Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

there is a virus but i can't dell.. it ( + Death Screen )


  • This topic is locked This topic is locked
2 replies to this topic

#1 KinG Of PiraTeS

KinG Of PiraTeS

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 04 December 2010 - 05:45 PM

salam alykom

hi to all member's and techncien

I think that im infected with a dangerous virus !! named ( remote.admin.win32.netcat.jk ) but i don' know how to delet it (o.O)

I have scanned my PC with

Kaspersky internet security 2011 +2010 + virus removal tool + Mcafee Virus scan 2010 = No virus detected

But with Malwarebytes' Anti-Malware + SUPERAntiSpyware Professional = is infected and delleted virus

But the problem is the death screen see this photo that i have captured

Image : http://img337.imageshack.us/img337/3909/death4m.jpg

I have foramted My HDD wth hiren's and i have delete all my personnel fichier and dossier

and this is my file dump created in : C:\Windows\Minidump ( in Attachments ) You aren't permitted to upload this kind of file

My ComboFix 10-12-03.03 Log



ComboFix 10-12-03.03 - KinG Of PiraTeS 04/12/2010 21:31:24.1.2 - x86 MINIMAL
Microsoft Windows 7 Édition Intégrale 6.1.7600.0.1252.33.1036.18.2040.1329 [GMT 1:00]
Lancé depuis: c:\users\KinG Of PiraTeS\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\rrt_is.wav
c:\windows\system32\rrt_tn.wav
c:\windows\system32\rrt_tv.wav
c:\windows\system32\rrt_vf.wav

c:\windows\System32\xpsrchvw.exe . . . est infecté!!

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-11-04 au 2010-12-04 ))))))))))))))))))))))))))))))))))))
.

2010-12-04 20:34 . 2010-12-04 20:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-04 08:43 . 2010-12-04 08:43 -------- d-----w- C:\found.000
2010-12-04 05:56 . 2010-12-04 05:56 -------- d-----w- C:\$AVG
2010-12-03 20:24 . 2010-12-03 20:55 -------- d-----w- c:\program files\ESET
2010-12-03 20:11 . 2010-02-10 17:13 165376 ----a-w- c:\windows\system32\unrar.dll
2010-12-03 20:11 . 2010-01-17 15:18 151552 ----a-w- c:\windows\system32\ac3acm.acm
2010-12-03 20:11 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-12-03 20:11 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-12-03 20:11 . 2008-09-24 18:41 839680 ----a-w- c:\windows\system32\lameACM.acm
2010-12-03 20:11 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-12-03 20:11 . 2010-03-14 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-12-03 20:11 . 2010-12-03 20:12 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-12-03 16:45 . 2009-12-19 09:02 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-12-03 16:45 . 2009-12-19 09:02 1328640 ----a-w- c:\windows\system32\quartz.dll
2010-12-03 16:45 . 2009-12-19 09:02 22016 ----a-w- c:\windows\system32\msyuv.dll
2010-12-03 16:45 . 2009-12-19 09:02 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-12-03 16:45 . 2009-12-19 09:02 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-12-03 16:45 . 2009-12-19 09:02 84480 ----a-w- c:\windows\system32\mciavi32.dll
2010-12-03 16:45 . 2009-12-19 09:02 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-12-03 16:45 . 2009-12-19 09:02 91648 ----a-w- c:\windows\system32\avifil32.dll
2010-12-03 13:57 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-03 13:57 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-03 13:57 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-03 13:57 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-03 13:57 . 2010-09-07 15:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-12-03 13:56 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-03 13:56 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-03 13:56 . 2010-12-03 13:56 -------- d-----w- c:\programdata\Alwil Software
2010-12-03 13:56 . 2010-12-03 13:56 -------- d-----w- c:\program files\Alwil Software
2010-12-03 11:15 . 2010-12-03 11:15 -------- d-----w- c:\programdata\Rising
2010-12-03 11:15 . 2010-12-03 11:14 96880 ------w- c:\windows\system32\KakaTool.dll
2010-12-03 11:15 . 2010-12-03 11:14 637592 ------w- c:\windows\system32\kmon.dll
2010-12-03 11:15 . 2010-12-03 11:14 15776 ------w- c:\windows\system32\kknative.exe
2010-12-03 11:15 . 2010-12-03 11:14 100976 ------w- c:\windows\system32\UrlFilter.dll
2010-12-03 11:15 . 2010-12-03 11:15 -------- d-----w- c:\program files\Rising
2010-12-03 10:39 . 2010-12-03 10:39 -------- d--h--w- c:\programdata\Common Files
2010-12-03 10:37 . 2010-12-04 20:29 -------- d-----w- c:\windows\system32\drivers\AVG
2010-12-03 10:37 . 2010-12-04 20:29 -------- d-----w- c:\programdata\AVG10
2010-12-03 10:36 . 2010-12-03 10:36 -------- d-----w- c:\program files\AVG
2010-12-03 09:03 . 2010-12-03 09:03 -------- d-----w- c:\program files\Notepad++
2010-12-03 08:57 . 2010-12-03 08:58 -------- d-----w- c:\program files\FlashFXP
2010-12-03 08:57 . 2010-12-03 08:57 -------- d-----w- c:\programdata\FlashFXP
2010-12-03 08:41 . 2010-12-03 08:41 -------- dc-h--w- c:\programdata\{F03307B7-E779-4F5E-A32E-9A73D8D6E0F2}
2010-12-03 08:27 . 2010-11-16 11:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{63F19711-25B4-4086-A50F-9D1AA4059AA7}\mpengine.dll
2010-12-03 07:50 . 2010-12-03 08:22 -------- d-----w- c:\programdata\MFAData
2010-12-03 02:00 . 2010-12-03 02:00 -------- d-----w- c:\windows\CheckSur
2010-12-02 23:29 . 2010-12-02 23:29 -------- d-----w- c:\program files\Uniblue
2010-12-02 23:16 . 2010-12-02 23:16 169320 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10135.bin
2010-12-02 22:59 . 2010-12-02 22:59 -------- d-----w- c:\program files\Debugging Tools for Windows
2010-12-02 22:54 . 2010-03-04 07:33 1619968 ----a-w- c:\program files\Windows Mail\msoe.dll
2010-12-02 22:54 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-12-02 17:35 . 2010-12-02 18:19 -------- d-----w- c:\windows\BDOSCAN8
2010-12-02 17:04 . 2010-12-02 18:36 -------- d-----w- c:\program files\Common Files\BitDefender
2010-12-02 17:03 . 2010-12-03 08:02 536910 ----a-w- c:\programdata\bdinstall.bin
2010-12-02 16:22 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-12-02 16:22 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll
2010-12-02 16:22 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-12-02 16:22 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-12-02 16:22 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-12-02 16:19 . 2010-08-21 05:36 224256 ----a-w- c:\windows\system32\schannel.dll
2010-12-02 16:19 . 2009-10-02 04:06 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2010-12-02 16:19 . 2009-09-03 07:04 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2010-12-02 16:19 . 2009-08-19 07:20 442920 ----a-w- c:\windows\system32\winresume.exe
2010-12-02 16:19 . 2009-08-19 07:20 507568 ----a-w- c:\windows\system32\winload.exe
2010-12-02 16:16 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-12-02 16:00 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-12-02 15:56 . 2010-12-02 15:56 -------- d-----w- c:\windows\system32\x64
2010-12-02 15:56 . 2009-09-23 18:30 1002008 ----a-w- c:\windows\system32\igxpun.exe
2010-12-02 15:49 . 2010-12-02 15:49 -------- d-----w- c:\program files\Microsoft.NET
2010-12-02 15:48 . 2009-11-25 11:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-12-02 15:48 . 2009-11-25 11:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-12-02 15:48 . 2009-11-25 11:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-12-02 15:48 . 2009-11-25 11:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-12-02 15:48 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-12-02 10:55 . 2010-12-02 10:55 -------- d-----w- c:\windows\Sun
2010-12-02 10:54 . 2010-12-02 10:54 -------- d-----w- c:\program files\Common Files\Java
2010-12-02 10:53 . 2010-12-02 10:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-02 10:52 . 2010-12-02 10:52 -------- d-----w- c:\program files\Java
2010-12-02 10:47 . 2010-10-23 12:27 16308000 -c----w- c:\programdata\Microsoft\Windows\WER\ReportQueue\AppCrash_svchost.exe_WinD_56f8709c8cb78f92c1cec9c878013cc51f1d67e_cab_0eb7877a\jre-6u22-windows-i586-s.exe
2010-12-02 06:40 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-12-02 06:40 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe
2010-12-02 06:40 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-12-02 06:40 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-12-02 06:40 . 2009-08-29 06:57 34816 ----a-w- c:\windows\system32\msasn1.dll
2010-12-02 06:40 . 2010-06-08 06:02 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-12-02 06:15 . 2010-12-02 06:15 -------- d-----w- c:\windows\system32\Wat
2010-12-02 06:12 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-12-02 06:12 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-12-02 06:11 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-12-02 06:10 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-02 06:09 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-12-02 06:09 . 2009-12-08 11:32 292864 ----a-w- c:\windows\system32\apphelp.dll
2010-12-02 06:09 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-12-02 06:09 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-02 06:09 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-12-02 06:09 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-12-02 01:51 . 2010-09-01 02:34 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-12-02 01:49 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-12-02 01:49 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-12-02 01:49 . 2010-10-19 08:10 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-12-02 01:49 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-12-02 01:49 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-12-02 01:49 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-12-02 01:49 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-02 01:49 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-12-02 01:49 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-12-01 19:54 . 2010-12-01 19:54 -------- d-----w- c:\programdata\Malwarebytes
2010-12-01 19:54 . 2010-11-29 16:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-01 19:54 . 2010-12-01 19:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-01 19:54 . 2010-11-29 16:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-01 16:51 . 2010-11-16 11:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3B6C3EF9-C1B4-42B2-A17F-B3928BFB3B68}\mpengine.dll
2010-12-01 16:51 . 2010-10-19 09:41 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-01 15:48 . 2010-12-01 15:48 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-12-01 15:48 . 2010-12-04 08:05 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-01 08:19 . 2010-12-01 08:19 -------- d-----w- c:\program files\GRETECH
2010-12-01 06:27 . 2010-12-02 17:16 -------- d-----w- c:\programdata\Kaspersky Lab
2010-11-30 22:55 . 2010-12-04 20:29 -------- d-sh--w- c:\windows\Installer
2010-11-30 22:19 . 2010-11-30 22:19 -------- d-----w- c:\windows\system32\Macromed
2010-11-30 21:45 . 2010-11-30 21:45 -------- d-----w- c:\program files\Internet Download Manager
2010-11-30 21:04 . 2010-11-30 21:04 -------- d-----w- c:\program files\uTorrent
2010-11-30 18:29 . 2010-12-03 12:24 -------- d-----w- c:\windows\system32\wbem\Performance
2010-11-30 18:18 . 2010-11-30 18:25 -------- d-----w- c:\windows\Panther

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-29 18:31 . 2010-09-29 18:56 210272 ----a-w- c:\windows\system32\idmmbc.dll
2010-09-13 15:27 . 2010-09-13 15:27 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2010-09-07 02:49 . 2010-09-07 02:49 298448 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-07 02:48 . 2010-09-07 02:48 34384 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-07 02:48 . 2010-09-07 02:48 249424 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-11-30 395128]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-11-22 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-11-29 443728]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"runeip"="c:\program files\Rising\AntiSpyware\rstray.exe" [2010-12-03 141936]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-04 2219184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\kmon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R1 aswSP;aswSP; [x]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-07-12 54112]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2010-09-07 249424]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2010-09-07 298448]
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
R2 avgfws;Pare-feu AVG;c:\program files\AVG\AVG10\avgfws.exe [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-09-03 137144]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-11-04 810144]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 96920]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-11-29 363344]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2010-08-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2010-08-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2010-08-19 21072]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-29 20952]
R3 RTL8167;Pilote Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-02 1343400]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2010-09-13 25680]
S4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]

.
Contenu du dossier 'Tâches planifiées'
.
.
------- Examen supplémentaire -------
.
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
FF - ProfilePath - c:\users\KinG Of PiraTeS\AppData\Roaming\Mozilla\Firefox\Profiles\xg81r9me.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\users\KinG Of PiraTeS\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\users\KinG Of PiraTeS\AppData\Roaming\IDM\idmmzcc3
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
HKLM-Run-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe
HKLM-RunOnce-<NO NAME> - (no file)
AddRemove-AVG - c:\program files\AVG\AVG10\avgmfapx.exe


.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2010-12-04 21:36:11
ComboFix-quarantined-files.txt 2010-12-04 20:36

Avant-CF: 28 478 443 520 octets libres
Après-CF: 28 716 728 320 octets libres

- - End Of File - - 2C985ABBE23425A9BB535D2F267A2C67

------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------

This is my Gmer Log

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-05 00:00:33
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-2 ST3320620A rev.3.AAF
Running: gmer.exe; Driver: C:\Users\KINGOF~1\AppData\Local\Temp\kxliqkob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x939C4780]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x939C4830]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x939C48D0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x939C4970]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8DF77BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8DF779D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8DF77B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8288A599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 828AEF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 4E8 828B69F8 4 Bytes [80, 47, 9C, 93] {ADD BYTE [EDI-0x64], 0x93}
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 828B6CC8 8 Bytes [30, 48, 9C, 93, D0, 48, 9C, ...] {XOR [EAX-0x64], CL; XCHG EBX, EAX; ROR BYTE [EAX-0x64], 0x1; XCHG EBX, EAX}
.text ntkrnlpa.exe!RtlSidHashLookup + 82C 828B6D3C 4 Bytes [70, 49, 9C, 93] {JO 0x4b; PUSHF ; XCHG EBX, EAX}
PAGE ntkrnlpa.exe!ZwLoadDriver 829E8291 7 Bytes JMP 8DF77B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82A4FFBF 5 Bytes JMP 8DF735D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 82A69CF3 5 Bytes JMP 8DF75012 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 82A77D63 7 Bytes JMP 8DF779D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82B21EAC 7 Bytes JMP 8DF77BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 B1035000 249 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 508A B10350FA 40 Bytes [B1, 53, 8B, D0, 8B, D9, F0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 B1035123 7 Bytes [05, 03, B1, FE, 05, 34, 05] {ADD EAX, 0x5feb103; XOR AL, 0x5}
PAGE spsys.sys!?SPRevision@@3PADA + 50BB B103512B 621 Bytes [B1, EB, 18, 83, C9, FF, F0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 B1035399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE ...
.text autochk.exe 007111D1 7 Bytes [0E, 80, FE, 5D, C0, 5D, C0]
.text autochk.exe 007111DC 4 Bytes [78, 8F, 22, 86]
.text autochk.exe 007111E6 1 Byte [C0]
.text autochk.exe 007111F4 4 Bytes [D0, 11, 80, FE]
.text autochk.exe 00711200 1 Byte [03]
.text ...
.text ole32.dll!CoRegisterMessageFilter + 1C86 76C971C8 1 Byte [E9]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[240] ole32.dll!CoRegisterMessageFilter + 1C86 76C971C8 1 Byte [E9]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[316] ole32.dll!CoRegisterMessageFilter + 1C86 76C971C8 1 Byte [E9]
.text C:\Windows\System32\igfxtray.exe[320] ole32.dll!CoRegisterMessageFilter + 1C86 76C971C8 1 Byte [E9]
.text C:\Windows\System32\hkcmd.exe[336] ole32.dll!CoRegisterMessageFilter + 1C86 76C971C8 1 Byte [E9]
.text ...
.text C:\Windows\System32\svchost.exe[924] CRYPT32.dll!PFXVerifyPassword + 3C1C 755D4D68 1 Byte [E4]
.text C:\Windows\system32\svchost.exe[948] ole32.dll!CoRegisterMessageFilter + 1C86 76C971C8 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[948] CRYPT32.dll!PFXVerifyPassword + 3C1C 755D4D68 1 Byte [E4]
.text C:\Program Files\Rising\AntiSpyware\RSTray.exe[988] ole32.dll!CoRegisterMessageFilter + 1C86 76C971C8 1 Byte [E9]
.text C:\Program Files\Rising\AntiSpyware\RSTray.exe[988] CRYPT32.dll!PFXVerifyPassword + 3C1C 755D4D68 1 Byte [E4]
.text C:\Windows\system32\svchost.exe[1108] ole32.dll!CoRegisterMessageFilter + 1C86 76C971C8 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1108] CRYPT32.dll!PFXVerifyPassword + 3C1C 755D4D68 1 Byte [E4]
.text C:\Windows\system32\svchost.exe[1208] ole32.dll!CoRegisterMessageFilter + 1C86 76C971C8 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1208] CRYPT32.dll!PFXVerifyPassword + 3C1C 755D4D68 1 Byte [E4]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1276] kernel32.dll!SetUnhandledExceptionFilter 76793162 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1276] ole32.dll!CoRegisterMessageFilter + 1C86 76C971C8 1 Byte [E9]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1276] CRYPT32.dll!PFXVerifyPassword + 3C1C 755D4D68 1 Byte [E4]
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1292] ole32.dll!CoRegisterMessageFilter + 1C86 76C971C8 1 Byte [E9]
.text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1292] CRYPT32.dll!PFXVerifyPassword + 3C1C 755D4D68 1 Byte [E4]
.text C:\Program Files\uTorrent\uTorrent.exe[1440] ole32.dll!CoRegisterMessageFilter + 1C86 76C971C8 1 Byte [E9]
.text C:\Program Files\uTorrent\uTorrent.exe[1440] CRYPT32.dll!PFXVerifyPassword + 3C1C 755D4D68 1 Byte [E4]
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1448] kernel32.dll!SetUnhandledExceptionFilter 76793162 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1448] ole32.dll!CoRegisterMessageFilter + 1C86 76C971C8 1 Byte [E9]
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1448] CRYPT32.dll!PFXVerifyPassword + 3C1C 755D4D68 1 Byte [E4]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1496] ole32.dll!CoRegisterMessageFilter + 1C86 76C971C8 1 Byte [E9]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1496] CRYPT32.dll!PFXVerifyPassword + 3C1C 755D4D68 1 Byte [E4]
.text C:\Windows\system32\Dwm.exe[1552] ole32.dll!CoRegisterMessageFilter + 1C86 76C971C8 1 Byte [E9]
.text C:\Windows\system32\Dwm.exe[1552] CRYPT32.dll!PFXVerifyPassword + 3C1C 755D4D68 1 Byte [E4]
.text C:\Windows\Explorer.EXE[1576] ole32.dll!CoRegisterMessageFilter + 1C86 76C971C8 1 Byte [E9]
.text C:\Windows\Explorer.EXE[1576] CRYPT32.dll!PFXVerifyPassword + 3C1C 755D4D68 1 Byte [E4]
.text C:\Program Files\Internet Download Manager\IDMan.exe[1856] ole32.dll!CoRegisterMessageFilter + 1C86 76C971C8 1 Byte [E9]
.text C:\Program Files\Internet Download Manager\IDMan.exe[1856] CRYPT32.dll!PFXVerifyPassword + 3C1C 755D4D68 1 Byte [E4]
.text C:\Windows\System32\spoolsv.exe[1900] ole32.dll!CoRegisterMessageFilter + 1C86 76C971C8 1 Byte [E9]
.text C:\Windows\System32\spoolsv.exe[1900] CRYPT32.dll!PFXVerifyPassword + 3C1C 755D4D68 1 Byte [E4]
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[1908] ole32.dll!CoRegisterMessageFilter + 1C86 76C971C8 1 Byte [E9]
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[1908] CRYPT32.dll!PFXVerifyPassword + 3C1C 755D4D68 1 Byte [E4]
.text C:\Windows\system32\svchost.exe[1936] ole32.dll!CoRegisterMessageFilter + 1C86 76C971C8 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1936] CRYPT32.dll!PFXVerifyPassword + 3C1C 755D4D68 1 Byte [E4]
.text C:\Windows\system32\taskhost.exe[2032] ole32.dll!CoRegisterMessageFilter + 1C86 76C971C8 1 Byte [E9]
.text C:\Windows\system32\sppsvc.exe[2304] ole32.dll!CoRegisterMessageFilter + 1C86 76C971C8 1 Byte [E9]
.text C:\Program Files\Debugging Tools for Windows\windbg.exe[2528] ole32.dll!CoRegisterMessageFilter + 1C86 76C971C8 1 Byte [E9]
.text C:\Program Files\Debugging Tools for Windows\windbg.exe[2528] CRYPT32.dll!PFXVerifyPassword + 3C1C 755D4D68 1 Byte [E4]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2596] USER32.dll!TrackPopupMenu 771C4B3B 5 Bytes JMP 6E515CF5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2596] ole32.dll!CoRegisterMessageFilter + 1C86 76C971C8 1 Byte [E9]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2596] CRYPT32.dll!PFXVerifyPassword + 3C1C 755D4D68 1 Byte [E4]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2664] ntdll.dll!LdrLoadDll 772BF625 5 Bytes JMP 00E513F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2664] ole32.dll!CoRegisterMessageFilter + 1C86 76C971C8 1 Byte [E9]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2664] CRYPT32.dll!PFXVerifyPassword + 3C1C 755D4D68 1 Byte [E4]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2752] ole32.dll!CoRegisterMessageFilter + 1C86 76C971C8 1 Byte [E9]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2752] CRYPT32.dll!PFXVerifyPassword + 3C1C 755D4D68 1 Byte [E4]
.text C:\Windows\system32\SearchIndexer.exe[3244] ole32.dll!CoRegisterMessageFilter + 1C86 76C971C8 1 Byte [E9]
.text C:\Windows\system32\SearchIndexer.exe[3244] CRYPT32.dll!PFXVerifyPassword + 3C1C 755D4D68 1 Byte [E4]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3724] ole32.dll!CoRegisterMessageFilter + 1C86 76C971C8 1 Byte [E9]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3724] CRYPT32.dll!PFXVerifyPassword + 3C1C 755D4D68 1 Byte [E4]
.text C:\Users\KinG Of PiraTeS\Desktop\gmer.exe[3892] ole32.dll!CoRegisterMessageFilter + 1C86 76C971C8 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[3964] ole32.dll!CoRegisterMessageFilter + 1C86 76C971C8 1 Byte [E9]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004c halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-s..trics-sensoradapder_31bf3856ad364e35_none_0b5337ff7b930980@ 6.1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-s..trics-sensoradapder_31bf3856ad364e35_none_0b5337ff7b930980\6.1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-s..trics-sensoradapder_31bf3856ad364e35_none_0b5337ff7b930980\6.1@6.1.7600.16385 0x01
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-s..trics-sensoradapder_31bf3856ad364e35_none_0b5337ff7b930980\6.1@ 6.1.7600.16385

---- EOF - GMER 1.0.15 ----



Thankx to all

Edited by KinG Of PiraTeS, 04 December 2010 - 06:05 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:55 PM

Posted 11 December 2010 - 07:27 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:55 PM

Posted 17 December 2010 - 08:40 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users