Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with trojans,backdoor etc


  • This topic is locked This topic is locked
2 replies to this topic

#1 wizardery

wizardery

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 24 May 2014 - 07:40 AM

 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 6.0.2900.5512
Run by Administrator at 20:35:35 on 2014-05-24
Microsoft Windows XP Professional  5.1.2600.3.950.886.1028.18.2046.627 [GMT 8:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Baidu\BaiduProtect\1.2.11.49\BaiduProtect.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\calendar\calendar.exe
C:\Program Files\smartool\stsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\B5TService\B5TService.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\ruyiso\ruyisoapp\RYSUpdateSvc.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Common Files\uusee\UUSeeLUS.exe
C:\WINDOWS\System32\vssvc.exe
C:\Program Files\yxkuBox\YxkuService.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Application Data\dx\dxime\dximecikuUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\smartool\smartool.exe
C:\Documents and Settings\All Users\Application Data\gb12014415\GameBox.exe
C:\Program Files\calendar\calendar.exe
C:\Documents and Settings\All Users\Application Data\gbs2014418\GameBox.exe
C:\WINDOWS\10C8801E\svchsot.exe
C:\Program Files\Common Files\uusee\UUSeeMediaCenter.exe
C:\WINDOWS\05503D7D\svchsot.exe
C:\WINDOWS\system32\conime.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\uCalendar\riliquicken.exe
C:\Documents and Settings\All Users\Application Data\gb12014415\GameBox.exe
C:\Documents and Settings\Administrator\Application Data\duowan\kkmini\bin\kkminimain.exe
C:\Documents and Settings\All Users\Application Data\gbs2014418\GameBox.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\RaidCall_V8.1.0(1.0.12800.571)C:\Documents and Settings\Administrator\Local Settings\Application Data\ruyiso\ruyisoapp\RYSMHelper.exe
D:\RaidCall_V8.1.0(1.0.12800.571)D:\RaidCall_V8.1.0(1.0.12800.571)C:\XOX\PK3C:\XOX\LiveProfessor.exe
C:\Program Files\kuwo\kuwomusic\bin\kwmusic.exe
C:\Program Files\kuwo\kuwomusic\bin\iesandbox.exe
C:\Program Files\kuwo\kuwomusic\bin\KwService.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\ruyiso\ruyisoapp\RYSNotify.exe
D:\Users\Administrator\C:\Green\VarieDrop\VarieDrop.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k lunarsvc
C:\WINDOWS\system32\svchost.exe -k NetAppsSrv
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.3600.com/?src=lm&ls=n153987e88f
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://tw.yahoo.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.hao123.com/?tn=98853695_hao_pg
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: VideoUrlSniffer Class: {00000ADA-7E0D-47C1-986C-F017D09C4304} - c:\documents and settings\all users\application data\thunder network\xmp4\core\program\VideoUrlSniffer.2.2.0.131.(847).dll
BHO: 俁飪樊 apk 假蚾: {000DA090-57AA-424B-A8F0-621B7C08B8F4} - LocalServer32 - <no file>
BHO: 堆5杬-堆5鎗狟劃昜翑忒-銡擬孺桯: {260669B1-FC2C-41C0-BAA2-6EF3BB188660} - c:\documents and settings\administrator\local settings\application data\b5t\shoppingassistant\B5TShoppingAssistant.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: 瑞俴弝畦溫摯狟婥郪璃: {4ADBABBD-E1CA-4f11-BD01-73B0B6E4B5BA} - c:\documents and settings\administrator\funshion\funshiontools\FunshionHelper.dll
BHO: BrowserHelper: {4BF2CB0E-658A-442B-AC83-A64EC2150BFC} - c:\documents and settings\all users\application data\ppbrowserhelper\bho\TipsBHO.dll
BHO: 迅雷下載支援: {889D2FEB-5411-4565-8998-1DD2C5261283} - c:\green\thunder\bho\XunleiBHO7.2.13.3884.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Sysinternals Desktops] d:\users\administrator\桌面\多開用44螢幕.exe
uRun: [AQIRadar] "c:\program files\weatherradar\3.0.0.3001\AQIRadar.exe" /autorun
uRun: [riliquicken] "c:\documents and settings\administrator\local settings\application data\ucalendar\riliquicken.exe" -run
uRun: [91gbquicken] "c:\program files\91gamebox\91GameBox.exe" -run
uRun: [DIANXIN_MOVIE] c:\program files\dianxinmovie\DxKankan.exe m=auto
uRun: [BaiduMEDIA] "c:\program files\baidu\baiduplayer\3.8.0.16\BaiduPlayer.exe" minimize
uRun: [BaiduMusic] "d:\users\administrator\桌面\BaiduMusic.exe" /iconic
uRun: [kkministart] "c:\documents and settings\administrator\application data\duowan\kkmini\bin\kkminimain.exe" /startfrom=auto
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [CJIMETIPSYNC] c:\program files\common files\microsoft shared\ime\imtc65\changjie\CINTLCFG.EXE /CJIMETIPSync
mRun: [PHIMETIPSYNC] c:\program files\common files\microsoft shared\ime\imtc65\phonetic\TINTLCFG.EXE /PHIMETIPSync
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [KwShow] "c:\program files\kwshow\KwShow.exe" /autorun
mRun: [kX Mixer] c:\program files\kx audio driver\3550\kxmixer.exe --startup
mRun: [KXGameBox] c:\program files\kxwebgamebox\LoginTool.exe  ShowMain
mRun: [YYMusic_20140308222446] "c:\program files\yymusic\20140308222446\YYMusic.exe" -mini
mRun: [YYMusic_News_20140308222446] "c:\program files\yymusic\20140308222446\YYJia.exe" -mini
mRun: [YYMusic2_20140318003003] "c:\program files\yymusic2\20140318003003\YYMusic.exe" -mini
mRun: [YYMusic2_News_20140318003003] "c:\program files\yymusic2\20140318003003\YYSpeed.exe" -mini
mRun: [Haokan8] c:\documents and settings\all users\application data\hk2014321\HKPlayer.exe /autorun
mRun: [smartray] "c:\program files\smartool\smartool.exe" -tray
mRun: [4177GB] c:\documents and settings\all users\application data\gb12014415\GameBox.exe /autorun
mRun: [wnltray] "c:\program files\calendar\calendar.exe" -tray
mRun: [21444GB] c:\documents and settings\all users\application data\gbs2014418\GameBox.exe /autorun
mRun: [10C8801E] c:\windows\10c8801e\svchsot.exe
mRun: [03F4357C] c:\windows\03f4357c\svchsot.exe
mRun: [UUSeeMediaCenter] "c:\program files\common files\uusee\UUSeeMediaCenter.exe"
mRun: [05503D7D] c:\windows\05503d7d\svchsot.exe
mRun: [kwmusic] "c:\program files\kuwo\kuwomusic\Kwmusic.exe" /autorun
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [yxkuBox] c:\program files\yxkubox\yxkuBox.exe /start
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoSMHelp = dword:1
uPolicies-Explorer: NoSMConfigurePrograms = dword:1
uPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Windows\System: AllowBlockingAppsAtShutdown = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Foxy 下載 - c:\green\foxy\Foxy.exe/download.htm
IE: Foxy 搜尋 - c:\green\foxy\Foxy.exe/search.htm
IE: {612F6E5C-B314-4bab-93D1-D266AAFBE700} - c:\program files\xmlbar\flv downloader\FLVDownloader(xmlbar).exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: NameServer = 192.168.1.1 139.175.252.16
TCP: Interfaces\{68B3221D-0D51-4CF7-8BCE-6AC3074F0575} : DHCPNameServer = 192.168.1.1 139.175.252.16
Handler: kuwo - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0C} - <orphaned>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R1 bd0001;bd0001;c:\windows\system32\drivers\bd0001.sys [2014-4-16 70984]
R1 bd0004;bd0004;c:\windows\system32\drivers\bd0004.sys [2014-4-16 181576]
R1 BDMWrench;BDMWrench;c:\windows\system32\drivers\BDMWrench.sys [2014-4-18 61256]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2013/02/22 04:24:06];c:\program files\cyberlink\powerdvd9\000.fcl [2009-2-28 87536]
R2 B5TService;B5TService;c:\program files\b5tservice\B5TService.exe [2014-4-3 155464]
R2 BDArKit;BDArKit;c:\windows\system32\drivers\BDArKit.sys [2014-4-16 83272]
R2 BDSGRTP;BDSGRTP Service;c:\program files\common files\baidu\baiduprotect\1.2.11.49\BaiduProtect.exe [2014-5-10 1187168]
R2 calendarWNL;calendar service;c:\program files\calendar\calendar.exe [2014-4-18 257432]
R2 lunarsvc;lunar calendar service;c:\windows\system32\svchost.exe -k lunarsvc [2008-4-15 14336]
R2 NetAppsSrv;NetAppsSrv;c:\windows\system32\svchost.exe -k NetAppsSrv [2008-4-15 14336]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 RYSUpdateSvc;RYSUpdateSvc;c:\documents and settings\administrator\local settings\application data\ruyiso\ruyisoapp\RYSUpdateSvc.exe [2014-5-8 151160]
R2 Smartool_Service;smartool service;c:\program files\smartool\stsvc.exe [2014-3-27 48688]
R2 TeamViewer9;TeamViewer 9;c:\program files\teamviewer\version9\TeamViewer_Service.exe [2014-5-13 5024576]
R2 UUSee Live Update Service;UUSee Live Update Service;c:\program files\common files\uusee\UUSeeLUS.exe [2013-5-29 166264]
R2 YxkuService;Yxku Service;c:\program files\yxkubox\YxkuService.exe [2014-5-21 39560]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.sys [2013-6-17 63104]
R3 XOXPLAY;XOX-PLAY;c:\windows\system32\drivers\XOX-PLAY.sys [2014-2-10 18560]
R3 XOXRECORD;XOX-RECORD;c:\windows\system32\drivers\XOX-RECORD.sys [2014-2-10 18560]
S1 bd0002;bd0002;c:\windows\system32\drivers\bd0002.sys --> c:\windows\system32\drivers\bd0002.sys [?]
S2 6VCAM;6Rooms Virtual Camera;c:\windows\system32\drivers\6vcam.sys [2014-1-19 80168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DeskService;DeskService;c:\windows\system32\svchost.exe -k DeskService [2008-4-15 14336]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2013-6-17 103040]
S3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys [2009-9-18 607496]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\MBAMSwissArmy.sys [?]
S3 TweakCubeVD;TweakCubeVD;c:\windows\system32\drivers\TweakCubeVD.sys [2013-2-23 160544]
S3 vad_hw;Virtual Audio Input;c:\windows\system32\drivers\vadhw.sys [2008-10-27 19200]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2014-05-24 05:52:34 -------- d-----w- c:\program files\Microsoft Synchronization Services
2014-05-24 05:52:01 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2014-05-24 05:52:01 -------- d-----w- c:\documents and settings\all users\Microsoft
2014-05-24 05:49:51 -------- d-----w- c:\program files\Microsoft Analysis Services
2014-05-24 05:49:39 -------- d-----w- c:\windows\SHELLNEW
2014-05-23 16:09:04 -------- d-----w- c:\program files\kuwo
2014-05-23 10:12:52 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2014-05-23 04:48:39 -------- d-----w- c:\program files\ESET
2014-05-22 23:38:54 -------- d-----w- c:\windows\05503D7D
2014-05-22 17:18:14 -------- d-----w- c:\documents and settings\administrator\local settings\application data\deskDH
2014-05-22 17:18:13 -------- d-----w- c:\documents and settings\all users\deskdh
2014-05-22 17:18:01 -------- d-----w- c:\documents and settings\all users\rystmp
2014-05-22 16:27:20 -------- d-----w- c:\documents and settings\all users\application data\kingsoft
2014-05-21 04:50:29 -------- d-----w- c:\program files\common files\uusee
2014-05-21 04:50:26 -------- d-----w- c:\program files\uusee
2014-05-21 04:49:44 -------- d-----w- c:\documents and settings\all users\application data\KuaiKuai
2014-05-20 16:01:47 -------- d-----w- c:\program files\duowan
2014-05-20 04:31:37 -------- d-----w- c:\documents and settings\administrator\application data\2345Explorer
2014-05-20 04:31:36 -------- d-----w- c:\documents and settings\administrator\local settings\application data\AirView
2014-05-20 04:31:35 -------- d-----w- c:\documents and settings\administrator\local settings\application data\MapleStudio
2014-05-20 04:31:34 -------- d-----w- c:\documents and settings\administrator\local settings\application data\COMODO
2014-05-20 04:31:31 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Chromium
2014-05-20 04:31:29 -------- d-----w- c:\documents and settings\administrator\application data\360se6
2014-05-19 13:29:31 -------- d-----w- c:\documents and settings\administrator\application data\winPm25Tips
2014-05-16 16:11:28 -------- d-----w- c:\documents and settings\administrator\application data\dx
2014-05-16 16:11:27 -------- d-----w- c:\program files\DianxinInput
2014-05-16 13:54:51 -------- d-----w- c:\documents and settings\administrator\application data\raidcall
2014-05-14 22:52:53 -------- d-----w- c:\documents and settings\administrator\application data\37
2014-05-14 22:52:43 -------- d-----w- c:\documents and settings\administrator\application data\FwNetwork
2014-05-14 16:43:14 -------- d-----w- c:\program files\yxkuBox
2014-05-13 07:59:10 -------- d-----w- c:\program files\RC語音
2014-05-13 07:49:06 -------- d-----w- c:\program files\netapps
2014-05-11 15:49:45 -------- d-----w- c:\documents and settings\administrator\application data\qmacro
2014-05-11 15:49:44 -------- d-----w- c:\documents and settings\administrator\application data\mymacro
2014-05-09 00:35:55 -------- d-----w- c:\program files\史迪奇主?包
2014-05-07 22:04:55 216576 ----a-w- c:\windows\system32\uxtheme.backup
2014-05-07 21:40:13 216576 ----a-w- c:\windows\system32\uxtheme.dll.backup
2014-05-07 17:18:05 -------- d-----w- c:\documents and settings\administrator\local settings\application data\ruyiso
2014-05-06 21:30:03 -------- d-----w- c:\documents and settings\administrator\application data\cryptlib
2014-05-06 08:30:34 -------- d-----w- c:\documents and settings\administrator\application data\Local
2014-05-05 17:52:02 -------- d-----w- c:\documents and settings\administrator\application data\GameBoxAC
2014-05-03 23:39:48 -------- d-----w- c:\windows\10C8801E
2014-04-30 16:55:09 -------- d-----w- c:\documents and settings\administrator\application data\rcplugin
2014-04-25 08:00:34 -------- d-----w- c:\documents and settings\all users\Temp
2014-04-25 07:29:07 -------- d-----w- c:\documents and settings\all users\application data\Mobile Partner
2014-04-25 07:28:44 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2014-04-25 07:28:30 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2014-04-25 07:28:30 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2014-04-25 07:27:31 -------- d-----w- c:\documents and settings\all users\application data\DatacardService
.
==================== Find3M  ====================
.
2014-05-24 12:07:44 2855936 ----a-w- c:\windows\system32\dx.ime
2014-05-08 04:22:56 83272 ----a-w- c:\windows\system32\drivers\BDArKit.sys
2014-05-08 04:22:56 70984 ----a-w- c:\windows\system32\drivers\bd0001.sys
2014-05-08 04:22:56 181576 ----a-w- c:\windows\system32\drivers\bd0004.sys
2014-05-07 21:40:13 216576 ----a-w- c:\windows\system32\uxtheme.dll_SafeToDel
2014-04-18 09:39:58 103 ----a-w- c:\windows\system32\del.cmd
2014-04-18 09:33:31 61256 ----a-w- c:\windows\system32\drivers\BDMWrench.sys
2014-04-17 10:49:48 332288 ----a-w- c:\documents and settings\administrator\riliquicken.exe
2014-04-17 10:49:43 340992 ----a-w- c:\documents and settings\administrator\uCalHtml.exe
2014-04-16 06:37:09 1423360 ----a-w- c:\documents and settings\administrator\uCalendar.exe
2014-04-15 16:40:51 97048 ------w- c:\windows\system32\vpatch.dll
2014-04-14 08:44:58 276384 ----a-w- c:\windows\system32\libcurl.dll
2014-04-14 08:44:58 113568 ----a-w- c:\windows\system32\zlib1.dll
2014-04-05 14:10:37 105984 ----a-w- c:\documents and settings\administrator\update.exe
2014-03-28 05:25:32 16896 ----a-w- c:\windows\system32\winusb.dll
2014-03-19 06:24:44 1143808 ----a-w- c:\documents and settings\administrator\ui_d.dll
2014-03-04 03:35:38 123320 ----a-w- c:\windows\system32\DX_Support.dll
2013-11-01 08:42:58 87424 --sha-w- c:\windows\system32\drivers\cmdide.sys
2005-06-16 13:05:02 1526784 --sha-r- c:\windows\system32\explorer\explorer.exe
.
============= FINISH: 20:36:01.50 ===============

Attached Files


Edited by hamluis, 24 May 2014 - 06:13 PM.


BC AdBot (Login to Remove)

 


m

#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:11 PM

Posted 28 May 2014 - 05:43 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:11 PM

Posted 10 June 2014 - 06:37 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users