apua C:\\WINDOWS\SYSTEM32\TDSSADW.DLL

eki007

quote: C:\\WINDOWS\SYSTEM32\TDSSADW.DLL is not a valid Windows application... tai jotenkn tälleen meni se viesti, joka koko ajan ilmaantu eteen. latasin ComboFixin ja ajoin sen läpi, tässä loki..

ComboFix 08-09-26.01 - irkki 2008-09-27 0:58:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.354 [GMT 3:00]
Running from: C:\Documents and Settings\irkki\Desktop\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\irkki\Application Data\Adobe\crc.dat
C:\WINDOWS\OPTIONS\CABS\_desktop.ini
C:\WINDOWS\system32\drivers\tdssserv.sys
C:\WINDOWS\system32\TDSSadw.dll
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\tdssserf.dll
C:\WINDOWS\system32\TDSSserf1.dll
C:\WINDOWS\system32\TDSSservers.dat

----- BITS: Possible infected sites -----

hxxp://78.157.143.163
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV
-------\Service_TDSSserv


((((((((((((((((((((((((( Files Created from 2008-08-26 to 2008-09-26 )))))))))))))))))))))))))))))))
.

2008-09-18 13:25 . 2008-09-27 00:23   4,194,526   --a------   C:\WINDOWS\firewall_log.log.old
2008-09-18 12:42 . 2008-09-18 13:42      d--------   C:\WINDOWS\system32\CatRoot_bak
2008-09-18 01:42 . 2008-09-18 01:42   268   --ah-----   C:\sqmdata07.sqm
2008-09-18 01:42 . 2008-09-18 01:42   244   --ah-----   C:\sqmnoopt07.sqm
2008-09-17 12:50 . 2008-09-17 12:50      d--------   C:\Program Files\DNA
2008-09-17 12:50 . 2008-09-27 01:07      d--------   C:\Documents and Settings\irkki\Application Data\DNA
2008-09-16 00:16 . 2008-09-16 00:16   268   --ah-----   C:\sqmdata06.sqm
2008-09-16 00:16 . 2008-09-16 00:16   244   --ah-----   C:\sqmnoopt06.sqm
2008-09-15 23:24 . 2008-09-15 23:24      d--------   C:\Casino
2008-09-15 10:58 . 2008-09-15 10:58      d--------   C:\Program Files\Rising
2008-09-15 10:57 . 2008-09-15 10:57      d--------   C:\Documents and Settings\All Users\Application Data\Rising
2008-09-15 10:57 . 2008-09-26 15:05   44   --a------   C:\WINDOWS\Rav.ini
2008-09-15 09:44 . 2008-09-25 13:04      d--------   C:\Program Files\Spyware Doctor
2008-09-15 09:44 . 2008-09-15 09:44      d--------   C:\Documents and Settings\irkki\Application Data\PC Tools
2008-09-15 09:44 . 2008-08-25 11:36   81,288   --a------   C:\WINDOWS\system32\drivers\iksyssec.sys
2008-09-15 09:44 . 2008-08-25 11:36   66,952   --a------   C:\WINDOWS\system32\drivers\iksysflt.sys
2008-09-15 09:44 . 2008-08-25 11:36   40,840   --a------   C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-09-15 09:44 . 2008-06-02 15:19   29,576   --a------   C:\WINDOWS\system32\drivers\kcom.sys
2008-09-13 15:54 . 2008-09-13 15:54   268   --ah-----   C:\sqmdata05.sqm
2008-09-13 15:54 . 2008-09-13 15:54   244   --ah-----   C:\sqmnoopt05.sqm
2008-09-12 16:24 . 2008-09-27 00:46      d--------   C:\Documents and Settings\irkki\Application Data\uTorrent
2008-09-12 00:29 . 2008-09-12 00:29   268   --ah-----   C:\sqmdata04.sqm
2008-09-12 00:29 . 2008-09-12 00:29   244   --ah-----   C:\sqmnoopt04.sqm
2008-09-11 15:45 . 2008-09-11 15:45      d--------   C:\Program Files\uTorrent
2008-09-11 15:44 . 2008-09-13 16:37      d--------   C:\Documents and Settings\elli\Application Data\uTorrent
2008-09-11 15:37 . 2008-09-11 15:37      d--------   C:\Documents and Settings\elli\Application Data\Uniblue
2008-09-11 15:10 . 2008-09-27 01:17      d-a------   C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-08 23:19 . 2008-09-08 23:19   268   --ah-----   C:\sqmdata03.sqm
2008-09-08 23:19 . 2008-09-08 23:19   244   --ah-----   C:\sqmnoopt03.sqm
2008-09-06 12:27 . 2008-09-06 12:27      d--------   C:\Documents and Settings\elli\Application Data\PC Suite
2008-09-06 11:33 . 2004-08-03 23:08   31,616   --a------   C:\WINDOWS\system32\drivers\usbccgp.sys
2008-09-06 11:33 . 2004-08-03 23:08   31,616   --a--c---   C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-09-06 11:32 . 2007-08-24 19:45   101,120   -ra------   C:\WINDOWS\system32\drivers\ewusbmdm.sys
2008-09-06 11:32 . 2007-08-24 19:45   24,448   -ra------   C:\WINDOWS\system32\drivers\ewdcsc.sys
2008-09-06 11:31 . 2008-09-06 11:33      d--------   C:\Program Files\Mobile Partner
2008-09-05 15:27 . 2008-09-05 15:27      d--------   C:\SonySdLv
2008-09-05 15:18 . 2008-09-05 15:18      d--------   C:\SonySued
2008-08-27 20:31 . 2008-08-27 20:33      d--------   C:\Documents and Settings\irkki\Application Data\U3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-26 22:17   ---------   d-----w   C:\Documents and Settings\irkki\Application Data\OpenOffice.org2
2008-09-18 17:13   ---------   d-----w   C:\Documents and Settings\elli\Application Data\OpenOffice.org2
2008-09-15 19:41   164,976   ----a-w   C:\WINDOWS\system32\drivers\HookSys.sys
2008-09-15 07:57   62,576   ----a-w   C:\WINDOWS\system32\drivers\HookNtos.sys
2008-09-15 07:57   38,256   ----a-w   C:\WINDOWS\system32\drivers\HOOKREG.sys
2008-09-15 07:57   30,704   ----a-w   C:\WINDOWS\system32\drivers\HookHelp.sys
2008-09-15 07:57   237,168   ----a-w   C:\WINDOWS\system32\bsmain.exe
2008-09-15 07:57   13,808   ----a-w   C:\WINDOWS\system32\drivers\HookCont.sys
2008-09-15 07:57   10,736   ----a-w   C:\WINDOWS\system32\drivers\RsNTGdi.sys
2008-09-15 07:56   113,264   ----a-w   C:\WINDOWS\system32\RavExt.dll
2008-09-14 20:30   ---------   d-----w   C:\Documents and Settings\irkki\Application Data\dvdcss
2008-09-12 13:27   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\PC Suite
2008-08-26 10:56   ---------   d-----w   C:\Program Files\Microsoft Silverlight
2008-08-07 08:44   ---------   d-----w   C:\Documents and Settings\irkki\Application Data\VersionTracker Pro
2008-08-06 15:41   ---------   d-----w   C:\Program Files\Realtek
2008-08-06 15:20   ---------   d-----w   C:\Program Files\Java
2008-08-06 10:07   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-07-18 19:10   94,920   ----a-w   C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10   53,448   ----a-w   C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10   45,768   ----a-w   C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10   36,552   ----a-w   C:\WINDOWS\system32\wups.dll
2008-07-18 19:09   563,912   ----a-w   C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09   325,832   ----a-w   C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09   205,000   ----a-w   C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09   1,811,656   ----a-w   C:\WINDOWS\system32\wuaueng.dll
2008-07-18 19:07   270,880   ----a-w   C:\WINDOWS\system32\mucltui.dll
2008-07-18 19:07   210,976   ----a-w   C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39   586,752   ----a-w   C:\WINDOWS\WLXPGSS.SCR
2008-07-07 20:32   253,952   ----a-w   C:\WINDOWS\system32\es.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-09-17 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-15 53248]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 266497]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="H:\WINDOWS\system32\CTFMON.EXE" [2006-11-02 8704]

C:\Documents and Settings\elli\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-03-16 393216]

C:\Documents and Settings\irkki\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-03-16 393216]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2008-05-18 45056]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{32CD708B-60A7-4C00-9377-D73EAA495F0F}"= "C:\WINDOWS\system32\RavExt.dll" [2008-09-15 113264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,H:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=

R0 RsNTGDI;RsNTGDI;C:\WINDOWS\system32\Drivers\RsNTGdi.sys [2008-09-15 10736]
R1 HookCont;HookCont;C:\WINDOWS\system32\drivers\HookCont.sys [2008-09-15 13808]
R1 HookNtos;HookNtos;C:\WINDOWS\system32\drivers\HookNtos.sys [2008-09-15 62576]
R1 HookReg;HookReg;C:\WINDOWS\system32\drivers\HookReg.sys [2008-09-15 38256]
R1 HookSys;HookSys;C:\WINDOWS\system32\drivers\HookSys.sys [2008-09-15 164976]
R2 RsCCenter;Rising Process Communication Center;C:\Program Files\Rising\Rav\CCenter.exe [2008-09-15 162416]
S2 RsRavMon;Rising RealTime Monitor;C:\PROGRAM FILES\RISING\RAV\Ravmond.exe [2008-09-15 395888]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5d2627e-7bed-11dd-a114-0016d4d676b6}]
\Shell\AutoRun\command - D:\AutoRun.exe
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-INPROCOMMWireless - C:\Program Files\Atheros\Wireless\Utility\WlanUtil.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\irkki\Application Data\Mozilla\Firefox\Profiles\zgybbami.default\
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-27 01:17:49
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Rising\Rav\RavMon.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
.
**************************************************************************
.
Completion time: 2008-09-27 1:20:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-26 22:20:01

Pre-Run: 10 389 409 792 bytes free
Post-Run: 11,644,010,496 bytes free

192   --- E O F ---   2008-09-11 09:43:52

0

252

Äänestä

    Vastaukset

    Anonyymi (Kirjaudu / Rekisteröidy)
    5000

      Ketjusta on poistettu 0 sääntöjenvastaista viestiä.

      Takaisin ylös

      Luetuimmat keskustelut

      1. Mikaela Nylander: Jos pakkoruotsi poistetaan, niin ruotsin kielen asema romahtaa

        (Nylander on vanha RKP:nen) Mutta niin heikossa vedossa muumiruotsi siis on Suomessa, että vain tekohengityksellä se pys
        Maailman menoa
        65
        2572

      2. Nainen aion pilata elämäsi täysin, opetus sulle, että pelasit väärän ihmisen sydämellä.

        Empatiani sua kohtaan katosi siinä kohtaan, kun teit tietoisen valinnan leikkiä mun sydämellä. Luulet olevas joku älykäs
        Ikävä
        241
        1585

      3. Kaivattusi nimi vol.3

        Kaipaajankin nimi olisi kiva. 🥰
        Ikävä
        94
        1380

      4. 6 vkoa kulunut ilman sua

        …ihme että olen vielä hengissä. 😔 Kyynelillä pessyt lattioita. Rakastan ja odotan sua ikuisesti❤️Projekti jäi kesken jo
        Ikävä
        8
        901

      5. Viestisi kaipaamallesi ihmiselle

        Mitä ajattelet tilanteestanne tänään?
        Ikävä
        65
        882

      6. Jotenkin se harmittaa

        Etten voinut antaa itselleni mahdollisuutta tutustua. Tulit vain liian lähelle ja syvälle kemia oli alusta alkaen liian
        Ikävä
        46
        700

      7. Olen yrittänyt tavoittaa sinut kolmesti

        Elämän aikana. Kahdesti hakenut numeroa ja lähettänyt jollekkin nimisellesi viestin. Kerran aivan summassa keksimääni os
        Ikävä
        2
        652

      8. Haluan kysyä vain yhden asian

        Miksi et koskaan halunnut kohdata minua kasvotusten silloin, kun molemmilla oli tunteita? Kaiken muun olen jo hyväksymäs
        Ikävä
        39
        579

      9. Mies aion pilata elämäsi

        Ole hyvä vaan, olet ansainnut sen.
        Ikävä
        73
        562

      10. Kauneus on katsojan silmissä

        Mitä kaunista sun silmät näkevät?
        Ikävä
        22
        512
      Aihe
      TietosuojaselosteKäyttöehdotEvästeasetuksetSäännöt