apua C:\\WINDOWS\SYSTEM32\TDSSADW.DLL

eki007

quote: C:\\WINDOWS\SYSTEM32\TDSSADW.DLL is not a valid Windows application... tai jotenkn tälleen meni se viesti, joka koko ajan ilmaantu eteen. latasin ComboFixin ja ajoin sen läpi, tässä loki..

ComboFix 08-09-26.01 - irkki 2008-09-27 0:58:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.354 [GMT 3:00]
Running from: C:\Documents and Settings\irkki\Desktop\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\irkki\Application Data\Adobe\crc.dat
C:\WINDOWS\OPTIONS\CABS\_desktop.ini
C:\WINDOWS\system32\drivers\tdssserv.sys
C:\WINDOWS\system32\TDSSadw.dll
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\tdssserf.dll
C:\WINDOWS\system32\TDSSserf1.dll
C:\WINDOWS\system32\TDSSservers.dat

----- BITS: Possible infected sites -----

hxxp://78.157.143.163
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV
-------\Service_TDSSserv


((((((((((((((((((((((((( Files Created from 2008-08-26 to 2008-09-26 )))))))))))))))))))))))))))))))
.

2008-09-18 13:25 . 2008-09-27 00:23   4,194,526   --a------   C:\WINDOWS\firewall_log.log.old
2008-09-18 12:42 . 2008-09-18 13:42      d--------   C:\WINDOWS\system32\CatRoot_bak
2008-09-18 01:42 . 2008-09-18 01:42   268   --ah-----   C:\sqmdata07.sqm
2008-09-18 01:42 . 2008-09-18 01:42   244   --ah-----   C:\sqmnoopt07.sqm
2008-09-17 12:50 . 2008-09-17 12:50      d--------   C:\Program Files\DNA
2008-09-17 12:50 . 2008-09-27 01:07      d--------   C:\Documents and Settings\irkki\Application Data\DNA
2008-09-16 00:16 . 2008-09-16 00:16   268   --ah-----   C:\sqmdata06.sqm
2008-09-16 00:16 . 2008-09-16 00:16   244   --ah-----   C:\sqmnoopt06.sqm
2008-09-15 23:24 . 2008-09-15 23:24      d--------   C:\Casino
2008-09-15 10:58 . 2008-09-15 10:58      d--------   C:\Program Files\Rising
2008-09-15 10:57 . 2008-09-15 10:57      d--------   C:\Documents and Settings\All Users\Application Data\Rising
2008-09-15 10:57 . 2008-09-26 15:05   44   --a------   C:\WINDOWS\Rav.ini
2008-09-15 09:44 . 2008-09-25 13:04      d--------   C:\Program Files\Spyware Doctor
2008-09-15 09:44 . 2008-09-15 09:44      d--------   C:\Documents and Settings\irkki\Application Data\PC Tools
2008-09-15 09:44 . 2008-08-25 11:36   81,288   --a------   C:\WINDOWS\system32\drivers\iksyssec.sys
2008-09-15 09:44 . 2008-08-25 11:36   66,952   --a------   C:\WINDOWS\system32\drivers\iksysflt.sys
2008-09-15 09:44 . 2008-08-25 11:36   40,840   --a------   C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-09-15 09:44 . 2008-06-02 15:19   29,576   --a------   C:\WINDOWS\system32\drivers\kcom.sys
2008-09-13 15:54 . 2008-09-13 15:54   268   --ah-----   C:\sqmdata05.sqm
2008-09-13 15:54 . 2008-09-13 15:54   244   --ah-----   C:\sqmnoopt05.sqm
2008-09-12 16:24 . 2008-09-27 00:46      d--------   C:\Documents and Settings\irkki\Application Data\uTorrent
2008-09-12 00:29 . 2008-09-12 00:29   268   --ah-----   C:\sqmdata04.sqm
2008-09-12 00:29 . 2008-09-12 00:29   244   --ah-----   C:\sqmnoopt04.sqm
2008-09-11 15:45 . 2008-09-11 15:45      d--------   C:\Program Files\uTorrent
2008-09-11 15:44 . 2008-09-13 16:37      d--------   C:\Documents and Settings\elli\Application Data\uTorrent
2008-09-11 15:37 . 2008-09-11 15:37      d--------   C:\Documents and Settings\elli\Application Data\Uniblue
2008-09-11 15:10 . 2008-09-27 01:17      d-a------   C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-08 23:19 . 2008-09-08 23:19   268   --ah-----   C:\sqmdata03.sqm
2008-09-08 23:19 . 2008-09-08 23:19   244   --ah-----   C:\sqmnoopt03.sqm
2008-09-06 12:27 . 2008-09-06 12:27      d--------   C:\Documents and Settings\elli\Application Data\PC Suite
2008-09-06 11:33 . 2004-08-03 23:08   31,616   --a------   C:\WINDOWS\system32\drivers\usbccgp.sys
2008-09-06 11:33 . 2004-08-03 23:08   31,616   --a--c---   C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-09-06 11:32 . 2007-08-24 19:45   101,120   -ra------   C:\WINDOWS\system32\drivers\ewusbmdm.sys
2008-09-06 11:32 . 2007-08-24 19:45   24,448   -ra------   C:\WINDOWS\system32\drivers\ewdcsc.sys
2008-09-06 11:31 . 2008-09-06 11:33      d--------   C:\Program Files\Mobile Partner
2008-09-05 15:27 . 2008-09-05 15:27      d--------   C:\SonySdLv
2008-09-05 15:18 . 2008-09-05 15:18      d--------   C:\SonySued
2008-08-27 20:31 . 2008-08-27 20:33      d--------   C:\Documents and Settings\irkki\Application Data\U3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-26 22:17   ---------   d-----w   C:\Documents and Settings\irkki\Application Data\OpenOffice.org2
2008-09-18 17:13   ---------   d-----w   C:\Documents and Settings\elli\Application Data\OpenOffice.org2
2008-09-15 19:41   164,976   ----a-w   C:\WINDOWS\system32\drivers\HookSys.sys
2008-09-15 07:57   62,576   ----a-w   C:\WINDOWS\system32\drivers\HookNtos.sys
2008-09-15 07:57   38,256   ----a-w   C:\WINDOWS\system32\drivers\HOOKREG.sys
2008-09-15 07:57   30,704   ----a-w   C:\WINDOWS\system32\drivers\HookHelp.sys
2008-09-15 07:57   237,168   ----a-w   C:\WINDOWS\system32\bsmain.exe
2008-09-15 07:57   13,808   ----a-w   C:\WINDOWS\system32\drivers\HookCont.sys
2008-09-15 07:57   10,736   ----a-w   C:\WINDOWS\system32\drivers\RsNTGdi.sys
2008-09-15 07:56   113,264   ----a-w   C:\WINDOWS\system32\RavExt.dll
2008-09-14 20:30   ---------   d-----w   C:\Documents and Settings\irkki\Application Data\dvdcss
2008-09-12 13:27   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\PC Suite
2008-08-26 10:56   ---------   d-----w   C:\Program Files\Microsoft Silverlight
2008-08-07 08:44   ---------   d-----w   C:\Documents and Settings\irkki\Application Data\VersionTracker Pro
2008-08-06 15:41   ---------   d-----w   C:\Program Files\Realtek
2008-08-06 15:20   ---------   d-----w   C:\Program Files\Java
2008-08-06 10:07   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-07-18 19:10   94,920   ----a-w   C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10   53,448   ----a-w   C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10   45,768   ----a-w   C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10   36,552   ----a-w   C:\WINDOWS\system32\wups.dll
2008-07-18 19:09   563,912   ----a-w   C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09   325,832   ----a-w   C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09   205,000   ----a-w   C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09   1,811,656   ----a-w   C:\WINDOWS\system32\wuaueng.dll
2008-07-18 19:07   270,880   ----a-w   C:\WINDOWS\system32\mucltui.dll
2008-07-18 19:07   210,976   ----a-w   C:\WINDOWS\system32\muweb.dll
2008-07-18 18:39   586,752   ----a-w   C:\WINDOWS\WLXPGSS.SCR
2008-07-07 20:32   253,952   ----a-w   C:\WINDOWS\system32\es.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-09-17 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-15 53248]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 266497]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="H:\WINDOWS\system32\CTFMON.EXE" [2006-11-02 8704]

C:\Documents and Settings\elli\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-03-16 393216]

C:\Documents and Settings\irkki\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-03-16 393216]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2008-05-18 45056]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{32CD708B-60A7-4C00-9377-D73EAA495F0F}"= "C:\WINDOWS\system32\RavExt.dll" [2008-09-15 113264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,H:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=

R0 RsNTGDI;RsNTGDI;C:\WINDOWS\system32\Drivers\RsNTGdi.sys [2008-09-15 10736]
R1 HookCont;HookCont;C:\WINDOWS\system32\drivers\HookCont.sys [2008-09-15 13808]
R1 HookNtos;HookNtos;C:\WINDOWS\system32\drivers\HookNtos.sys [2008-09-15 62576]
R1 HookReg;HookReg;C:\WINDOWS\system32\drivers\HookReg.sys [2008-09-15 38256]
R1 HookSys;HookSys;C:\WINDOWS\system32\drivers\HookSys.sys [2008-09-15 164976]
R2 RsCCenter;Rising Process Communication Center;C:\Program Files\Rising\Rav\CCenter.exe [2008-09-15 162416]
S2 RsRavMon;Rising RealTime Monitor;C:\PROGRAM FILES\RISING\RAV\Ravmond.exe [2008-09-15 395888]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5d2627e-7bed-11dd-a114-0016d4d676b6}]
\Shell\AutoRun\command - D:\AutoRun.exe
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-INPROCOMMWireless - C:\Program Files\Atheros\Wireless\Utility\WlanUtil.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\irkki\Application Data\Mozilla\Firefox\Profiles\zgybbami.default\
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-27 01:17:49
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Rising\Rav\RavMon.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
.
**************************************************************************
.
Completion time: 2008-09-27 1:20:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-26 22:20:01

Pre-Run: 10 389 409 792 bytes free
Post-Run: 11,644,010,496 bytes free

192   --- E O F ---   2008-09-11 09:43:52

0

269

Äänestä

    Vastaukset

    Anonyymi (Kirjaudu / Rekisteröidy)
    5000

      Ketjusta on poistettu 0 sääntöjenvastaista viestiä.

      Takaisin ylös

      Luetuimmat keskustelut

      1. Mikä jäi sanomatta kaivatullesi?

        Ja milloin?
        Ikävä
        75
        1161

      2. Mitkä asiat

        tekevät vaikeaksi kohdata kaivattusi?
        Ikävä
        74
        1154

      3. Rakas

        Eihän se tietysti minulle kuulu, mutta missä sinä olet? 😠
        Ikävä
        48
        1034

      4. Miltä se tuntuu

        Miltä se tuntuu havahtua, että on ollut ihmistä kohtaan, joka on rakastanut ja varjellut, täysi m*lkku? Vai havahtuuko s
        Ikävä
        104
        988

      5. Pidit itseäsi liian

        Vanhana minulle? Niinkö?
        Ikävä
        51
        965

      6. En mahda sille mitään

        Olet ihanin ja tykkään sinusta todella paljon.
        Ikävä
        34
        737

      7. Haluaisitko oikeasti

        Vakavampaa välillemme vai tämäkö riittää
        Ikävä
        49
        714

      8. Joko olet luovuttanut

        Mun suhteen?
        Ikävä
        53
        634

      9. Mitä se olisi

        Jos sinä mies saisit sanoa kaivatullesi mitä vain juuri nyt. Ilman mitään seuraamuksia yms. Niin mitä sanoisit?
        Ikävä
        39
        632

      10. Nanna Karalahti :Paljastus bisneksistä Jere Karalahden kanssa!

        Ottanut yhteyttä seiskalehden toimittajaan ja kertonut totuuden yhteisestä Herotreeni-nimisestä verkkovalmenuksesta.
        Kotimaiset julkkisjuorut
        118
        577
      Aihe
      TietosuojaselosteKäyttöehdotEvästeasetuksetSäännöt