Krepper - G and Win32.Small.kj

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

Re: Krepper - G and Win32.Small.kj

Post by Belahzur on Wed Apr 08, 2009 4:19 pm

Lets run another CFScript.

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Driver::
Lbd

File::
C:\w2ksect.bin

DirLook::
C:\Share
C:\XPSetup

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\java.exe"=-
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{015fc16c-09fb-11de-b244-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f1c4bc2-1a54-11de-9a3b-001cc0755738}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0ec9e34-f4cf-11dd-8da3-001cc0755738}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Krepper - G and Win32.Small.kj

Post by M3RM41D on Thu Apr 09, 2009 4:51 am

ComboFix 09-04-04.01 - Kimina 2009-04-09 9:00:37.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1587 [GMT 10:00]
Running from: c:\documents and settings\Kimina\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kimina\Desktop\CFscript.txt
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *disabled*
* Created a new restore point

FILE ::
C:\w2ksect.bin
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\w2ksect.bin

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LBD
-------\Service_FNHOJE
-------\Service_I386P
-------\Service_Lbd
-------\Service_QWER78
-------\Service_WER32
-------\Service_XPDX


((((((((((((((((((((((((( Files Created from 2009-03-08 to 2009-04-08 )))))))))))))))))))))))))))))))
.

2009-04-07 13:42 . 2009-04-07 13:42 d---s---- c:\documents and settings\Mum&Dad\UserData
2009-04-06 19:15 . 2009-04-07 13:59 d-------- c:\program files\SpywareBlaster
2009-04-06 19:14 . 2009-04-09 01:51 d-------- c:\program files\SpywareGuard
2009-04-05 15:57 . 2009-04-05 15:57 d-------- c:\documents and settings\Mum&Dad\Application Data\Simply Super Software
2009-04-05 11:28 . 2009-04-05 11:28 d-------- c:\program files\Eraser
2009-04-05 11:28 . 2009-04-05 11:28 d--h----- c:\documents and settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}
2009-04-04 22:22 . 2009-04-04 22:22 d-------- c:\documents and settings\Mum&Dad\Application Data\PlayFirst
2009-04-04 22:22 . 2009-04-07 10:04 d-------- c:\documents and settings\All Users\Application Data\PlayFirst
2009-04-04 20:23 . 2009-04-04 20:23 d-------- c:\documents and settings\Mum&Dad\Application Data\URSoft
2009-04-04 18:37 . 2009-04-04 18:37 d-------- c:\program files\Rockstar Games
2009-04-04 18:35 . 2009-04-04 20:54 d-------- c:\program files\DAEMON Tools
2009-04-04 18:35 . 2009-04-04 18:35 223,128 --a------ c:\windows\system32\drivers\dtscsi.sys
2009-04-04 18:34 . 2009-04-04 18:34 d-------- c:\documents and settings\Mum&Dad\Application Data\ImgBurn
2009-04-04 15:39 . 2009-04-04 16:23 d-------- c:\windows\system32\NtmsData
2009-04-04 14:09 . 2009-02-16 00:10 1,221,512 --a------ c:\windows\system32\zpeng25.dll
2009-04-04 14:09 . 2009-04-09 08:54 350,192 --a------ c:\windows\system32\vsconfig.xml
2009-04-04 00:40 . 2009-04-04 00:48 d-------- c:\documents and settings\Kimina\Application Data\ImgBurn
2009-04-04 00:39 . 2009-04-04 00:39 d-------- c:\program files\ImgBurn
2009-04-04 00:00 . 2009-04-04 00:21 d-------- C:\XPSetup
2009-04-03 22:44 . 2009-04-04 10:28 27,612 --a------ c:\windows\syscall.dat
2009-04-03 15:41 . 2006-05-25 15:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2009-04-03 15:41 . 2003-02-02 20:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2009-04-03 15:41 . 2005-08-26 01:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2009-04-03 15:41 . 2002-03-06 01:00 75,264 --a------ c:\windows\system32\unacev2.dll
2009-04-03 15:41 . 2006-06-19 13:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2009-04-03 15:40 . 2009-04-06 01:27 d-------- c:\program files\Trojan Remover
2009-04-03 15:40 . 2009-04-03 15:40 d-------- c:\documents and settings\Kimina\Application Data\Simply Super Software
2009-04-03 15:40 . 2009-04-03 15:40 d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-04-02 15:27 . 2009-04-02 15:27 d-------- c:\documents and settings\Mum&Dad\Application Data\TypingMaster7
2009-04-02 15:26 . 2009-04-02 15:26 d-------- c:\documents and settings\Mum&Dad\Application Data\Malwarebytes
2009-04-02 09:30 . 2009-04-02 09:35 d-------- c:\program files\Spybot - Search & Destroy
2009-04-01 13:21 . 2009-04-01 13:26 d-------- c:\documents and settings\Kimina\Application Data\TypingMaster7
2009-04-01 12:51 . 2009-04-01 12:51 2,802 --a------ c:\windows\Sobotta.sam
2009-04-01 12:47 . 2009-04-01 12:47 338 --a------ c:\windows\Sobotta.ntz
2009-04-01 12:47 . 2009-04-01 12:48 29 --a------ c:\windows\BSL.INI
2009-04-01 08:54 . 2009-04-04 10:28 d--h-c--- c:\documents and settings\All Users\Application Data\{298A24DC-2111-4597-BF26-E3847C84C04B}
2009-03-31 14:02 . 2009-03-31 14:02 d-------- c:\documents and settings\Kimina\Application Data\XemiComputers
2009-03-30 17:03 . 2009-03-30 17:03 7,680 --ahs---- c:\windows\Thumbs.db
2009-03-30 16:06 . 2009-03-30 16:06 d-------- c:\documents and settings\Kimina\Application Data\Nero
2009-03-30 15:53 . 2009-03-30 15:53 d-------- c:\program files\Nero
2009-03-30 15:53 . 2009-04-02 15:39 d-------- c:\documents and settings\All Users\Application Data\Nero
2009-03-30 12:01 . 2009-03-30 12:01 d-------- c:\program files\SEC
2009-03-30 11:56 . 2009-03-30 11:56 d-------- c:\documents and settings\Kimina\Application Data\InstallShield
2009-03-29 16:12 . 2009-03-29 16:12 d-------- C:\Share
2009-03-29 16:12 . 2009-03-29 16:20 d-------- c:\documents and settings\Mum&Dad\Application Data\Thinstall
2009-03-27 17:03 . 2009-04-07 16:08 d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-27 17:03 . 2009-03-27 17:03 d-------- c:\documents and settings\Kimina\Application Data\Malwarebytes
2009-03-27 17:03 . 2009-03-27 17:03 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-27 17:03 . 2009-04-06 15:32 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-27 17:03 . 2009-04-06 15:32 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-27 13:55 . 2009-03-27 13:55 d-------- c:\program files\SonicWallES
2009-03-27 10:52 . 2009-03-31 19:20 72,584 --a------ c:\windows\zllsputility.exe
2009-03-27 08:18 . 2008-04-14 04:40 43,904 --a------ c:\windows\system32\drivers\sbp2port.sys
2009-03-27 08:18 . 2008-04-14 04:40 43,904 --a--c--- c:\windows\system32\dllcache\sbp2port.sys
2009-03-25 19:31 . 2009-03-25 19:31 d-------- c:\program files\Zone Labs
2009-03-25 12:01 . 2004-01-22 19:06 157,696 --a------ c:\windows\system32\unrar.dll
2009-03-25 11:52 . 2003-04-18 16:29 44,544 --a------ c:\windows\system32\msxml4a.dll
2009-03-22 19:53 . 2009-03-27 17:06 d-------- c:\program files\FLAC
2009-03-22 14:55 . 2009-04-02 20:57 dr------- c:\program files\TypingMaster
2009-03-18 10:48 . 2009-03-31 23:31 490 --a------ c:\windows\system32\spupdsvc.inf
2009-03-18 10:43 . 2009-03-18 10:43 d-------- c:\windows\system32\URTTEMP
2009-03-18 09:59 . 2009-03-18 09:59 d-------- c:\windows\system32\windows media
2009-03-18 09:56 . 2009-03-18 09:59 d--h----- c:\windows\msdownld.tmp
2009-03-18 09:55 . 2009-03-18 09:55 d-------- c:\program files\Windows Media Components
2009-03-14 09:43 . 2008-04-07 05:38 45,392 --a------ c:\windows\system32\AdobePDF.dll
2009-03-14 09:43 . 2008-04-07 05:38 22,872 -ra------ c:\windows\system32\AdobePDFUI.dll
2009-03-14 09:26 . 2009-03-14 09:26 d-------- c:\program files\iTunes
2009-03-14 09:26 . 2009-03-14 09:26 d-------- c:\program files\iPod
2009-03-14 09:26 . 2009-03-14 09:26 d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-13 19:34 . 2009-03-13 19:34 d-------- c:\program files\Innovative Logic
2009-03-13 19:34 . 1998-10-02 07:00 1,674,280 --a------ c:\windows\system32\OLCH2X32.OCX
2009-03-13 19:34 . 1999-11-16 11:09 222,416 --a------ c:\windows\system32\mhlist32.ocx
2009-03-13 19:34 . 2000-05-22 01:00 203,976 --a------ c:\windows\system32\RICHTX32.OCX
2009-03-13 19:34 . 1999-05-06 23:00 140,288 --a------ c:\windows\system32\comdlg32.ocx
2009-03-13 19:34 . 1998-12-17 09:29 139,264 --a------ c:\windows\system32\ccrpfd.ocx
2009-03-13 19:34 . 2000-01-03 11:50 122,880 --a------ c:\windows\system32\ftpx.ocx
2009-03-13 19:34 . 1998-06-18 01:00 89,360 --a------ c:\windows\system32\VB5DB.DLL
2009-03-13 19:34 . 1999-12-20 15:53 57,344 --a------ c:\windows\system32\BC32R60.dll
2009-03-12 18:06 . 2004-07-14 12:54 676,864 --a------ c:\windows\system32\drivers\hardlock.sys
2009-03-12 18:06 . 2009-03-12 18:06 47,616 --a------ c:\windows\system32\drivers\Haspnt.sys
2009-03-12 18:06 . 2009-03-12 18:06 6,656 --a------ c:\windows\system32\haspvdd.dll
2009-03-12 18:06 . 2009-02-02 21:07 2,577 --a------ c:\windows\system32\config.hsp
2009-03-12 18:06 . 2009-03-12 18:06 383 --a------ c:\windows\system32\haspdos.sys
2009-03-11 19:11 . 2009-04-01 13:15 d-------- c:\program files\Common Files\LightScribe
2009-03-11 13:45 . 2009-03-11 13:45 d-------- c:\documents and settings\Mum&Dad\Application Data\Ashampoo
2009-03-10 23:09 . 2009-03-10 23:09 d-------- c:\program files\LizardTech
2009-03-09 17:12 . 2009-03-25 19:36 d-------- c:\documents and settings\All Users\Application Data\Soulseek
2009-03-09 17:05 . 2009-03-09 17:11 d-------- c:\program files\SoulseekNS
2009-03-09 15:02 . 2008-04-14 10:11 81,920 --a------ c:\windows\system32\ieencode.dll
2009-03-09 13:47 . 2009-03-09 14:02 d-------- c:\program files\Windows Media Connect 2
2009-03-09 13:45 . 2009-03-10 23:53 d-------- c:\windows\system32\LogFiles
2009-03-09 13:45 . 2009-03-09 13:46 d-------- c:\windows\system32\drivers\UMDF
2009-03-08 12:38 . 2009-03-08 17:23 d-------- c:\program files\CheckPoint
2009-03-08 12:38 . 2009-03-08 12:38 144 --a------ c:\windows\system32\lkfl.dat
2009-03-08 12:38 . 2009-03-08 17:22 96 --a------ c:\windows\system32\pdfl.dat
2009-03-08 12:38 . 2009-03-08 12:38 80 --a------ c:\windows\system32\ibfl.dat
2009-03-08 11:12 . 2008-04-14 10:12 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-03-08 11:12 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll

M3RM41D
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-02-28
Gender Gender : Female
OS OS : Red Hat
Points Points : 28401
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Krepper - G and Win32.Small.kj

Post by M3RM41D on Thu Apr 09, 2009 4:52 am

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-08 16:13 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-08 13:18 --------- d-----w c:\documents and settings\Kimina\Application Data\Adobe-BackupByPhotoshopPortable
2009-04-08 12:05 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-06 00:24 --------- d-----w c:\program files\QuickTime
2009-04-05 05:12 --------- d-----w c:\documents and settings\Kimina\Application Data\Thinstall
2009-04-05 02:45 --------- d-----w c:\program files\ESET
2009-04-04 08:37 --------- d--h--w c:\program files\InstallShield Installation Information
2009-04-04 00:38 --------- d-----w c:\program files\Java
2009-04-04 00:28 --------- d-----w c:\program files\AntiLogger
2009-04-03 22:48 --------- d-----w c:\program files\Common Files\Apple
2009-04-03 06:22 --------- d-----w c:\documents and settings\Mum&Dad\Application Data\SolSuite
2009-04-01 10:00 --------- d-----w c:\documents and settings\Kimina\Application Data\SolSuite
2009-04-01 03:12 --------- d-----w c:\program files\Ashampoo
2009-03-30 09:00 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-03-30 05:35 --------- d-----w c:\program files\TuneUp Utilities 2007
2009-03-28 14:05 --------- d-----w c:\program files\Windows Live Safety Center
2009-03-25 09:55 --------- dc-h--w c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-25 09:55 --------- d-----w c:\program files\Lavasoft
2009-03-25 00:29 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-03-23 02:03 --------- d-----w c:\program files\SolSuite
2009-03-18 14:45 --------- d-----w c:\documents and settings\Kimina\Application Data\Apple Computer
2009-03-13 23:43 --------- d-----w c:\program files\Common Files\Adobe
2009-03-11 03:03 --------- d-----w c:\program files\Your Uninstaller 2008
2009-03-07 07:09 --------- d-----w c:\program files\JockerSoft
2009-03-07 00:18 --------- d-----w c:\documents and settings\All Users\Application Data\LightScribe
2009-03-06 04:57 --------- d-----w c:\documents and settings\Kimina\Application Data\Vso
2009-03-06 04:55 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-03-06 04:55 47,360 ----a-w c:\documents and settings\Kimina\Application Data\pcouffin.sys
2009-03-06 04:55 --------- d-----w c:\program files\VSO
2009-03-06 04:43 --------- d-----w c:\documents and settings\Kimina\Application Data\Ashampoo
2009-03-06 04:43 --------- d-----w c:\documents and settings\All Users\Application Data\ashampoo
2009-03-06 04:41 --------- d-----w c:\program files\Xilisoft
2009-03-05 04:55 --------- d-----w c:\documents and settings\Mum&Dad\Application Data\Apple Computer
2009-03-05 01:41 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-04 07:05 --------- d-----w c:\program files\Common Files\OverDrive Shared
2009-03-04 07:04 --------- d-----w c:\program files\Common Files\L&H
2009-03-04 07:03 --------- d-----w c:\program files\Microsoft Reader
2009-03-04 07:02 --------- d-----w c:\program files\Common Files\InstallShield
2009-03-04 06:55 --------- d-----w c:\program files\Microsoft Silverlight
2009-03-04 03:54 --------- d-----w c:\documents and settings\Kimina\Application Data\Librarian Pro
2009-03-04 03:53 --------- d-----w c:\program files\Koingo Software
2009-03-03 10:00 --------- d-----w c:\program files\DAEMON Tools Lite
2009-03-03 03:42 --------- d-----w c:\documents and settings\All Users\Application Data\DFX
2009-03-03 03:31 --------- d-----w c:\program files\DFX
2009-03-03 03:31 --------- d-----w c:\program files\Common Files\DFX
2009-02-23 05:33 --------- d-----w c:\program files\TechSmith
2009-02-23 05:33 --------- d-----w c:\documents and settings\All Users\Application Data\TechSmith
2009-02-20 00:32 --------- d-----w c:\documents and settings\All Users\Application Data\TreeCardGames
2009-02-17 11:30 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-17 09:04 --------- d-----w c:\documents and settings\Mum&Dad\Application Data\eGames
2009-02-16 00:54 --------- d-----w c:\program files\Windows Sidebar
2009-02-14 03:13 --------- d-----w c:\program files\MSXML 4.0
2009-02-12 10:40 --------- d-----w c:\documents and settings\All Users\Application Data\Adobe-BackupByPhotoshopPortable
2009-02-12 04:05 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-02-11 15:02 --------- d-----w c:\program files\Family Tree Maker 2009
2009-02-11 15:02 --------- d-----w c:\program files\AoA MP4 Converter
2009-02-11 07:47 --------- d-----w c:\program files\DivX
2009-02-11 07:46 --------- d-----w c:\program files\DirectX 9.0c
2009-02-10 04:57 --------- d-----w c:\documents and settings\Mum&Dad\Application Data\TuneUp Software
2009-02-09 07:17 --------- d-----w c:\program files\Google
2009-02-09 07:09 --------- d-----w c:\documents and settings\Kimina\Application Data\URSoft
2009-02-09 07:00 --------- d-----w c:\program files\Yahoo!
2009-02-09 07:00 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-02-09 06:40 --------- d-----w c:\documents and settings\Kimina\Application Data\TuneUp Software
2009-02-09 06:04 --------- d-----w c:\documents and settings\All Users\Application Data\SSScanAppDataDir
2009-02-09 06:03 --------- d-----w c:\documents and settings\All Users\Application Data\MSScanAppDataDir
2009-02-08 06:34 --------- d-----w c:\documents and settings\Mum&Dad\Application Data\Canon

M3RM41D
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-02-28
Gender Gender : Female
OS OS : Red Hat
Points Points : 28401
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Krepper - G and Win32.Small.kj

Post by M3RM41D on Thu Apr 09, 2009 4:52 am

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Share ----

2009-03-29 16:14 425984 --a------ c:\share\123\123 Previews.lrdata\thumbnail-cache.db
2009-03-29 16:13 54384 --a------ c:\share\123\123 Previews.lrdata\3\3F0D\3F0DA113-9CC0-4603-B02A-F255739CA2E8-8865ddc80544b1a7b3f0a5961fe3a476-94.lr-preview.noindex
2009-03-29 16:13 49200 --a------ c:\share\123\123 Previews.lrdata\4\495A\495A0CEA-A330-437D-B0EA-3DC9FCEE0C8C-8865ddc80544b1a7b3f0a5961fe3a476-94.lr-preview.noindex
2009-03-29 16:13 47792 --a------ c:\share\123\123 Previews.lrdata\3\36EB\36EB9C0E-5943-4900-B397-E4B07CC59479-8865ddc80544b1a7b3f0a5961fe3a476-95.lr-preview.noindex
2009-03-29 16:13 46448 --a------ c:\share\123\123 Previews.lrdata\8\8C9D\8C9D79D2-179B-49EB-8E42-5C1E102E67E2-8865ddc80544b1a7b3f0a5961fe3a476-95.lr-preview.noindex
2009-03-29 16:13 43344 --a------ c:\share\123\123 Previews.lrdata\1\18A8\18A8DE76-D334-4A32-80A3-6395FB4423A8-8865ddc80544b1a7b3f0a5961fe3a476-95.lr-preview.noindex
2009-03-29 16:13 42256 --a------ c:\share\123\123 Previews.lrdata\1\11A4\11A4DE69-938B-46EF-B045-60E94AA647D6-8865ddc80544b1a7b3f0a5961fe3a476-94.lr-preview.noindex
2009-03-29 16:13 41280 --a------ c:\share\123\123 Previews.lrdata\E\E0F4\E0F4A186-902F-438A-AA45-A6566892A31C-8865ddc80544b1a7b3f0a5961fe3a476-94.lr-preview.noindex
2009-03-29 16:13 39776 --a------ c:\share\123\123 Previews.lrdata\F\FE39\FE393920-6C34-4446-B6A2-CFB431936E00-8865ddc80544b1a7b3f0a5961fe3a476-83.lr-preview.noindex
2009-03-29 16:13 39280 --a------ c:\share\123\123 Previews.lrdata\2\2C58\2C580518-E7CF-42A7-83F1-2E209D6DBDED-8865ddc80544b1a7b3f0a5961fe3a476-94.lr-preview.noindex
2009-03-29 16:13 38944 --a------ c:\share\123\123 Previews.lrdata\7\7D59\7D5965F5-250C-4BD1-921B-B37C7D1123AC-8865ddc80544b1a7b3f0a5961fe3a476-94.lr-preview.noindex
2009-03-29 16:13 38880 --a------ c:\share\123\123 Previews.lrdata\0\0E9D\0E9D74C9-9430-47DC-8366-7FEFA3CE9EC6-8865ddc80544b1a7b3f0a5961fe3a476-95.lr-preview.noindex
2009-03-29 16:13 37360 --a------ c:\share\123\123 Previews.lrdata\1\175A\175A2FAF-105A-4564-AFC1-60FD285482B0-8865ddc80544b1a7b3f0a5961fe3a476-94.lr-preview.noindex
2009-03-29 16:13 36880 --a------ c:\share\123\123 Previews.lrdata\B\BA74\BA74BC1C-F0B5-487E-90C0-C83D84219E9C-8865ddc80544b1a7b3f0a5961fe3a476-94.lr-preview.noindex
2009-03-29 16:13 35056 --a------ c:\share\123\123 Previews.lrdata\C\C79C\C79C3BF6-7041-4CF3-8679-421E706DFA9A-8865ddc80544b1a7b3f0a5961fe3a476-95.lr-preview.noindex
2009-03-29 16:13 30288 --a------ c:\share\123\123 Previews.lrdata\2\2A77\2A7703B5-0001-4EDC-9AF1-5B922E3B6BC9-8865ddc80544b1a7b3f0a5961fe3a476-94.lr-preview.noindex
2009-03-29 16:13 29920 --a------ c:\share\123\123 Previews.lrdata\5\543A\543AF073-5962-4CE9-94E7-DDB83E2B8E4C-8865ddc80544b1a7b3f0a5961fe3a476-94.lr-preview.noindex
2009-03-29 16:13 26160 --a------ c:\share\123\123 Previews.lrdata\B\B799\B799A05A-0344-4530-8845-3DDA4FB22752-8865ddc80544b1a7b3f0a5961fe3a476-95.lr-preview.noindex
2009-03-29 16:13 26000 --a------ c:\share\123\123 Previews.lrdata\5\55A9\55A95D90-56F9-4E6F-8525-2613D24DF5BA-8865ddc80544b1a7b3f0a5961fe3a476-95.lr-preview.noindex

---- Directory of C:\XPSetup ----

2009-04-04 00:08 10 --------- c:\xpsetup\WIN51IC.SP2
2009-04-04 00:07 10 --------- c:\xpsetup\WIN51IC.SP1
2009-04-04 00:07 10 --------- c:\xpsetup\WIN51IC
2009-04-04 00:05 10 --------- c:\xpsetup\WIN51
2008-07-06 22:06 89088 --------- c:\xpsetup\i386\filterpipelineprintproc.dll
2008-07-06 22:06 765440 --------- c:\xpsetup\i386\mxdwdrv.dll
2008-07-06 22:06 1676288 --------- c:\xpsetup\i386\xpssvcs.dll
2008-07-06 22:06 10929 --------- c:\xpsetup\i386\msxpsdrv.cat
2008-06-19 15:33 72 --------- c:\xpsetup\i386\msxpsinc.ppd
2008-06-19 15:33 2204 --------- c:\xpsetup\i386\msxpsdrv.inf
2008-06-19 11:03 73 --------- c:\xpsetup\i386\msxpsinc.gpd


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-03 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-03 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-03 134656]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-02-03 949376]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-03-30 1213320]
"AntiLogger"="c:\program files\AntiLogger\AntiLogger.exe" [2009-03-31 2277232]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-04-06 401040]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-09 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Kimina\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-08-29 360448]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 11 (0xb)
"GreyMSIAds"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\Program Files\\Family Tree Maker 2009\\FTM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

S1 AntiLog32;AntiLog32;c:\program files\AntiLogger\AntiLog32.sys [2009-03-31 115056]
S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-02-03 15424]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-03-27 179856]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-03-27 15504]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-03-26 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-27 06:51]

2009-04-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-2052111302-839522115-1004.job
- c:\documents and settings\Kimina\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-07 17:38]

2009-04-07 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Kimina.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-04-06 15:32]

2009-04-08 c:\windows\Tasks\Malwarebytes' Scheduled Update for Kimina.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-04-06 15:32]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {E1C2CA2F-B009-43DB-AAEB-3433D7E8F1E7} = 61.9.211.33,61.9.211.1
FF - ProfilePath - c:\documents and settings\Kimina\Application Data\Mozilla\Firefox\Profiles\aba8c5y6.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\Kimina\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-04-09 09:04:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-04-09 9:07:11 - machine was rebooted [Kimina]
ComboFix-quarantined-files.txt 2009-04-08 23:07:09
ComboFix2.txt 2009-04-08 15:48:56
ComboFix3.txt 2009-04-06 16:22:36

Pre-Run: 180,738,424,832 bytes free
Post-Run: 180,724,666,368 bytes free

323 --- E O F --- 2009-03-20 00:13:17

M3RM41D
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-02-28
Gender Gender : Female
OS OS : Red Hat
Points Points : 28401
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Krepper - G and Win32.Small.kj

Post by Belahzur on Thu Apr 09, 2009 1:10 pm

Hello.
This looks better now.
How is the machine running?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Krepper - G and Win32.Small.kj

Post by M3RM41D on Thu Apr 09, 2009 2:53 pm

Hi Belahzur,

It's running better thanks, I'm not sure which application is infected though
can I give you an update in a few days please?

M3RM41D
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-02-28
Gender Gender : Female
OS OS : Red Hat
Points Points : 28401
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Krepper - G and Win32.Small.kj

Post by Belahzur on Thu Apr 09, 2009 5:01 pm

Sure.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Krepper - G and Win32.Small.kj

Post by M3RM41D on Sat Apr 11, 2009 2:58 pm

Hello again Belahzur,

The infection came back a couple of times and i managed to narrow it down to Trojan Remover.

I had an illegal copy that didn't work and then a trial copy running which would reinfect my PC during the boot up scan.

It's uninstalled now.

I still have ComboFix running on my desktop.

Can I uninstall ComboFix now?

M3RM41D
Novice
Novice

Posts Posts : 41
Joined Joined : 2009-02-28
Gender Gender : Female
OS OS : Red Hat
Points Points : 28401
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Krepper - G and Win32.Small.kj

Post by Belahzur on Sat Apr 11, 2009 2:59 pm

That is why people should avoid P2P/cracks/keygens/fake software.

Yes, uninstall Combofix.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum