553}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7530CD85-2949-1911-5F4C-BE80E0E56553}@gcpigaifippijgbnkegpgppofjbfcpkbpcacfhjnnemebealcmaegblajdpoicjinfjniipcijaefd 0x65 0x61 0x6B 0x67 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B1CDEA4C-8721-3F2B-3BCB-F3A92AABF745}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B1CDEA4C-8721-3F2B-3BCB-F3A92AABF745}@gcogjbbgdmjkjejebhillomlhbnokigegeojeobmmngejocdhlklngbnjlenedompinnbhjpcdhiim 0x65 0x61 0x62 0x66 ...

---- Files - GMER 1.0.15 ----

File C:\Users\myname\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DFKKRF7K\hcti_status_ocontrol[1].htm 0 bytes

---- EOF - GMER 1.0.15 ----

Edited by Orange Blossom, 12 November 2010 - 03:02 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:01 AM

Posted 21 November 2010 - 12:40 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:01 AM

Posted 25 November 2010 - 07:10 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users