Geneste weergave | Lineaire weergave

avbrocks · 25-12-2010, 15:13

thanks for this
my problem is that there is an olmarik trojan in my system from days and i am searching how to remove it but couldnt so can u help me i just have given an hijack file for ur use,thanks

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:34:00 PM, on 12/25/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Documents and Settings\Dr.Vasant.Barve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\BitTorrent\BitTorrent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Documents and Settings\Dr.Vasant.Barve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Dr.Vasant.Barve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dr.Vasant.Barve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dr.Vasant.Barve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBit1.dll
R3 - URLSearchHook: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll
O2 - BHO: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBit1.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBit1.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dr.Vasant.Barve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9120 bytes

***Marckie*** · (Dit bericht is het laatst bewerkt op 25-12-2010 om 18:18 door Marckie.)

Hi,

Start HijackThis again, close all open windows leaving only HijackThis running. Place a check against this line:
O4 - HKUS\S-1-5-18\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'SYSTEM')
Click on Fix Checked and exit HijackThis.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, change it to Cure and then click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
Click the Report button and copy/paste the contents of it into your next reply.

Run hijackthis again, and post a new log.

avbrocks · 26-12-2010, 09:29

thanks for ur reply sir,
also in TDSS tool there was no option of cure for suspicious files so i quarintined one suspecious file.

2010/12/26 12:54:44.0875 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/26 12:54:44.0875 ================================================================================
2010/12/26 12:54:44.0875 SystemInfo:
2010/12/26 12:54:44.0875
2010/12/26 12:54:44.0875 OS Version: 5.1.2600 ServicePack: 2.0
2010/12/26 12:54:44.0875 Product type: Workstation
2010/12/26 12:54:44.0875 ComputerName: WIN06V3
2010/12/26 12:54:44.0875 UserName: Dr.Vasant.Barve
2010/12/26 12:54:44.0875 Windows directory: C:\WINDOWS
2010/12/26 12:54:44.0875 System windows directory: C:\WINDOWS
2010/12/26 12:54:44.0875 Processor architecture: Intel x86
2010/12/26 12:54:44.0875 Number of processors: 2
2010/12/26 12:54:44.0875 Page size: 0x1000
2010/12/26 12:54:44.0875 Boot type: Normal boot
2010/12/26 12:54:44.0875 ================================================================================
2010/12/26 12:54:45.0187 Initialize success

this is hijack file
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:00:00 PM, on 12/26/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Documents and Settings\Dr.Vasant.Barve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\BitTorrent\BitTorrent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBit1.dll
R3 - URLSearchHook: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll
O2 - BHO: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBit1.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBit1.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dr.Vasant.Barve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8623 bytes

(25-12-2010 18:17)Marckie schreef: Hi,

Start HijackThis again, close all open windows leaving only HijackThis running. Place a check against this line:
O4 - HKUS\S-1-5-18\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'SYSTEM')
Click on Fix Checked and exit HijackThis.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, change it to Cure and then click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
Click the Report button and copy/paste the contents of it into your next reply.

Run hijackthis again, and post a new log.

***Marckie*** · 26-12-2010, 09:59

Hi,

Can you post the complete log made by tdskiller please. This log is just a small part of it.

avbrocks · 27-12-2010, 08:46

sory sir i just did as u said,
today i ran the tdskiller and scanned by it there was one suspicious file so just skipped that and the report for that is given below

2010/12/27 12:15:54.0921 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/27 12:15:54.0921 ================================================================================
2010/12/27 12:15:54.0921 SystemInfo:
2010/12/27 12:15:54.0921
2010/12/27 12:15:54.0921 OS Version: 5.1.2600 ServicePack: 2.0
2010/12/27 12:15:54.0921 Product type: Workstation
2010/12/27 12:15:54.0921 ComputerName: WIN06V3
2010/12/27 12:15:54.0921 UserName: Dr.Vasant.Barve
2010/12/27 12:15:54.0921 Windows directory: C:\WINDOWS
2010/12/27 12:15:54.0921 System windows directory: C:\WINDOWS
2010/12/27 12:15:54.0921 Processor architecture: Intel x86
2010/12/27 12:15:54.0921 Number of processors: 2
2010/12/27 12:15:54.0921 Page size: 0x1000
2010/12/27 12:15:54.0921 Boot type: Normal boot
2010/12/27 12:15:54.0921 ================================================================================
2010/12/27 12:15:55.0234 Initialize success
2010/12/27 12:15:56.0484 ================================================================================
2010/12/27 12:15:56.0484 Scan started
2010/12/27 12:15:56.0484 Mode: Manual;
2010/12/27 12:15:56.0484 ================================================================================
2010/12/27 12:15:57.0140 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/27 12:15:57.0203 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/27 12:15:57.0359 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2010/12/27 12:15:57.0406 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2010/12/27 12:15:57.0828 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2010/12/27 12:15:58.0218 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/27 12:15:58.0265 atapi (c4b52426b79c6f6664b70b8e63b1b837) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/27 12:15:58.0390 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/27 12:15:58.0453 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/27 12:15:58.0515 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/27 12:15:58.0718 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/27 12:15:58.0828 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/27 12:15:58.0875 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/27 12:15:58.0953 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/27 12:15:59.0406 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/27 12:15:59.0484 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/27 12:15:59.0578 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/27 12:15:59.0609 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/27 12:15:59.0687 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/27 12:15:59.0828 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/27 12:15:59.0937 eamon (1ceb779239965000b8f6adee17d4515b) C:\WINDOWS\system32\DRIVERS\eamon.sys
2010/12/27 12:16:00.0093 ehdrv (7d300a43a7bd8769e0f901bf9e1ae367) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
2010/12/27 12:16:00.0250 ElbyCDFL (80d46e888cd8c8139dffcc7eb6017cac) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
2010/12/27 12:16:00.0312 ElbyCDIO (329ed852d278242a6a55214cd40fceab) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2010/12/27 12:16:00.0375 ElbyVCD (96be34dab59c5df3fc7c9a3e6839d2d2) C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys
2010/12/27 12:16:00.0468 epfwtdir (ecd5f68e32ff5c6a728eb03dc892ae7f) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
2010/12/27 12:16:00.0531 Fastfat (aa2c2207178da057937ac2e363ba3bbb) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/27 12:16:00.0593 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2010/12/27 12:16:00.0656 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/27 12:16:00.0703 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/12/27 12:16:00.0765 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/12/27 12:16:00.0796 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/27 12:16:00.0828 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/27 12:16:00.0890 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/27 12:16:00.0968 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/27 12:16:01.0109 HTTP (3247a2db333d1521680e6864a8295a47) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/27 12:16:01.0343 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/27 12:16:01.0390 Imapi (ad5e8a6c823f24882a6826d7dbccf4a3) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/27 12:16:01.0625 IntcAzAudAddService (001aaca6ed0e6b00fc5b8faf74977e81) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/12/27 12:16:01.0812 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/12/27 12:16:01.0843 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/27 12:16:01.0890 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/27 12:16:01.0968 IpNat (8668ee23c9bc29783d0a21c693655387) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/27 12:16:02.0031 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/27 12:16:02.0093 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/27 12:16:02.0140 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/27 12:16:02.0250 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/27 12:16:02.0343 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/27 12:16:02.0375 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/27 12:16:02.0515 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/27 12:16:02.0609 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/27 12:16:02.0718 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/27 12:16:02.0781 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/27 12:16:02.0890 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/27 12:16:02.0953 MRxSmb (f6bfae0cc79784d0a72df6684c173437) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/27 12:16:03.0000 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/27 12:16:03.0093 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/27 12:16:03.0187 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/27 12:16:03.0250 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/27 12:16:03.0312 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/27 12:16:03.0375 Mup (79a9c030299e8cc04f18d0765155d902) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/27 12:16:03.0421 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/27 12:16:03.0453 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/27 12:16:03.0500 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/27 12:16:03.0546 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/27 12:16:03.0562 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/27 12:16:03.0609 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/27 12:16:03.0703 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/27 12:16:03.0828 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys
2010/12/27 12:16:03.0906 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2010/12/27 12:16:03.0984 nmwcdnsu (338f83ee9cb9e15eeacf0cbb90218cbf) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
2010/12/27 12:16:04.0093 nmwcdnsuc (d15bac979144fb69ed28f97b2dd84d48) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
2010/12/27 12:16:04.0156 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/27 12:16:04.0265 Ntfs (23601d0a2c3d71f51315d9bf0cf20ec0) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/27 12:16:04.0296 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/27 12:16:04.0453 nv (15a6306a0b958bf60f09688d0ee70479) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/12/27 12:16:04.0640 nvata (947c4a0e7b25bcecc3b40f0f1070378b) C:\WINDOWS\system32\DRIVERS\nvata.sys
2010/12/27 12:16:04.0703 NVENETFD (4d6f0d3fb17c1ba64942f415c73adcdb) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2010/12/27 12:16:04.0781 nvnetbus (921e63aa1e1a20302223d016acafb52b) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2010/12/27 12:16:04.0828 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/27 12:16:04.0890 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/27 12:16:04.0968 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/27 12:16:05.0000 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/27 12:16:05.0031 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/27 12:16:05.0125 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2010/12/27 12:16:05.0218 PCI (de1d9a5d50166a6d8a51daa936fc56a4) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/27 12:16:05.0328 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/27 12:16:05.0390 Pcmcia (36458ab24389af198194f73b9c6db8fe) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/27 12:16:05.0921 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/27 12:16:05.0968 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/27 12:16:06.0000 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/27 12:16:06.0421 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/27 12:16:06.0468 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/27 12:16:06.0515 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/27 12:16:06.0531 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/27 12:16:06.0593 Rdbss (d0fef8156d2d2fec557c100956d76887) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/27 12:16:06.0625 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/27 12:16:06.0703 rdpdr (762c391bd3123754f9cbdf6c4269b55b) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/27 12:16:06.0828 RDPWD (047bea21274c8a4a233674a76c958c2c) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/27 12:16:06.0937 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/27 12:16:07.0031 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/27 12:16:07.0125 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/27 12:16:07.0171 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/27 12:16:07.0218 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/27 12:16:07.0453 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/27 12:16:07.0546 sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys
2010/12/27 12:16:07.0546 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329
2010/12/27 12:16:07.0562 sptd - detected Locked file (1)
2010/12/27 12:16:07.0656 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/27 12:16:07.0718 Srv (54e79b08d0abc9c551d0fe69cc2f87ec) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/27 12:16:07.0781 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/27 12:16:07.0859 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/27 12:16:08.0265 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/27 12:16:08.0343 Tcpip (5562cc0a47b2aef06d3417b733f3c195) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/27 12:16:08.0453 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/27 12:16:08.0546 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/27 12:16:08.0625 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/27 12:16:08.0781 Udfs (5468714efdcc70e24981e5874b5a6ce5) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/27 12:16:08.0921 Update (a4815a4884898f355a3513e60843a4fd) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/27 12:16:09.0031 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2010/12/27 12:16:09.0140 usbehci (708579b01fed227aadb393cb0c3b4a2c) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/27 12:16:09.0187 usbhub (b928132426e65558a2252e351a3e12db) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/27 12:16:09.0265 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/12/27 12:16:09.0359 usbser (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\drivers\usbser.sys
2010/12/27 12:16:09.0437 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2010/12/27 12:16:09.0546 USBSTOR (d31343bc16e50ad3b639e7d8d2639816) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/27 12:16:09.0625 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/12/27 12:16:09.0781 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/27 12:16:09.0859 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/27 12:16:09.0968 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/12/27 12:16:10.0140 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/27 12:16:10.0250 WpdUsb (ef8848d2a558affe99cf264180e499ac) C:\WINDOWS\system32\Drivers\wpdusb.sys
2010/12/27 12:16:10.0375 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/12/27 12:16:10.0453 ================================================================================
2010/12/27 12:16:10.0453 Scan finished
2010/12/27 12:16:10.0453 ================================================================================
2010/12/27 12:16:10.0468 Detected object count: 1
2010/12/27 12:16:19.0265 Locked file(sptd) - User select action: Skip

(26-12-2010 09:59)Marckie schreef: Hi,

Can you post the complete log made by tdskiller please. This log is just a small part of it.

***Marckie*** · (Dit bericht is het laatst bewerkt op 27-12-2010 om 18:27 door Marckie.)

Hi,

No problem.
There is nothing wrong with this file.
How is the computer running now? Do you still get messages from NOD32 it is detecting the olmarik-trojan?

avbrocks · 28-12-2010, 08:48

hello madam how are you???
well thanks for the help u have given me it was very nice of you also i got to learn new things that help can be taken from your forum i did not know that a thread can be put and can get assistance.
very useful you all are doing a very good job of helping this is what many of us who are not from computer field require
salute to you and thanks once again

my computer is working good as usual and the message or the notification does not come now thanks for that
also i had installed combofix earlier after reading on some sites so is there a problem,how to uninstall it and should i delete those TDS killer files.

this is the eset log from my system
i ran tds killer on 26th today is 28th
12/26/2010 12:41:24 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean WIN06V3\Dr.Vasant.Barve
12/26/2010 9:09:11 AM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean WIN06V3\Dr.Vasant.Barve
12/26/2010 1:21:46 AM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean
12/25/2010 10:20:19 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean WIN06V3\Dr.Vasant.Barve
12/25/2010 7:54:49 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean
12/25/2010 7:41:18 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean WIN06V3\Dr.Vasant.Barve
12/25/2010 6:09:36 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean WIN06V3\Dr.Vasant.Barve
12/25/2010 5:21:01 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean WIN06V3\Dr.Vasant.Barve
12/25/2010 4:52:11 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean WIN06V3\Dr.Vasant.Barve
12/25/2010 3:26:44 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean WIN06V3\Dr.Vasant.Barve
12/25/2010 1:53:52 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean
12/25/2010 1:01:06 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean WIN06V3\Dr.Vasant.Barve
12/25/2010 12:51:48 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean WIN06V3\Dr.Vasant.Barve
12/24/2010 8:50:58 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean
12/24/2010 8:50:04 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean WIN06V3\Dr.Vasant.Barve
12/24/2010 3:22:59 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean WIN06V3\Dr.Vasant.Barve
12/24/2010 11:23:43 AM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean WIN06V3\Dr.Vasant.Barve
12/24/2010 9:16:42 AM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean WIN06V3\Dr.Vasant.Barve
12/23/2010 10:22:09 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean WIN06V3\Dr.Vasant.Barve
12/23/2010 10:11:39 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean
12/23/2010 10:10:56 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean WIN06V3\Dr.Vasant.Barve
12/23/2010 6:47:04 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean WIN06V3\Dr.Vasant.Barve
12/23/2010 5:26:09 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean
12/23/2010 5:25:43 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean WIN06V3\Dr.Vasant.Barve
12/23/2010 3:49:54 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean WIN06V3\Dr.Vasant.Barve
12/23/2010 10:49:36 AM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean
12/23/2010 10:49:03 AM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean WIN06V3\Dr.Vasant.Barve
12/22/2010 8:26:05 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean
12/22/2010 8:25:16 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean WIN06V3\Dr.Vasant.Barve
12/22/2010 4:18:58 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean WIN06V3\Dr.Vasant.Barve
12/22/2010 4:04:30 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean
12/22/2010 4:04:02 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean WIN06V3\Dr.Vasant.Barve
12/22/2010 3:16:25 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean WIN06V3\Dr.Vasant.Barve
12/22/2010 1:26:41 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean
12/22/2010 11:25:33 AM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean
12/22/2010 11:24:51 AM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean WIN06V3\Dr.Vasant.Barve
12/21/2010 8:41:32 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean
12/21/2010 8:31:34 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean WIN06V3\Dr.Vasant.Barve
12/21/2010 7:16:31 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean
12/21/2010 7:10:22 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean WIN06V3\Dr.Vasant.Barve
12/21/2010 3:57:41 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean
12/21/2010 3:46:24 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean WIN06V3\Dr.Vasant.Barve
12/21/2010 3:23:35 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean WIN06V3\Dr.Vasant.Barve
12/21/2010 2:38:42 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean WIN06V3\Dr.Vasant.Barve
12/21/2010 11:50:27 AM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean
12/21/2010 10:49:36 AM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean
12/21/2010 9:48:18 AM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean WIN06V3\Dr.Vasant.Barve
12/20/2010 8:48:32 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean WIN06V3\Dr.Vasant.Barve
12/20/2010 8:30:43 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean
12/20/2010 6:32:14 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean WIN06V3\Dr.Vasant.Barve
12/20/2010 6:30:32 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean
12/20/2010 6:30:02 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean WIN06V3\Dr.Vasant.Barve
12/20/2010 3:42:33 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean WIN06V3\Dr.Vasant.Barve
12/20/2010 2:50:35 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean WIN06V3\Dr.Vasant.Barve
12/20/2010 2:01:31 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean WIN06V3\Dr.Vasant.Barve
12/20/2010 10:07:59 AM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean
12/20/2010 10:07:22 AM Startup scanner operating memory Operating memory Win32/Olmarik trojan error while cleaning - operation unavailable for this object type WIN06V3\Dr.Vasant.Barve
12/19/2010 5:42:30 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean
12/19/2010 5:41:53 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean WIN06V3\Dr.Vasant.Barve
12/18/2010 9:35:45 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan error while cleaning - operation unavailable for this object type
12/18/2010 9:24:40 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan WIN06V3\Dr.Vasant.Barve
12/18/2010 1:03:57 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan error while cleaning - operation unavailable for this object type
12/18/2010 12:54:58 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan WIN06V3\Dr.Vasant.Barve
12/17/2010 9:06:18 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan error while cleaning - operation unavailable for this object type
12/17/2010 8:18:41 PM Startup scanner operating memory Operating memory Win32/Olmarik trojan error while cleaning - operation unavailable for this object type

(27-12-2010 18:27)Marckie schreef: Hi,

No problem.
There is nothing wrong with this file.
How is the computer running now? Do you still get messages from NOD32 it is detecting the olmarik-trojan?

***Marckie*** · 29-12-2010, 17:17

Glad I could help.
If you want, you can run combofix again and post the log.

avbrocks · 30-12-2010, 08:31

my computer is working good as usual and the message or the notification does not come now thanks for that
also i had installed combofix earlier after reading on some sites so is there a problem,how to uninstall it and should i delete those TDS killer files.

(29-12-2010 17:17)Marckie schreef: Glad I could help.
If you want, you can run combofix again and post the log.

***Marckie*** · 30-12-2010, 17:09

Go to Start - Run and type the bold text below:
comboFix /uninstall
Hit Enter.

This will uninstall Combofix.

You may delete tdskiller and the logs.