Poslao: 08 Okt 2009 11:55
|
offline
- Prdex
- Novi MyCity građanin
- Pridružio: 04 Avg 2008
- Poruke: 10
|
Posle dve nedelje guglanja i instalacija i deinstalacija svih mogućih varijanti programa, moram da i ovde iznesem moj problem pa možda neko uspe da mi pomogne.
Radi se o virusu na Mp3 playeru Bv:AutoRun-S[Wrm] na Autorun.inf fajlu
i Win32.Trojan-Gen na I:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
Virus je blokirao Mp3 player tako da:
ne može se brisati ništa sa njega,
ne može se ništa kopirati na njega,
ne može se formatirati,
ne može se apdejtovati firmwere,
i to sve se ne može raditi iz Windowsa, Safe moda, Linuxa, ni uz pomoć specijalizovanih programa za formatiranje USB kao ni uz pomoć Hirens BootCD-a.
Koristio sam sve najpoznatije programe za viruse i malwere i očistio sam računar ali Mp3 playeru ne mogu ništa.Kada sam ubo običan USB, Avast je takođe javio iste viruse na njemu ali za razliku od Mp3 playera, uspešno je uklonio viruse i kasnije sam ga bez problema formatirao.
Molio bih nekog da mi pomogne,
postaviću logove koje budete tražili.
Hvala unapred
Pozdrav
|
|
|
|
|
Poslao: 08 Okt 2009 13:33
|
offline
- Prdex
- Novi MyCity građanin
- Pridružio: 04 Avg 2008
- Poruke: 10
|
Izvinjavam se, evo:
DDS (Ver_09-09-29.01) - NTFSx86
Run by Zoki at 12:38:21.68 on 08/10/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1534.909 [GMT 2:00]
AV: avast! antivirus 4.8.1356 [VPS 091007-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Di recnik\Di.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Easy\TV Capture\RemoteCtl.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\Zoki\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = 83.136.178.141/users/login.aspx?random=633900252707696000
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - No File
BHO: WitBHO Class: {75ed56af-4dc9-4243-a30c-4ef4dd0ca28f} - c:\documents and settings\zoki\appdata\locallow\chameleontom for ie\wit4ie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E33CF602-D945-461A-83F0-819F76A199F8} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [eMuleAutoStart] c:\program files\emule\emule.exe -AutoStart
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Di dictionary] "c:\program files\di recnik\Di.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tvcapt~1.lnk - c:\program files\easy\tv capture\RemoteCtl.exe
IE: Download all with Free Download Manager
IE: Download selected with Free Download Manager
IE: Download with Free Download Manager
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Prevedi sa Di recnikom - c:\program files\di recnik\diie.htm
IE: Translate with Di dictionary -
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\zoki\applic~1\mozilla\firefox\profiles\ks404qre.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-17 64160]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2006-2-23 11264]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-10-1 114768]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2008-10-16 13696]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-4-23 82200]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-1 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-10-1 138680]
R2 BT848;MPEG.TV, WDM Video Capture;c:\windows\system32\drivers\BT848.sys [2008-11-4 266180]
R2 BTTUNER;MPEG.TV, WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [2008-11-4 18944]
R2 BTXBAR;MPEG.TV, WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [2008-11-4 13308]
S2 mssoapr32;Microsoft Soap Resource DLL;rundll32.exe c:\windows\system32\mssoapr32.dll,ilyr --> rundll32.exe c:\windows\system32\mssoapr32.dll,ilyr [?]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-10-1 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-10-1 352920]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-6-18 12672]
=============== Created Last 30 ================
2009-10-08 11:06 <DIR> --dsh--- C:\Diskeeper
2009-10-06 12:11 <DIR> a-dshr-- C:\cmdcons
2009-10-06 10:52 <DIR> --d----- c:\documents and settings\zoki\DoctorWeb
2009-10-05 15:09 <DIR> --ds---- c:\documents and settings\zoki\UserData
2009-09-30 19:05 <DIR> --d----- c:\program files\AVG
2009-09-30 19:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-09-30 18:52 <DIR> --d----- c:\docume~1\zoki\applic~1\AVG8
2009-09-30 18:12 <DIR> --d----- c:\windows\ERUNT
2009-09-30 16:40 <DIR> --d----- C:\autorun.inf
2009-09-30 14:29 <DIR> --d----- C:\Kamicak
==================== Find3M ====================
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-08-31 08:35 3,001 a--sh--- c:\documents and settings\zoki\ppUser.dat
2009-03-13 13:06 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2009-03-13 13:06 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat
============= FINISH: 12:38:42.62 ===============
mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png
|
|
|
|
Poslao: 08 Okt 2009 13:54
|
offline
- diarno
- Anti Malware Fighter
Rank 2
- Pridružio: 15 Jun 2007
- Poruke: 5572
|
Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:
Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.
Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.
Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.
Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.
- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.
Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.
|
|
|
|
Poslao: 08 Okt 2009 14:13
|
offline
- Prdex
- Novi MyCity građanin
- Pridružio: 04 Avg 2008
- Poruke: 10
|
ComboFix 09-10-07.02 - Zoki 08/10/2009 13:57.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1534.973 [GMT 2:00]
Running from: c:\documents and settings\Zoki\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 091007-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Files Created from 2009-09-08 to 2009-10-08 )))))))))))))))))))))))))))))))
.
2009-10-08 09:06 . 2009-10-08 09:06 -------- d-----w- C:\Diskeeper
2009-10-06 08:52 . 2009-10-06 08:52 -------- d-----w- c:\documents and settings\Zoki\DoctorWeb
2009-10-05 13:09 . 2009-10-05 13:09 -------- d-s---w- c:\documents and settings\Zoki\UserData
2009-10-02 17:48 . 2009-10-02 17:48 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2009-10-02 14:28 . 2009-10-02 14:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-10-01 18:36 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-01 18:36 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-01 18:36 . 2009-09-15 10:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-10-01 18:36 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-01 18:36 . 2009-09-15 10:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-10-01 18:36 . 2009-09-15 10:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-10-01 18:36 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-01 18:36 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-01 18:35 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-30 17:05 . 2009-10-01 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-30 17:05 . 2009-09-30 17:05 -------- d-----w- c:\program files\AVG
2009-09-30 16:52 . 2009-09-30 16:52 -------- d-----w- c:\documents and settings\Zoki\Application Data\AVG8
2009-09-30 16:12 . 2009-09-30 16:12 -------- d-----w- c:\windows\ERUNT
2009-09-30 13:27 . 2009-09-30 13:27 -------- d-----w- c:\program files\Alwil Software
2009-09-30 12:29 . 2009-10-08 11:40 -------- d-----w- C:\Kamicak
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-08 12:01 . 2009-02-02 11:29 -------- d-----w- c:\documents and settings\Zoki\Application Data\uTorrent
2009-10-08 09:02 . 2008-10-16 14:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-30 13:38 . 2008-10-30 16:44 -------- d-----w- c:\program files\Google
2009-09-30 12:43 . 2009-06-15 08:04 -------- d-----w- c:\program files\FDN
2009-09-30 12:42 . 2009-06-13 09:15 -------- d-----w- c:\program files\Software Informer
2009-09-29 14:00 . 2008-10-29 10:22 -------- d-----w- c:\program files\Winamp
2009-09-28 09:59 . 2009-02-17 18:37 -------- d-----w- c:\program files\Lavasoft
2009-09-28 09:42 . 2009-03-31 16:45 -------- d-----w- c:\program files\Total Video Converter
2009-09-28 09:42 . 2008-10-29 13:18 -------- d-----w- c:\program files\Tame
2009-09-28 09:40 . 2009-06-29 13:29 -------- d-----w- c:\program files\ChameleonTom for IE
2009-09-28 06:19 . 2009-02-18 07:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-26 16:56 . 2009-02-17 18:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-10 12:54 . 2009-02-17 18:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-02-17 18:43 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-31 06:35 . 2008-10-30 15:46 3001 --sha-w- c:\documents and settings\Zoki\ppUser.dat
2009-08-06 06:28 . 2009-07-28 15:23 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"eMuleAutoStart"="c:\program files\eMule\emule.exe" [2009-02-22 5668864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Di dictionary"="c:\program files\Di recnik\Di.exe" [2007-03-16 518656]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-15 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-27 198160]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-05-10 16342528]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-19 1626112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-5-20 113664]
TV Capture Remote Control.lnk - c:\program files\Easy\TV Capture\RemoteCtl.exe [2008-11-4 143360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\CNAB4RPK.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4676:TCP"= 4676:TCP:bvcsoube
"7657:TCP"= 7657:TCP:messenger
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [17/02/2009 20:38 64160]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [23/02/2006 11:39 11264]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [01/10/2009 20:36 114768]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [16/10/2008 16:27 13696]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23/04/2007 13:03 82200]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [01/10/2009 20:36 20560]
R2 BT848;MPEG.TV, WDM Video Capture;c:\windows\system32\drivers\BT848.sys [04/11/2008 18:22 266180]
R2 BTTUNER;MPEG.TV, WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [04/11/2008 18:32 18944]
R2 BTXBAR;MPEG.TV, WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [04/11/2008 18:27 13308]
S2 mssoapr32;Microsoft Soap Resource DLL;rundll32.exe c:\windows\system32\mssoapr32.dll,ilyr --> rundll32.exe c:\windows\system32\mssoapr32.dll,ilyr [?]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [18/06/2009 15:47 12672]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - KWPCYFOD
*Deregistered* - kwpcyfod
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
fhhozvgr
.
.
------- Supplementary Scan -------
.
uStart Page = 83.136.178.141/users/login.aspx?random=633900252707696000
IE: Download all with Free Download Manager
IE: Download selected with Free Download Manager
IE: Download with Free Download Manager
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Prevedi sa Di recnikom - c:\program files\Di recnik\diie.htm
IE: Translate with Di dictionary -
FF - ProfilePath - c:\documents and settings\Zoki\Application Data\Mozilla\Firefox\Profiles\ks404qre.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
.
- - - - ORPHANS REMOVED - - - -
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Notify-avgrsstarter - (no file)
Notify-klogon - (no file)
Notify-mssoapr32 - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-10-08 14:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1659004503-299502267-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*w*&*a"\OpenWithList]
@Class="Shell"
[HKEY_USERS\S-1-5-21-1659004503-299502267-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%(*L*]
@Class="Shell"
[HKEY_USERS\S-1-5-21-1659004503-299502267-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%(*L*\OpenWithList]
@Class="Shell"
"a"="firefox.exe"
"MRUList"="a"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2328-)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-08 14:04
ComboFix-quarantined-files.txt 2009-10-08 12:04
Pre-Run: 1,050,488,832 bytes free
Post-Run: 1,026,744,320 bytes free
158
USBNoRisk 2.5 (26 July 2009) by bobby
Started at 08/10/2009 14:07:51
Searching for connected USB Mass storage...
----------------------------------------
========================================
Searching for other storage...
----------------------------------------
D: {4dc3ec66-6ec5-11dd-8c29-806d6172696f}
E: {4dc3ec67-6ec5-11dd-8c29-806d6172696f}
G: {4dc3ec69-6ec5-11dd-8c29-806d6172696f}
C: {4dc3ec6b-6ec5-11dd-8c29-806d6172696f}
F: {4dc3ec6c-6ec5-11dd-8c29-806d6172696f}
========================================
Scanning fixed storage...
----------------------------------------
No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 4dc3ec6b-6ec5-11dd-8c29-806d6172696f
No Desktop.ini files found on C:
----------------------------------------
No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 4dc3ec66-6ec5-11dd-8c29-806d6172696f
----------------------------------------
Desktop.ini found at D:\Recycled\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
No blocked files found on E:
No Autorun.inf files found on E:
No mountpoint found for E:
No mountpoint found for 4dc3ec67-6ec5-11dd-8c29-806d6172696f
----------------------------------------
Desktop.ini found at E:\Recycled\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
No blocked files found on F:
No Autorun.inf files found on F:
No mountpoint found for F:
No mountpoint found for 4dc3ec6c-6ec5-11dd-8c29-806d6172696f
No Desktop.ini files found on F:
----------------------------------------
No blocked files found on G:
No Autorun.inf files found on G:
No mountpoint found for G:
No mountpoint found for 4dc3ec69-6ec5-11dd-8c29-806d6172696f
No Desktop.ini files found on G:
----------------------------------------
========================================
Initial scan finished!
========================================
New device connected at 08/10/2009 14:08:01
Scanning for connected USB mass storage...
----------------------------------------
I: {ab91eca6-283a-11de-a608-00e04d1aafe2}
Added I:
========================================
Scanning USB mass storage for files...
----------------------------------------
No blocked files found on I:
----------------------------------------
autorun.inf found on I:
----------------------------------------
File lock detected:
USBNoRisk cannot find what locked the file
Error renaming file I:\autorun.inf
Content of I:\autorun.inf
----------------------------------------
----------------------------------------
Files referenced from I:\autorun.inf
----------------------------------------
None
----------------------------------------
Sanitized mountpoint for ab91eca6-283a-11de-a608-00e04d1aafe2
----------------------------------------
No Desktop.ini files found on I:
----------------------------------------
No mimics found on drive I:
========================================
|
|
|
|
|
Poslao: 09 Okt 2009 08:30
|
offline
- Prdex
- Novi MyCity građanin
- Pridružio: 04 Avg 2008
- Poruke: 10
|
ComboFix 09-10-07.05 - Zoki 09/10/2009 8:13.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1534.1046 [GMT 2:00]
Running from: c:\documents and settings\Zoki\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Zoki\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1356 [VPS 091008-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\windows\system32\mssoapr32.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MSSOAPR32
-------\Service_mssoapr32
((((((((((((((((((((((((( Files Created from 2009-09-09 to 2009-10-09 )))))))))))))))))))))))))))))))
.
2009-10-08 12:08 . 2009-10-08 12:09 -------- d-----w- C:\USBNoRisk
2009-10-08 09:06 . 2009-10-08 09:06 -------- d-----w- C:\Diskeeper
2009-10-06 08:52 . 2009-10-06 08:52 -------- d-----w- c:\documents and settings\Zoki\DoctorWeb
2009-10-05 13:09 . 2009-10-05 13:09 -------- d-s---w- c:\documents and settings\Zoki\UserData
2009-10-02 17:48 . 2009-10-02 17:48 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2009-10-02 14:28 . 2009-10-02 14:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-10-01 18:36 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-01 18:36 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-01 18:36 . 2009-09-15 10:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-10-01 18:36 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-01 18:36 . 2009-09-15 10:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-10-01 18:36 . 2009-09-15 10:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-10-01 18:36 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-01 18:36 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-01 18:35 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-30 17:05 . 2009-10-01 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-30 17:05 . 2009-09-30 17:05 -------- d-----w- c:\program files\AVG
2009-09-30 16:52 . 2009-09-30 16:52 -------- d-----w- c:\documents and settings\Zoki\Application Data\AVG8
2009-09-30 16:12 . 2009-09-30 16:12 -------- d-----w- c:\windows\ERUNT
2009-09-30 13:27 . 2009-09-30 13:27 -------- d-----w- c:\program files\Alwil Software
2009-09-30 12:29 . 2009-10-09 06:10 -------- d-----w- C:\Kamicak
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-09 06:17 . 2009-02-02 11:29 -------- d-----w- c:\documents and settings\Zoki\Application Data\uTorrent
2009-10-08 09:02 . 2008-10-16 14:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-30 13:38 . 2008-10-30 16:44 -------- d-----w- c:\program files\Google
2009-09-30 12:43 . 2009-06-15 08:04 -------- d-----w- c:\program files\FDN
2009-09-30 12:42 . 2009-06-13 09:15 -------- d-----w- c:\program files\Software Informer
2009-09-29 14:00 . 2008-10-29 10:22 -------- d-----w- c:\program files\Winamp
2009-09-28 09:59 . 2009-02-17 18:37 -------- d-----w- c:\program files\Lavasoft
2009-09-28 09:42 . 2009-03-31 16:45 -------- d-----w- c:\program files\Total Video Converter
2009-09-28 09:42 . 2008-10-29 13:18 -------- d-----w- c:\program files\Tame
2009-09-28 09:40 . 2009-06-29 13:29 -------- d-----w- c:\program files\ChameleonTom for IE
2009-09-28 06:19 . 2009-02-18 07:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-26 16:56 . 2009-02-17 18:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-10 12:54 . 2009-02-17 18:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-02-17 18:43 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-31 06:35 . 2008-10-30 15:46 3001 --sha-w- c:\documents and settings\Zoki\ppUser.dat
2009-08-06 06:28 . 2009-07-28 15:23 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-10-08_12.02.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-30 16:21 . 2009-10-09 06:19 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-30 16:21 . 2009-10-08 09:31 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-09 06:18 . 2009-10-09 06:18 16384 c:\windows\Temp\Perflib_Perfdata_6b0.dat
+ 2009-10-09 06:19 . 2009-10-09 06:19 16384 c:\windows\Temp\Perflib_Perfdata_4cc.dat
+ 2009-10-09 06:19 . 2009-10-09 06:19 16384 c:\windows\Temp\Perflib_Perfdata_450.dat
+ 2009-10-09 06:00 . 2009-10-09 06:19 32768 c:\windows\Temp\History\History.IE5\MSHist012009100920091010\index.dat
- 2009-09-30 16:21 . 2009-10-08 09:31 32768 c:\windows\Temp\History\History.IE5\index.dat
+ 2009-09-30 16:21 . 2009-10-09 06:19 32768 c:\windows\Temp\History\History.IE5\index.dat
+ 2009-09-30 16:21 . 2009-10-09 06:19 16384 c:\windows\Temp\Cookies\index.dat
- 2009-09-30 16:21 . 2009-10-08 09:31 16384 c:\windows\Temp\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"eMuleAutoStart"="c:\program files\eMule\emule.exe" [2009-02-22 5668864]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Di dictionary"="c:\program files\Di recnik\Di.exe" [2007-03-16 518656]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-15 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-27 198160]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-05-10 16342528]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-19 1626112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-5-20 113664]
TV Capture Remote Control.lnk - c:\program files\Easy\TV Capture\RemoteCtl.exe [2008-11-4 143360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\klogon]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mssoapr32]
[BU]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\CNAB4RPK.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [17/02/2009 20:38 64160]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [23/02/2006 11:39 11264]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [01/10/2009 20:36 114768]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [16/10/2008 16:27 13696]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23/04/2007 13:03 82200]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [01/10/2009 20:36 20560]
R2 BT848;MPEG.TV, WDM Video Capture;c:\windows\system32\drivers\BT848.sys [04/11/2008 18:22 266180]
R2 BTTUNER;MPEG.TV, WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [04/11/2008 18:32 18944]
R2 BTXBAR;MPEG.TV, WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [04/11/2008 18:27 13308]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [18/06/2009 15:47 12672]
.
.
------- Supplementary Scan -------
.
uStart Page = 83.136.178.141/users/login.aspx?random=633900252707696000
IE: Download all with Free Download Manager
IE: Download selected with Free Download Manager
IE: Download with Free Download Manager
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Prevedi sa Di recnikom - c:\program files\Di recnik\diie.htm
IE: Translate with Di dictionary -
FF - ProfilePath - c:\documents and settings\Zoki\Application Data\Mozilla\Firefox\Profiles\ks404qre.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
.
- - - - ORPHANS REMOVED - - - -
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-10-09 08:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1659004503-299502267-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*w*&*a"\OpenWithList]
@Class="Shell"
[HKEY_USERS\S-1-5-21-1659004503-299502267-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%(*L*]
@Class="Shell"
[HKEY_USERS\S-1-5-21-1659004503-299502267-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%(*L*\OpenWithList]
@Class="Shell"
"a"="firefox.exe"
"MRUList"="a"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3908-)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\savedump.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NetLimiter 2 Pro\nlsvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\CNAB4RPK.EXE
.
**************************************************************************
.
Completion time: 2009-10-09 8:23 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-09 06:23
ComboFix2.txt 2009-10-08 12:04
Pre-Run: 1,071,980,544 bytes free
Post-Run: 972,156,928 bytes free
191
Anti-virus je bio isključen i prvi put kada sam pokrenuo USBNORISK, ali evo opet,
USBNoRisk 2.5 (26 July 2009) by bobby
Started at 09/10/2009 08:25:28
Searching for connected USB Mass storage...
----------------------------------------
========================================
Searching for other storage...
----------------------------------------
D: {4dc3ec66-6ec5-11dd-8c29-806d6172696f}
E: {4dc3ec67-6ec5-11dd-8c29-806d6172696f}
G: {4dc3ec69-6ec5-11dd-8c29-806d6172696f}
C: {4dc3ec6b-6ec5-11dd-8c29-806d6172696f}
F: {4dc3ec6c-6ec5-11dd-8c29-806d6172696f}
========================================
Scanning fixed storage...
----------------------------------------
No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 4dc3ec6b-6ec5-11dd-8c29-806d6172696f
No Desktop.ini files found on C:
----------------------------------------
No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 4dc3ec66-6ec5-11dd-8c29-806d6172696f
----------------------------------------
Desktop.ini found at D:\Recycled\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
No blocked files found on E:
No Autorun.inf files found on E:
No mountpoint found for E:
No mountpoint found for 4dc3ec67-6ec5-11dd-8c29-806d6172696f
----------------------------------------
Desktop.ini found at E:\Recycled\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
No blocked files found on F:
No Autorun.inf files found on F:
No mountpoint found for F:
No mountpoint found for 4dc3ec6c-6ec5-11dd-8c29-806d6172696f
No Desktop.ini files found on F:
----------------------------------------
No blocked files found on G:
No Autorun.inf files found on G:
No mountpoint found for G:
No mountpoint found for 4dc3ec69-6ec5-11dd-8c29-806d6172696f
No Desktop.ini files found on G:
----------------------------------------
========================================
Initial scan finished!
========================================
New device connected at 09/10/2009 08:25:38
Scanning for connected USB mass storage...
----------------------------------------
I: {ab91eca6-283a-11de-a608-00e04d1aafe2}
Added I:
========================================
Scanning USB mass storage for files...
----------------------------------------
No blocked files found on I:
----------------------------------------
autorun.inf found on I:
----------------------------------------
File lock detected:
USBNoRisk cannot find what locked the file
Error renaming file I:\autorun.inf
Content of I:\autorun.inf
----------------------------------------
----------------------------------------
Files referenced from I:\autorun.inf
----------------------------------------
None
----------------------------------------
Sanitized mountpoint for ab91eca6-283a-11de-a608-00e04d1aafe2
----------------------------------------
No Desktop.ini files found on I:
----------------------------------------
No mimics found on drive I:
========================================
|
|
|
|
|
Poslao: 12 Okt 2009 15:33
|
offline
- Prdex
- Novi MyCity građanin
- Pridružio: 04 Avg 2008
- Poruke: 10
|
ComboFix 09-10-11.03 - Zoki 12/10/2009 15:14.4.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1534.1108 [GMT 2:00]
Running from: c:\documents and settings\Zoki\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Zoki\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1356 [VPS 091011-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Files Created from 2009-09-12 to 2009-10-12 )))))))))))))))))))))))))))))))
.
2009-10-10 16:09 . 2009-10-10 16:09 -------- d-----w- C:\Diskeeper
2009-10-10 16:01 . 2009-10-10 17:24 360224 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-10 16:01 . 2009-10-10 17:24 14624 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-10-10 15:39 . 2009-10-10 16:34 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-10-10 15:39 . 2009-10-10 16:34 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-10-10 15:39 . 2009-10-10 15:39 -------- d-----w- c:\program files\ParetoLogic
2009-10-10 15:39 . 2009-10-10 15:39 -------- d-----w- c:\documents and settings\Zoki\Local Settings\Application Data\Downloaded Installations
2009-10-10 14:27 . 2009-10-10 14:39 -------- d-----w- C:\SDFix
2009-10-08 12:08 . 2009-10-09 06:26 -------- d-----w- C:\USBNoRisk
2009-10-06 08:52 . 2009-10-06 08:52 -------- d-----w- c:\documents and settings\Zoki\DoctorWeb
2009-10-05 13:09 . 2009-10-05 13:09 -------- d-s---w- c:\documents and settings\Zoki\UserData
2009-10-02 17:48 . 2009-10-02 17:48 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2009-10-02 14:28 . 2009-10-02 14:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-10-01 18:36 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-01 18:36 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-01 18:36 . 2009-09-15 10:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-10-01 18:36 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-01 18:36 . 2009-09-15 10:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-10-01 18:36 . 2009-09-15 10:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-10-01 18:36 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-01 18:36 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-01 18:35 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-30 17:05 . 2009-10-01 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-30 17:05 . 2009-09-30 17:05 -------- d-----w- c:\program files\AVG
2009-09-30 16:52 . 2009-09-30 16:52 -------- d-----w- c:\documents and settings\Zoki\Application Data\AVG8
2009-09-30 16:12 . 2009-09-30 16:12 -------- d-----w- c:\windows\ERUNT
2009-09-30 13:27 . 2009-09-30 13:27 -------- d-----w- c:\program files\Alwil Software
2009-09-30 12:29 . 2009-10-12 13:07 -------- d-----w- C:\Kamicak
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-12 13:09 . 2008-12-15 09:31 -------- d-----w- c:\program files\Di recnik
2009-10-12 13:07 . 2009-02-02 11:29 -------- d-----w- c:\documents and settings\Zoki\Application Data\uTorrent
2009-10-10 17:24 . 2009-10-10 16:01 7988 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-10 17:24 . 2009-10-10 16:01 3488 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-10-08 09:02 . 2008-10-16 14:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-30 13:38 . 2008-10-30 16:44 -------- d-----w- c:\program files\Google
2009-09-30 12:43 . 2009-06-15 08:04 -------- d-----w- c:\program files\FDN
2009-09-30 12:42 . 2009-06-13 09:15 -------- d-----w- c:\program files\Software Informer
2009-09-29 14:00 . 2008-10-29 10:22 -------- d-----w- c:\program files\Winamp
2009-09-28 09:59 . 2009-02-17 18:37 -------- d-----w- c:\program files\Lavasoft
2009-09-28 09:42 . 2009-03-31 16:45 -------- d-----w- c:\program files\Total Video Converter
2009-09-28 09:42 . 2008-10-29 13:18 -------- d-----w- c:\program files\Tame
2009-09-28 09:40 . 2009-06-29 13:29 -------- d-----w- c:\program files\ChameleonTom for IE
2009-09-28 06:19 . 2009-02-18 07:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-26 16:56 . 2009-02-17 18:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-10 12:54 . 2009-02-17 18:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-02-17 18:43 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-31 06:35 . 2008-10-30 15:46 3001 --sha-w- c:\documents and settings\Zoki\ppUser.dat
2009-08-06 06:28 . 2009-07-28 15:23 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-10-08_12.02.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-12 13:08 . 2009-10-12 13:08 16384 c:\windows\Temp\Perflib_Perfdata_5f8.dat
+ 2009-10-12 13:08 . 2009-10-12 13:08 16384 c:\windows\Temp\Perflib_Perfdata_518.dat
+ 2009-10-10 14:30 . 2009-10-10 14:30 8192 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
- 2009-09-30 16:12 . 2009-09-30 16:12 8192 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2009-10-10 14:30 . 2009-10-10 14:30 606208 c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eMuleAutoStart"="c:\program files\eMule\emule.exe" [2009-02-22 5668864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Di dictionary"="c:\program files\Di recnik\Di.exe" [2007-03-16 518656]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-15 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-27 198160]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-05-10 16342528]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-19 1626112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-5-20 113664]
TV Capture Remote Control.lnk - c:\program files\Easy\TV Capture\RemoteCtl.exe [2008-11-4 143360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\CNAB4RPK.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [17/02/2009 20:38 64160]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [23/02/2006 11:39 11264]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [01/10/2009 20:36 114768]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [16/10/2008 16:27 13696]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23/04/2007 13:03 82200]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [01/10/2009 20:36 20560]
R2 BT848;MPEG.TV, WDM Video Capture;c:\windows\system32\drivers\BT848.sys [04/11/2008 18:22 266180]
R2 BTTUNER;MPEG.TV, WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [04/11/2008 18:32 18944]
R2 BTXBAR;MPEG.TV, WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [04/11/2008 18:27 13308]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [18/06/2009 15:47 12672]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = 83.136.178.141/users/login.aspx?random=633900252707696000
IE: Download all with Free Download Manager
IE: Download selected with Free Download Manager
IE: Download with Free Download Manager
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Prevedi sa Di recnikom - c:\program files\Di recnik\diie.htm
IE: Translate with Di dictionary -
FF - ProfilePath - c:\documents and settings\Zoki\Application Data\Mozilla\Firefox\Profiles\ks404qre.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
.
- - - - ORPHANS REMOVED - - - -
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-10-12 15:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1659004503-299502267-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*w*&*a"\OpenWithList]
@Class="Shell"
[HKEY_USERS\S-1-5-21-1659004503-299502267-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%(*L*]
@Class="Shell"
[HKEY_USERS\S-1-5-21-1659004503-299502267-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%(*L*\OpenWithList]
@Class="Shell"
"a"="firefox.exe"
"MRUList"="a"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3716)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-12 15:21
ComboFix-quarantined-files.txt 2009-10-12 13:20
ComboFix2.txt 2009-10-08 12:04
Pre-Run: 1,111,367,680 bytes free
Post-Run: 1,132,896,256 bytes free
167
Stanje nažalost ne promenjeno
|
|
|
|
|