apua C:\\WINDOWS\SYSTEM32\TDSSADW.DLL

eki007

quote: C:\\WINDOWS\SYSTEM32\TDSSADW.DLL is not a valid Windows application... tai jotenkn tälleen meni se viesti, joka koko ajan ilmaantu eteen. latasin ComboFixin ja ajoin sen läpi, tässä loki..

ComboFix 08-09-26.01 - irkki 2008-09-27 0:58:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.354 [GMT 3:00]
Running from: C:\Documents and Settings\irkki\Desktop\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\irkki\Application Data\Adobe\crc.dat
C:\WINDOWS\OPTIONS\CABS\_desktop.ini
C:\WINDOWS\system32\drivers\tdssserv.sys
C:\WINDOWS\system32\TDSSadw.dll
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\tdssserf.dll
C:\WINDOWS\system32\TDSSserf1.dll
C:\WINDOWS\system32\TDSSservers.dat

----- BITS: Possible infected sites -----

hxxp://78.157.143.163
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV
-------\Service_TDSSserv


((((((((((((((((((((((((( Files Created from 2008-08-26 to 2008-09-26 )))))))))))))))))))))))))))))))
.

2008-09-18 13:25 . 2008-09-27 00:23   4,194,526   --a------   C:\WINDOWS\firewall_log.log.old
2008-09-18 12:42 . 2008-09-18 13:42      d--------   C:\WINDOWS\system32\CatRoot_bak
2008-09-18 01:42 . 2008-09-18 01:42   268   --ah-----   C:\sqmdata07.sqm
2008-09-18 01:42 . 2008-09-18 01:42   244   --ah-----   C:\sqmnoopt07.sqm
2008-09-17 12:50 . 2008-09-17 12:50      d--------   C:\Program Files\DNA
2008-09-17 12:50 . 2008-09-27 01:07      d--------   C:\Documents and Settings\irkki\Application Data\DNA
2008-09-16 00:16 . 2008-09-16 00:16   268   --ah-----   C:\sqmdata06.sqm
2008-09-16 00:16 . 2008-09-16 00:16   244   --ah-----   C:\sqmnoopt06.sqm
2008-09-15 23:24 . 2008-09-15 23:24      d--------   C:\Casino
2008-09-15 10:58 . 2008-09-15 10:58      d--------   C:\Program Files\Rising
2008-09-15 10:57 . 2008-09-15 10:57      d--------   C:\Documents and Settings\All Users\Application Data\Rising
2008-09-15 10:57 . 2008-09-26 15:05   44   --a------   C:\WINDOWS\Rav.ini
2008-09-15 09:44 . 2008-09-25 13:04      d--------   C:\Program Files\Spyware Doctor
2008-09-15 09:44 . 2008-09-15 09:44      d--------   C:\Documents and Settings\irkki\Application Data\PC Tools
2008-09-15 09:44 . 2008-08-25 11:36   81,288   --a------   C:\WINDOWS\system32\drivers\iksyssec.sys
2008-09-15 09:44 . 2008-08-25 11:36   66,952   --a------   C:\WINDOWS\system32\drivers\iksysflt.sys
2008-09-15 09:44 . 2008-08-25 11:36   40,840   --a------   C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-09-15 09:44 . 2008-06-02 15:19   29,576   --a------   C:\WINDOWS\system32\drivers\kcom.sys
2008-09-13 15:54 . 2008-09-13 15:54   268   --ah-----   C:\sqmdata05.sqm
2008-09-13 15:54 . 2008-09-13 15:54   244   --ah-----   C:\sqmnoopt05.sqm
2008-09-12 16:24 . 2008-09-27 00:46      d--------   C:\Documents and Settings\irkki\Application Data\uTorrent
2008-09-12 00:29 . 2008-09-12 00:29   268   --ah-----   C:\sqmdata04.sqm
2008-09-12 00:29 . 2008-09-12 00:29   244   --ah-----   C:\sqmnoopt04.sqm
2008-09-11 15:45 . 2008-09-11 15:45      d--------   C:\Program Files\uTorrent
2008-09-11 15:44 . 2008-09-13 16:37      d--------   C:\Documents and Settings\elli\Application Data\uTorrent
2008-09-11 15:37 . 2008-09-11 15:37      d--------   C:\Documents and Settings\elli\Application Data\Uniblue
2008-09-11 15:10 . 2008-09-27 01:17      d-a------   C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-08 23:19 . 2008-09-08 23:19   268   --ah-----   C:\sqmdata03.sqm
2008-09-08 23:19 . 2008-09-08 23:19   244   --ah-----   C:\sqmnoopt03.sqm
2008-09-06 12:27 . 2008-09-06 12:27      d--------   C:\Documents and Settings\elli\Application Data\PC Suite
2008-09-06 11:33 . 2004-08-03 23:08   31,616   --a------   C:\WINDOWS\system32\drivers\usbccgp.sys
2008-09-06 11:33 . 2004-08-03 23:08   31,616   --a--c---   C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-09-06 11:32 . 2007-08-24 19:45   101,120   -ra------   C:\WINDOWS\system32\drivers\ewusbmdm.sys
2008-09-06 11:32 . 2007-08-24 19:45   24,448   -ra------   C:\WINDOWS\system32\drivers\ewdcsc.sys
2008-09-06 11:31 . 2008-09-06 11:33      d--------   C:\Program Files\Mobile Partner
2008-09-05 15:27 . 2008-09-05 15:27      d--------   C:\SonySdLv
2008-09-05 15:18 . 2008-09-05 15:18      d--------   C:\SonySued
2008-08-27 20:31 . 2008-08-27 20:33      d--------   C:\Documents and Settings\irkki\Application Data\U3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-26 22:17   ---------   d-----w   C:\Documents and Settings\irkki\Application Data\OpenOffice.org2
2008-09-18 17:13   ---------   d-----w   C:\Documents and Settings\elli\Application Data\OpenOffice.org2
2008-09-15 19:41   164,976   ----a-w   C:\WINDOWS\system32\drivers\HookSys.sys
2008-09-15 07:57   62,576   ----a-w   C:\WINDOWS\system32\drivers\HookNtos.sys
2008-09-15 07:57   38,256   ----a-w   C:\WINDOWS\system32\drivers\HOOKREG.sys
2008-09-15 07:57   30,704   ----a-w   C:\WINDOWS\system32\drivers\HookHelp.sys
2008-09-15 07:57   237,168   ----a-w   C:\WINDOWS\system32\bsmain.exe
2008-09-15 07:57   13,808   ----a-w   C:\WINDOWS\system32\drivers\HookCont.sys
2008-09-15 07:57   10,736   ----a-w   C:\WINDOWS\system32\drivers\RsNTGdi.sys
2008-09-15 07:56   113,264   ----a-w   C:\WINDOWS\system32\RavExt.dll
2008-09-14 20:30   ---------   d-----w   C:\Documents and Settings\irkki\Application Data\dvdcss
2008-09-12 13:27   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\PC Suite
2008-08-26 10:56   ---------   d-----w   C:\Program Files\Microsoft Silverlight
2008-08-07 08:44   ---------   d-----w   C:\Documents and Settings\irkki\Application Data\VersionTracker Pro
2008-08-06 15:41   ---------   d-----w   C:\Program Files\Realtek
2008-08-06 15:20   ---------   d-----w   C:\Program Files\Java
2008-08-06 10:07   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-07-18 19:10   94,920   ----a-w   C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10   53,448   ----a-w   C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10   45,768   ----a-w   C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10   36,552   ----a-w   C:\WINDOWS\system32\wups.dll
2008-07-18 19:09   563,912   ----a-w   C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09   325,832   ----a-w   C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09   205,000   ----a-w   C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09   1,811,656   ----a-w   C:\WINDOWS\system32\wuaueng.dll
2008-07-18 19:07   270,880   ----a-w   C:\WINDOWS\system32\mucltui.dll
2008-07-18 19:07   210,976   ----a-w   C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39   586,752   ----a-w   C:\WINDOWS\WLXPGSS.SCR
2008-07-07 20:32   253,952   ----a-w   C:\WINDOWS\system32\es.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-09-17 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-15 53248]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 266497]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="H:\WINDOWS\system32\CTFMON.EXE" [2006-11-02 8704]

C:\Documents and Settings\elli\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-03-16 393216]

C:\Documents and Settings\irkki\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-03-16 393216]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2008-05-18 45056]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{32CD708B-60A7-4C00-9377-D73EAA495F0F}"= "C:\WINDOWS\system32\RavExt.dll" [2008-09-15 113264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,H:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=

R0 RsNTGDI;RsNTGDI;C:\WINDOWS\system32\Drivers\RsNTGdi.sys [2008-09-15 10736]
R1 HookCont;HookCont;C:\WINDOWS\system32\drivers\HookCont.sys [2008-09-15 13808]
R1 HookNtos;HookNtos;C:\WINDOWS\system32\drivers\HookNtos.sys [2008-09-15 62576]
R1 HookReg;HookReg;C:\WINDOWS\system32\drivers\HookReg.sys [2008-09-15 38256]
R1 HookSys;HookSys;C:\WINDOWS\system32\drivers\HookSys.sys [2008-09-15 164976]
R2 RsCCenter;Rising Process Communication Center;C:\Program Files\Rising\Rav\CCenter.exe [2008-09-15 162416]
S2 RsRavMon;Rising RealTime Monitor;C:\PROGRAM FILES\RISING\RAV\Ravmond.exe [2008-09-15 395888]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5d2627e-7bed-11dd-a114-0016d4d676b6}]
\Shell\AutoRun\command - D:\AutoRun.exe
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-INPROCOMMWireless - C:\Program Files\Atheros\Wireless\Utility\WlanUtil.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\irkki\Application Data\Mozilla\Firefox\Profiles\zgybbami.default\
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-27 01:17:49
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Rising\Rav\RavMon.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
.
**************************************************************************
.
Completion time: 2008-09-27 1:20:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-26 22:20:01

Pre-Run: 10 389 409 792 bytes free
Post-Run: 11,644,010,496 bytes free

192   --- E O F ---   2008-09-11 09:43:52

0

216

Äänestä

    Vastaukset

    Anonyymi (Kirjaudu / Rekisteröidy)
    5000

      Ketjusta on poistettu 0 sääntöjenvastaista viestiä.

      Takaisin ylös

      Luetuimmat keskustelut

      1. Nurmossa kuoli 2 Lasta..

        Autokolarissa. Näin kertovat iltapäivälehdet juuri nyt. 22.11. Ja aina ennen Joulua näitä tulee. . .
        Seinäjoki
        45
        2857

      2. Vanhalle ukon rähjälle

        Satutit mua niin paljon kun erottiin. Oletko todella niin itsekäs että kuvittelet että huolisin sut kaiken tapahtuneen
        Ikävä
        43
        2824

      3. Maisa on SALAKUVATTU huumepoliisinsa kanssa!

        https://www.seiska.fi/vain-seiskassa/ensimmainen-yhteiskuva-maisa-torpan-ja-poliisikullan-lahiorakkaus-roihuaa/1525663
        Kotimaiset julkkisjuorut
        123
        2608

      4. Mikko Koivu yrittää pestä mustan valkoiseksi

        Ilmeisesti huomannut, että Helenan tukijoukot kasvaa kasvamistaan. Riistakamera paljasti hiljattain kylmän totuuden Mi
        Kotimaiset julkkisjuorut
        328
        1667

      5. Mitä sanoisit

        Ihastukselle, jos näkisitte?
        Tunteet
        71
        1074

      6. Ensitreffit Hai rehellisenä - Tämä intiimiyden muoto puuttui suhteesta Annan kanssa: "Meillä ei..."

        Hai ja Anna eivät jatkaneet avioliittoaan Ensitreffit-sarjassa. Olisiko mielestäsi tällä parilla ollut mahdollisuus aito
        Ensitreffit alttarilla
        10
        1041

      7. Purra hermostui A-studiossa

        Purra huusi ja tärisi A-studiossa 21.11.-24. Ei kykene asialliseen keskusteluun.
        Perussuomalaiset
        192
        902

      8. Miksi pankkitunnuksilla kaikkialle

        Miksi rahaliikenteen palveluiden tunnukset vaaditaan miltei kaikkeen yleiseen asiointiin Suomessa? Kenen etu on se, että
        Maailman menoa
        101
        762

      9. Joel Harkimo seuraa Martina Aitolehden jalanjälkiä!

        Oho, aikamoinen yllätys, että Joel Jolle Harkimo on lähtenyt Iholla-ohjelmaan. Tässähän hän seuraa mm. Martina Aitolehde
        Suomalaiset julkkikset
        26
        750

      10. Kuinka pitkiä olette?

        Ap aloittaa, 177cm
        Sinkut
        99
        691
      Aihe
      TietosuojaselosteKäyttöehdotEvästeasetuksetSäännöt