offline
- Hm....?!
- Građanin
- Pridružio: 23 Jul 2008
- Poruke: 216
- Gde živiš: Pomoravlje
|
ComboFix 09-06-29.04 - Korisnik 06/30/2009 18:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1666 [GMT 2:00]
Running from: c:\documents and settings\Korisnik\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Korisnik\Application Data\.#
c:\documents and settings\Korisnik\Application Data\inst.exe
c:\program files\ThunMail
c:\windows\system32\drivers\gaopdxbaqbrntn.sys
c:\windows\system32\drivers\gaopdxbavbdmta.sys
c:\windows\system32\drivers\gaopdxbpjdsxwn.sys
c:\windows\system32\drivers\gaopdxcpjejlys.sys
c:\windows\system32\drivers\gaopdxejbgixjo.sys
c:\windows\system32\drivers\gaopdxfvakdpat.sys
c:\windows\system32\drivers\gaopdxhyubqhkw.sys
c:\windows\system32\drivers\gaopdxidoyybiv.sys
c:\windows\system32\drivers\gaopdxipxjyebi.sys
c:\windows\system32\drivers\gaopdxjwqvdktu.sys
c:\windows\system32\drivers\gaopdxlqbuyfwb.sys
c:\windows\system32\drivers\gaopdxppppnsxo.sys
c:\windows\system32\drivers\gaopdxrvxfnxml.sys
c:\windows\system32\drivers\gaopdxtfqpappk.sys
c:\windows\system32\drivers\gaopdxulvkyxjx.sys
c:\windows\system32\drivers\seneka.sys
c:\windows\system32\drivers\senekasdjbimps.sys
c:\windows\system32\ftp_non_crp.exe
c:\windows\system32\gaopdxcntoriqo.dll
c:\windows\system32\senekabrfvkhaq.dat
c:\windows\system32\senekacfjdajiq.dat
c:\windows\system32\senekanvymetob.dll
c:\windows\system32\senekaotnippkv.dll
c:\windows\system32\senekaowbsdpaa.db
c:\windows\system32\senekashcbmilt.dll
c:\windows\system32\senekaxnxtetcm.dll
c:\windows\system32\service-466.exe
c:\windows\system32\vic_setup.exe
c:\windows\system32\vp_setup.exe
c:\windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_gaopdxserv.sys
-------\Service_SENEKA
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-30 )))))))))))))))))))))))))))))))
.
2009-06-30 15:42 . 2009-06-30 15:42 -------- d-----w- c:\program files\Trend Micro
2009-06-30 10:26 . 2009-06-30 10:26 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-06-30 10:26 . 2009-06-30 10:26 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\Google
2009-06-30 10:23 . 2009-06-30 14:28 -------- d-----w- c:\program files\Google
2009-06-30 10:14 . 2009-06-30 10:14 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\ESET
2009-06-30 09:44 . 2009-06-30 09:44 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-06-23 12:58 . 2007-11-28 17:51 40960 ----a-w- c:\windows\system32\lxdnvs.dll
2009-06-23 12:58 . 2008-02-15 04:52 348160 ----a-w- c:\windows\system32\lxdncoin.dll
2009-06-23 12:58 . 2007-11-21 00:02 782336 ----a-w- c:\windows\system32\lxdndrs.dll
2009-06-23 12:58 . 2007-11-20 23:44 81920 ----a-w- c:\windows\system32\lxdncaps.dll
2009-06-23 12:58 . 2007-10-02 22:51 69632 ----a-w- c:\windows\system32\lxdncnv4.dll
2009-06-23 08:45 . 2009-06-25 13:53 -------- d-----w- c:\program files\Folder Lock 6
2009-06-23 08:38 . 2009-06-23 08:38 -------- d-----w- C:\logs
2009-06-23 08:35 . 2009-06-23 08:35 180224 ----a-w- c:\windows\system32\WinVd32.sys
2009-06-23 08:35 . 2009-06-23 08:35 7680 ----a-w- c:\windows\system32\WinFLsrv.exe
2009-06-23 08:35 . 2009-06-23 08:35 10752 ----a-w- c:\windows\system32\WinFLdrv.sys
2009-06-23 08:35 . 2009-06-23 08:43 -------- d-----w- c:\program files\uy
2009-06-11 15:07 . 2009-06-11 15:07 152576 ----a-w- c:\documents and settings\Korisnik\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-07 11:38 . 2009-06-07 11:38 -------- d-----w- c:\program files\Convert VOB to AVI
2009-06-07 09:52 . 2009-06-07 09:52 -------- d-----w- c:\documents and settings\Korisnik\Application Data\Lexmark Productivity Studio
2009-06-07 09:45 . 2009-06-07 09:45 -------- d-----w- c:\program files\Lexmark Toolbar
2009-06-04 13:39 . 2009-06-27 18:50 -------- d-----w- c:\documents and settings\All Users\Lx_cats
2009-06-04 13:39 . 2008-04-13 22:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-06-04 13:39 . 2008-04-13 22:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-06-04 13:38 . 2001-08-17 20:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2009-06-04 13:38 . 2001-08-17 20:36 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2009-06-04 13:38 . 2007-11-01 14:33 12288 ----a-w- c:\windows\system32\LXF3PMRC.DLL
2009-06-04 13:38 . 2007-05-02 02:05 98345 ----a-w- c:\windows\system32\IMHOST32.DLL
2009-06-04 13:38 . 2007-05-02 02:05 339968 ----a-w- c:\windows\system32\IMGMAN32.DLL
2009-06-04 13:38 . 2009-06-04 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\FaxCtr
2009-06-04 13:35 . 2008-04-13 22:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-06-04 13:35 . 2008-04-13 22:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-30 09:58 . 2009-03-22 18:35 -------- d-----w- c:\program files\Eset
2009-06-30 09:43 . 2009-01-14 19:02 -------- d-----w- c:\documents and settings\Korisnik\Application Data\uTorrent
2009-06-23 13:01 . 2009-06-23 12:57 -------- d-----w- c:\program files\Lexmark 2600 Series
2009-06-23 08:15 . 2009-01-23 13:58 -------- d-----w- c:\program files\Everstrike Software
2009-06-23 08:14 . 2009-01-15 14:06 -------- d-----w- c:\documents and settings\Korisnik\Application Data\Vso
2009-06-23 08:14 . 2009-01-15 14:06 47360 ----a-w- c:\documents and settings\Korisnik\Application Data\pcouffin.sys
2009-06-23 08:14 . 2009-01-15 14:06 47360 ----a-w- c:\documents and settings\Korisnik\Application Data\pcouffin.sys
2009-06-11 15:07 . 2009-01-17 17:19 -------- d-----w- c:\program files\Java
2009-06-04 14:35 . 2009-06-04 14:35 842192 ----a-w- c:\documents and settings\All Users\SPL156.tmp
2009-06-04 14:12 . 2008-08-06 11:07 -------- d-----w- c:\program files\Realtek
2009-06-04 14:12 . 2009-01-27 17:01 -------- d-----w- c:\program files\Mv2Player
2009-06-04 14:12 . 2008-08-06 11:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-04 14:11 . 2008-08-06 11:34 -------- d-----w- c:\program files\BSPLAYER
2009-06-04 14:11 . 2009-01-17 22:56 -------- d-----w- c:\program files\AtomixMP3
2009-05-21 09:33 . 2009-01-17 17:19 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-27 12:47 . 2009-04-27 12:47 530 ----a-w- c:\windows\eReg.dat
2009-04-17 22:01 . 2009-04-17 21:46 110592 ----a-w- c:\windows\system32\winsetup66.exe
2009-04-17 20:03 . 2009-04-17 20:03 152576 ----a-w- c:\documents and settings\Korisnik\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-03 18:56 . 2009-04-03 18:08 131072 ----a-w- c:\windows\system32\winsetup63.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"srpskey"="c:\windows\SYSTEM32\SRPSKEY.EXE" [2009-01-15 36864]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2008-03-27 660136]
"lxdnamon"="c:\program files\Lexmark 2600 Series\lxdnamon.exe" [2008-03-27 16040]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-09-19 16844800]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Java S1"="\\?\globalroot\systemroot\system32\mschr.exe" [?]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-04-14 99840]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\lxdncoms.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"=
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 2:23 PM 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/6/2009 2:24 PM 93336]
R2 ekrn;ESET Service;c:\program files\Eset\ESET NOD32 Antivirus\ekrn.exe [2/6/2009 2:23 PM 727720]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [6/23/2009 10:35 AM 10752]
S2 gupdate1c9f96d31693620;Google Update Service (gupdate1c9f96d31693620);c:\program files\Google\Update\GoogleUpdate.exe [6/30/2009 12:26 PM 133104]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [6/23/2009 2:58 PM 98984]
.
Contents of the 'Scheduled Tasks' folder
2009-06-30 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-30 10:26]
.
- - - - ORPHANS REMOVED - - - -
HKU-Default-Run-svc - c:\program files\ThunMail\testabd.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bsplayer-search.com/startpage
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open using &Advanced JPEG Compressor - c:\program files\Advanced JPEG Compressor\ajcieex.htm
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-30 18:23
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\docume~1\Korisnik\LOCALS~1\Temp\Perflib_Perfdata_25c.dat 0 bytes
c:\windows\system32\sys_drv.dat 6024 bytes
c:\windows\system32\sys_drv_2.dat 5020 bytes
c:\documents and settings\Korisnik\Application Data\systemfl.$dk 990 bytes
scan completed successfully
hidden files: 4
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1482476501-1580818891-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D8E5740B-DF24-472A-F1F6-C34BFEEEDBC8}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oapfaihdnagdojpekffkaikjdkebfc"=hex:64,61,61,69,64,68,70,69,00,e0
"oadgalhikjbichpgfpebgmmppbojgj"=hex:6a,61,61,69,6a,66,6a,6c,6d,6c,69,6b,64,6d,
70,65,6f,6f,63,6c,00,fd
"nabhgjbdaehnglcjkkgjfkfjehld"=hex:69,61,70,68,67,69,6b,6d,6c,6f,69,6c,68,6c,
65,68,70,66,00,00
"ealgaijbco"=hex:61,61,00,00
"cacgcm"=hex:65,61,67,65,6b,61,6a,63,6d,6b,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(768-)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3648-)
c:\windows\SYSTEM32\srpskeyh5.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
c:\program files\Lexmark 2600 Series\lxdnmsdmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\progra~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
c:\windows\system32\lxdncoms.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-06-30 18:25 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-30 16:25
Pre-Run: 21,671,919,616 bytes free
Post-Run: 27,384,709,120 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
228
|
Kada preuzimanje programa bude završeno:
