Plese help!!!

1

Plese help!!!

offline
  • Pridružio: 15 Okt 2008
  • Poruke: 35

Juce sam skidao neke fajlove sa rapidshare i zakacio neki opaki virus...
prvo sam probao kaspersky internet security updated and licenced i nije uspeo da mi otkloni virus... nakon toga sam probao da otkrijem o kojem se virusu radi na kaspersky.com on line scaneru ali ponovo nista pokazuje da je komp cist a ustvari u compu je haos.... nisam mogao da pristupim task manageru kao i control panelu u donjem desnom uglu pisalo je VIRUS ALERT.... video sam da od kasperskog nem leba pa sam preso na systematic norton 360 i naravno i on nije upalio... na kraju sam se resio viusa uz pomoc nekih programa za ciscenje koje mi je poslao ortak a radi se o pcps-cleaneru - juce sam prvi put cuo ali to nije ni vazno zato sto sam se resio virusa! ali sada je nastao novi problem na internet mogu da idem samo preko IE! firefox neradi kao ni limewire/razni updatovi i sl... pa me zanima u cemu je problem??? da li je to posledica virusa??? ja mislim da treba nesto da podesim ali neznam sta! probao sam da iskljucim firewall ali nije pomoglo PLS HELP!

offline
  • Civil Works Team Leader @ IKEA Centres Russia
  • Pridružio: 22 Jun 2005
  • Poruke: 7912
  • Gde živiš: Moskva, Rusija

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Pise "Vazno", crvenim slovima naslov "KAKO OTVORITI TEMU U AMBULANTI" i opet se ne cita i ne postuje... Hajde polako iz pocetka, po uputstvima iz te teme.

offline
  • Pridružio: 15 Okt 2008
  • Poruke: 35

sry sto nisam procitao uputstva... logfile...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:39 AM, on 10/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Administrator\Desktop\tr3.exe\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: rosqxvmn - {E01D0ACE-25AC-4353-87EF-6CB2B368E3C7} - C:\WINDOWS\rosqxvmn.dll (file missing)
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [14d6fec2] rundll32.exe "C:\WINDOWS\system32\qfstraqm.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB4295] command /c del "C:\WINDOWS\system32\smp\msrc.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9585] cmd /c del "C:\WINDOWS\system32\smp\msrc.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4517] command /c del "C:\WINDOWS\system32\vjiujhip.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8303] cmd /c del "C:\WINDOWS\system32\vjiujhip.dll_old"
O4 - HKLM\..\Policies\Explorer\Run: [ngNaqSJuHW] C:\Documents and Settings\All Users\Application Data\vwlerqxo\fcdmzihw.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} (PrinterHelpEtcActiveX Control) - samsungdp.com/printerhelp/ActiveX/DrPrinter.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: qrbgltos - {9F3B4420-3B40-49AB-8239-64F13E143FDA} - C:\WINDOWS\qrbgltos.dll (file missing)
O21 - SSODL: ngwstxfd - {1BC7C9C7-60AF-4D3D-8555-CD5E296CA7F0} - C:\WINDOWS\ngwstxfd.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5948 bytes

Dopuna: 16 Okt 2008 11:59

inace imam internet 512 kbps

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Poz...


Za početak restartuj kompjuter kako bi SpyBot mogao da završi sa radom.

Takođe, potrebno je preimenovati sam file hijackthis.exe u npr. tr3.exe.

Nakon toga postavi svež log napravljen u Normal Mode-u.

offline
  • Pridružio: 15 Okt 2008
  • Poruke: 35

evo novog logfile-a

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:44, on 10/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Nikola\Desktop\tr3.exe\tr3.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {59EFB415-E66A-4FF5-B39E-C12F26A9C7FD} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {603A29A9-CC90-4854-9218-D79057B533B1} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {84A46358-4001-4E42-A966-A3CAC5F91716} - (no file)
O2 - BHO: (no name) - {8B6DE410-E959-477F-9F7D-D56274B110FD} - C:\WINDOWS\system32\tuvwtqqN.dll
O2 - BHO: (no name) - {B2ADB537-AFF6-4D72-BA77-DA012A6FDEA6} - C:\WINDOWS\system32\pmnnOIcb.dll
O2 - BHO: (no name) - {FBA4A71A-6C3D-46DA-BF19-0A463282C4F9} - (no file)
O3 - Toolbar: rosqxvmn - {E01D0ACE-25AC-4353-87EF-6CB2B368E3C7} - C:\WINDOWS\rosqxvmn.dll (file missing)
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [14d6fec2] rundll32.exe "C:\WINDOWS\system32\qfstraqm.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [ngNaqSJuHW] C:\Documents and Settings\All Users\Application Data\vwlerqxo\fcdmzihw.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} (PrinterHelpEtcActiveX Control) - samsungdp.com/printerhelp/ActiveX/DrPrinter.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: pmnnOIcb - C:\WINDOWS\SYSTEM32\pmnnOIcb.dll
O20 - Winlogon Notify: tuvWPiGa - tuvWPiGa.dll (file missing)
O21 - SSODL: qrbgltos - {9F3B4420-3B40-49AB-8239-64F13E143FDA} - C:\WINDOWS\qrbgltos.dll (file missing)
O21 - SSODL: ngwstxfd - {1BC7C9C7-60AF-4D3D-8555-CD5E296CA7F0} - C:\WINDOWS\ngwstxfd.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7642 bytes


ali nastali su neki novi problemi...

1. na internet ne mogu ni pomocu IE! (kada udjem u safe mode onda mogu na internet)
2. kada koristim komp neko vreme u normal modu poplavi mi ceo ekran i restartuje mi se comp (ovo se nikad pre nije desavalo)

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

A zašto nemaš instaliran antivirus?




Arrow Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 15 Okt 2008
  • Poruke: 35

Nemam antivirus jer sam skroz po^izdeo....
Cistio sam comp sa tri antivirusa i to:

1 Kaspersky internet security 2009
2 Kaspersky antivirus 2009
3 Systematic Norton 360

a trenutno imam AVG... jedino mi je on naso neke viruse ali nije pomoglo

Dopuna: 16 Okt 2008 23:14

ComboFix 08-10-16.01 - Nikola 2008-10-16 22:54:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1608 [GMT 2:00]
Running from: E:\Download\KASPERSKYYY\new\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Nikola\services.exe
C:\Documents and Settings\Nikola\Start Menu\Programs\PlayMP3z
C:\Documents and Settings\Nikola\Start Menu\Programs\PlayMP3z\Run PlayMP3z.lnk
C:\Program Files\PlayMP3z
C:\Program Files\PlayMP3z\uninstall.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\BM17e5cd5e.txt
C:\WINDOWS\BM17e5cd5e.xml
C:\WINDOWS\emsf.exe
C:\WINDOWS\grfxbanoros.dll
C:\WINDOWS\install.exe
C:\WINDOWS\system32\bJRuutwa.ini
C:\WINDOWS\system32\bJRuutwa.ini2
C:\WINDOWS\system32\dgQYcfii.ini
C:\WINDOWS\system32\dgQYcfii.ini2
C:\WINDOWS\system32\dyqsfkux.ini
C:\WINDOWS\system32\EMmmSvut.ini
C:\WINDOWS\system32\EMmmSvut.ini2
C:\WINDOWS\system32\ewdfweed.ini
C:\WINDOWS\system32\fcflpkfr.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlJCVpOi.dll
C:\WINDOWS\system32\mqartsfq.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\nmhhssyn.ini
C:\WINDOWS\system32\Nqqtwvut.ini
C:\WINDOWS\system32\Nqqtwvut.ini2
C:\WINDOWS\system32\pihjuijv.ini
C:\WINDOWS\system32\pmnnOIcb.dll
C:\WINDOWS\system32\qfstraqm.dll
C:\WINDOWS\system32\tuvwtqqN.dll
C:\WINDOWS\system32\tyxdffhx.ini
C:\WINDOWS\system32\wlnaqxkq.ini

----- BITS: Possible infected sites -----

hxxp://www.graboid.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR


((((((((((((((((((((((((( Files Created from 2008-09-16 to 2008-10-16 )))))))))))))))))))))))))))))))
.

2008-10-15 00:26 . 2008-10-15 00:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-10-14 23:40 . 2008-10-14 23:40 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\Grisoft
2008-10-14 23:40 . 2008-10-14 23:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-10-14 23:40 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-10-14 22:43 . 2008-10-14 22:43 <DIR> d-------- C:\Program Files\Lavasoft
2008-10-14 22:43 . 2008-10-14 22:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-14 20:50 . 2008-10-14 20:50 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-10-14 20:50 . 2008-10-14 20:50 <DIR> d-------- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2008-10-14 20:27 . 2008-10-14 22:20 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\Lavasoft
2008-10-14 13:50 . 2008-10-14 13:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-14 13:23 . 2008-10-14 13:26 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-10-14 13:23 . 2008-10-14 13:26 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-10-14 13:23 . 2008-10-14 13:26 10,563 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-10-14 13:23 . 2008-10-14 13:26 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-10-14 13:22 . 2008-10-14 20:25 <DIR> d-------- C:\Program Files\Symantec
2008-10-14 13:22 . 2008-10-14 16:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-14 13:12 . 2008-10-14 20:25 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-10-14 13:12 . 2008-10-14 14:19 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\Symantec
2008-10-14 00:58 . 2008-10-14 00:58 392 --a------ C:\WINDOWS\system32\%LocalXml%
2008-10-13 23:34 . 2008-10-13 23:51 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\Kaspersky_Key_Finder_(KKF
2008-10-13 22:28 . 2008-10-13 23:29 <DIR> d-------- C:\Program Files\Avira
2008-10-13 22:28 . 2008-10-13 23:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-10-13 21:46 . 2008-10-13 21:46 <DIR> d-------- C:\Program Files\Panda Software
2008-10-13 20:56 . 2008-10-13 20:56 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-13 20:39 . 2008-10-14 19:00 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-10-13 20:34 . 2008-10-13 19:50 86,016 --a------ C:\WINDOWS\lomxeqsn.exe
2008-10-13 20:33 . 2008-10-13 20:33 <DIR> d-------- C:\Grizli777
2008-10-13 20:33 . 2008-10-13 22:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vwlerqxo
2008-10-12 18:22 . 2008-10-12 18:22 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\GarageGames
2008-10-11 17:08 . 2008-10-11 17:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Launcher
2008-10-11 15:49 . 2008-10-11 15:49 <DIR> d-------- C:\Program Files\VideoLAN
2008-10-11 15:49 . 2008-10-14 20:24 <DIR> d-------- C:\Program Files\Graboid
2008-10-11 15:49 . 2008-10-11 15:49 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\vlc
2008-10-11 15:49 . 2008-10-11 17:09 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\MozillaControl
2008-10-11 15:49 . 2008-10-11 15:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Graboid Inc
2008-10-05 18:26 . 2008-10-12 16:17 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\mIRC
2008-10-05 18:25 . 2004-12-10 10:06 327,680 --a------ C:\WINDOWS\system32\vp6dec.ax
2008-10-05 18:25 . 2004-12-10 10:47 53,248 --a------ C:\WINDOWS\system32\vp6dec_settings.cpl
2008-10-04 19:24 . 2008-10-04 19:24 25 --a------ C:\WINDOWS\cdplayer.ini
2008-10-04 19:23 . 2008-10-04 19:23 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-10-04 19:22 . 2008-10-04 19:22 <DIR> d-------- C:\Program Files\Real
2008-10-04 19:22 . 2008-10-04 19:23 <DIR> d-------- C:\Program Files\Common Files\Real
2008-09-19 19:54 . 2008-10-14 21:15 <DIR> d-------- C:\Program Files\Counter-Strike
2008-09-17 23:54 . 2008-09-17 23:54 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-16 17:06 --------- d-----w C:\Documents and Settings\Nikola\Application Data\Canon
2008-10-15 17:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-14 21:04 --------- d-----w C:\Documents and Settings\Nikola\Application Data\LimeWire
2008-10-14 19:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-14 18:57 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-14 18:26 --------- d-----w C:\Program Files\Yahoo!
2008-10-14 18:24 --------- d-----w C:\Program Files\Google
2008-10-14 18:24 --------- d-----w C:\Program Files\FlashGet
2008-10-13 21:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-13 20:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-08 08:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-10-04 17:22 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-10-04 00:34 --------- d-----w C:\Documents and Settings\Nikola\Application Data\Skype
2008-10-04 00:14 --------- d-----w C:\Documents and Settings\Nikola\Application Data\skypePM
2008-09-30 18:36 --------- d-----w C:\Program Files\Garena
2008-09-30 16:57 --------- d-----w C:\Documents and Settings\Nikola\Application Data\Yahoo!
2008-09-07 23:17 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-09-07 23:16 --------- d-----w C:\Program Files\Makayama
2008-09-07 22:42 --------- d-----w C:\Program Files\Sony Ericsson
2008-09-07 22:42 --------- d-----w C:\Program Files\Common Files\Sony Shared
2008-09-07 16:22 --------- d-----w C:\Documents and Settings\Nikola\Application Data\Ubisoft
2008-09-07 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-09-07 13:05 --------- d-----w C:\Program Files\Sony
2008-09-07 13:05 --------- d-----w C:\Documents and Settings\Nikola\Application Data\Sony
2008-09-07 12:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2008-09-07 12:53 --------- d-----w C:\Program Files\QuickTime
2008-09-07 12:53 --------- d-----w C:\Program Files\Apple Software Update
2008-09-07 12:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-07 12:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-09-07 12:46 --------- d-----w C:\Documents and Settings\Nikola\Application Data\Sony Setup
2008-09-07 12:45 --------- d-----w C:\Program Files\Sony Setup
2008-09-04 23:48 --------- d-----w C:\Documents and Settings\Nikola\Application Data\NSeries
2008-09-04 23:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-09-04 23:45 --------- d-----w C:\Program Files\Nokia
2008-09-04 23:45 --------- d-----w C:\Program Files\Common Files\Nokia
2008-09-04 23:45 --------- d-----w C:\Documents and Settings\Nikola\Application Data\Nokia
2008-09-04 23:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nokia
2008-09-04 23:43 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-09-04 23:43 --------- d-----w C:\Program Files\DIFX
2008-09-04 23:43 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-09-04 23:43 --------- d-----w C:\Documents and Settings\Nikola\Application Data\PC Suite
2008-09-03 07:09 --------- d-----w C:\Program Files\AliveMedia
2008-09-02 09:00 --------- d-----w C:\Program Files\LimeWire
2008-09-02 05:29 --------- d-----w C:\Program Files\SOLLAB
2008-08-29 19:46 --------- d-----w C:\Documents and Settings\Nikola\Application Data\Hide IP NG
2008-08-29 07:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-29 07:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-29 07:07 --------- d-----w C:\Documents and Settings\Nikola\Application Data\Uniblue
2008-08-20 13:35 --------- d-----w C:\Program Files\Common Files\NSV
2008-08-20 13:33 --------- d-----w C:\Program Files\Winamp
2008-08-20 13:33 --------- d-----w C:\Documents and Settings\Nikola\Application Data\Winamp
2008-08-20 07:04 --------- d-----w C:\Program Files\Skype
2008-08-20 07:04 --------- d-----w C:\Program Files\Common Files\Skype
2008-08-20 07:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-08-19 11:43 --------- d-----w C:\Program Files\Avanquest update
2008-08-19 09:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
.

------- Sigcheck -------

2008-01-13 08:22 502272 6e8ca4fcb30282f216f5db9dd58a5f81 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-11 8429568]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-05-11 00:03 81920 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 12:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2006-08-14 08:00 16050176 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
"mW[íľˆÖ¾`=ľú¾˜v%S8’ÿÙêé>grl>­Ý\†Ð=ŸàÛąÞ"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"E:\\Games\\asasin creed\\rld-acrr\\rld-acrr\\111\\AssassinsCreed_Dx9.exe"=
"E:\\Games\\asasin creed\\rld-acrr\\rld-acrr\\111\\AssassinsCreed_Dx10.exe"=
"E:\\Games\\asasin creed\\rld-acrr\\rld-acrr\\111\\AssassinsCreed_Launcher.exe"=
"C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2006-03-20 30336]
S2 SSPORT;SSPORT;C:\WINDOWS\system32\Drivers\SSPORT.sys [ ]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-04-13 13352]
.
Contents of the 'Scheduled Tasks' folder

2008-10-15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-10-15 C:\WINDOWS\Tasks\At1.job
- C:\WINDOWS\system32\0WT45RLj.exe []

2008-10-13 C:\WINDOWS\Tasks\At10.job
- C:\WINDOWS\system32\0WT45RLj.exe []

2008-10-15 C:\WINDOWS\Tasks\At11.job
- C:\WINDOWS\system32\0WT45RLj.exe []

2008-10-15 C:\WINDOWS\Tasks\At12.job
- C:\WINDOWS\system32\0WT45RLj.exe []

2008-10-16 C:\WINDOWS\Tasks\At13.job
- C:\WINDOWS\system32\0WT45RLj.exe []

2008-10-16 C:\WINDOWS\Tasks\At14.job
- C:\WINDOWS\system32\0WT45RLj.exe []

2008-10-14 C:\WINDOWS\Tasks\At15.job
- C:\WINDOWS\system32\0WT45RLj.exe []

2008-10-14 C:\WINDOWS\Tasks\At16.job
- C:\WINDOWS\system32\0WT45RLj.exe []

2008-10-14 C:\WINDOWS\Tasks\At17.job
- C:\WINDOWS\system32\0WT45RLj.exe []

2008-10-13 C:\WINDOWS\Tasks\At18.job
- C:\WINDOWS\system32\0WT45RLj.exe []

2008-10-13 C:\WINDOWS\Tasks\At19.job
- C:\WINDOWS\system32\0WT45RLj.exe []

2008-10-15 C:\WINDOWS\Tasks\At2.job
- C:\WINDOWS\system32\0WT45RLj.exe []

2008-10-14 C:\WINDOWS\Tasks\At20.job
- C:\WINDOWS\system32\0WT45RLj.exe []

2008-10-16 C:\WINDOWS\Tasks\At21.job
- C:\WINDOWS\system32\0WT45RLj.exe []

2008-10-16 C:\WINDOWS\Tasks\At22.job
- C:\WINDOWS\system32\0WT45RLj.exe []

2008-10-15 C:\WINDOWS\Tasks\At23.job
- C:\WINDOWS\system32\0WT45RLj.exe []

2008-10-16 C:\WINDOWS\Tasks\At24.job
- C:\WINDOWS\system32\0WT45RLj.exe []

2008-10-13 C:\WINDOWS\Tasks\At3.job
- C:\WINDOWS\system32\0WT45RLj.exe []

2008-10-13 C:\WINDOWS\Tasks\At4.job
- C:\WINDOWS\system32\0WT45RLj.exe []

2008-10-13 C:\WINDOWS\Tasks\At5.job
- C:\WINDOWS\system32\0WT45RLj.exe []

2008-10-13 C:\WINDOWS\Tasks\At6.job
- C:\WINDOWS\system32\0WT45RLj.exe []

2008-10-13 C:\WINDOWS\Tasks\At7.job
- C:\WINDOWS\system32\0WT45RLj.exe []

2008-10-13 C:\WINDOWS\Tasks\At8.job
- C:\WINDOWS\system32\0WT45RLj.exe []

2008-10-13 C:\WINDOWS\Tasks\At9.job
- C:\WINDOWS\system32\0WT45RLj.exe []
.
- - - - ORPHANS REMOVED - - - -

BHO-{59EFB415-E66A-4FF5-B39E-C12F26A9C7FD} - (no file)
BHO-{603A29A9-CC90-4854-9218-D79057B533B1} - (no file)
BHO-{B2ADB537-AFF6-4D72-BA77-DA012A6FDEA6} - C:\WINDOWS\system32\pmnnOIcb.dll
BHO-{D9D5E220-59D2-42B6-A894-08E83E989A3F} - C:\WINDOWS\system32\tuvwtqqN.dll
BHO-{FBA4A71A-6C3D-46DA-BF19-0A463282C4F9} - (no file)
HKLM-Run-14d6fec2 - C:\WINDOWS\system32\qfstraqm.dll
HKLM-Explorer_Run-ngNaqSJuHW - C:\Documents and Settings\All Users\Application Data\vwlerqxo\fcdmzihw.exe
ShellExecuteHooks-{B2ADB537-AFF6-4D72-BA77-DA012A6FDEA6} - C:\WINDOWS\system32\pmnnOIcb.dll
SSODL-qrbgltos-{9F3B4420-3B40-49AB-8239-64F13E143FDA} - C:\WINDOWS\qrbgltos.dll
SSODL-ngwstxfd-{1BC7C9C7-60AF-4D3D-8555-CD5E296CA7F0} - C:\WINDOWS\ngwstxfd.dll
Notify-tuvWPiGa - tuvWPiGa.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Nikola\Application Data\Mozilla\Firefox\Profiles\i4l9jwi8.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF -: plugin - C:\Documents and Settings\Nikola\Application Data\Mozilla\Firefox\Profiles\i4l9jwi8.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-10-16 22:58:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-10-16 23:01:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-16 21:00:59

Pre-Run: 10,108,076,032 bytes free
Post-Run: 10,364,334,080 bytes free

315 --- E O F --- 2008-05-29 18:45:07

Sta dalje?>

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\lomxeqsn.exe
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job

Folder::
C:\Grizli777
C:\Documents and Settings\All Users\Application Data\vwlerqxo

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"mW[íľ�ˆÖ¾`=ľú¾˜v%S8’ÿÙêé>grl>�Ý\†Ð=ŸàÛąÞ"=-


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.

Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 15 Okt 2008
  • Poruke: 35

najnoviji log....

ComboFix 08-10-16.01 - Nikola 2008-10-17 18:26:55.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1628 [GMT 2:00]
Running from: C:\Documents and Settings\Nikola\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Nikola\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\lomxeqsn.exe
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\vwlerqxo
C:\Grizli777
C:\Grizli777\Adobe Photoshop CS4 beta 01\4000005700003i\mDNSResponder.exe
C:\Grizli777\Adobe Photoshop CS4 beta 01\Registry.rw.lck
C:\Grizli777\Adobe Photoshop CS4 beta 01\Registry.rw.tvr
C:\Grizli777\Adobe Photoshop CS4 beta 01\Registry.tvr.backup
C:\WINDOWS\lomxeqsn.exe
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job

.
((((((((((((((((((((((((( Files Created from 2008-09-17 to 2008-10-17 )))))))))))))))))))))))))))))))
.

2008-10-15 00:26 . 2008-10-15 00:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-10-14 23:40 . 2008-10-14 23:40 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\Grisoft
2008-10-14 23:40 . 2008-10-14 23:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-10-14 23:40 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-10-14 22:43 . 2008-10-14 22:43 <DIR> d-------- C:\Program Files\Lavasoft
2008-10-14 22:43 . 2008-10-14 22:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-14 20:50 . 2008-10-14 20:50 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-10-14 20:50 . 2008-10-14 20:50 <DIR> d-------- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2008-10-14 20:27 . 2008-10-14 22:20 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\Lavasoft
2008-10-14 13:50 . 2008-10-14 13:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-14 13:23 . 2008-10-14 13:26 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-10-14 13:23 . 2008-10-14 13:26 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-10-14 13:23 . 2008-10-14 13:26 10,563 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-10-14 13:23 . 2008-10-14 13:26 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-10-14 13:22 . 2008-10-14 20:25 <DIR> d-------- C:\Program Files\Symantec
2008-10-14 13:22 . 2008-10-14 16:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-14 13:12 . 2008-10-14 20:25 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-10-14 13:12 . 2008-10-14 14:19 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\Symantec
2008-10-14 00:58 . 2008-10-14 00:58 392 --a------ C:\WINDOWS\system32\%LocalXml%
2008-10-13 23:34 . 2008-10-13 23:51 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\Kaspersky_Key_Finder_(KKF
2008-10-13 22:28 . 2008-10-13 23:29 <DIR> d-------- C:\Program Files\Avira
2008-10-13 22:28 . 2008-10-13 23:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-10-13 21:46 . 2008-10-13 21:46 <DIR> d-------- C:\Program Files\Panda Software
2008-10-13 20:56 . 2008-10-13 20:56 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-13 20:39 . 2008-10-14 19:00 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-10-12 18:22 . 2008-10-12 18:22 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\GarageGames
2008-10-11 17:08 . 2008-10-11 17:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Launcher
2008-10-11 15:49 . 2008-10-11 15:49 <DIR> d-------- C:\Program Files\VideoLAN
2008-10-11 15:49 . 2008-10-14 20:24 <DIR> d-------- C:\Program Files\Graboid
2008-10-11 15:49 . 2008-10-11 15:49 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\vlc
2008-10-11 15:49 . 2008-10-11 17:09 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\MozillaControl
2008-10-11 15:49 . 2008-10-11 15:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Graboid Inc
2008-10-05 18:26 . 2008-10-12 16:17 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\mIRC
2008-10-05 18:25 . 2004-12-10 10:06 327,680 --a------ C:\WINDOWS\system32\vp6dec.ax
2008-10-05 18:25 . 2004-12-10 10:47 53,248 --a------ C:\WINDOWS\system32\vp6dec_settings.cpl
2008-10-04 19:24 . 2008-10-04 19:24 25 --a------ C:\WINDOWS\cdplayer.ini
2008-10-04 19:23 . 2008-10-04 19:23 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-10-04 19:22 . 2008-10-04 19:22 <DIR> d-------- C:\Program Files\Real
2008-10-04 19:22 . 2008-10-04 19:23 <DIR> d-------- C:\Program Files\Common Files\Real
2008-09-19 19:54 . 2008-10-14 21:15 <DIR> d-------- C:\Program Files\Counter-Strike
2008-09-17 23:54 . 2008-09-17 23:54 <DIR> d-------- C:\Documents and Settings\Nikola\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-16 17:06 --------- d-----w C:\Documents and Settings\Nikola\Application Data\Canon
2008-10-15 17:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-14 21:04 --------- d-----w C:\Documents and Settings\Nikola\Application Data\LimeWire
2008-10-14 19:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-14 18:57 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-14 18:26 --------- d-----w C:\Program Files\Yahoo!
2008-10-14 18:24 --------- d-----w C:\Program Files\Google
2008-10-14 18:24 --------- d-----w C:\Program Files\FlashGet
2008-10-13 21:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-13 20:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-08 08:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-10-04 17:22 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-10-04 00:34 --------- d-----w C:\Documents and Settings\Nikola\Application Data\Skype
2008-10-04 00:14 --------- d-----w C:\Documents and Settings\Nikola\Application Data\skypePM
2008-09-30 18:36 --------- d-----w C:\Program Files\Garena
2008-09-30 16:57 --------- d-----w C:\Documents and Settings\Nikola\Application Data\Yahoo!
2008-09-07 23:17 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-09-07 23:16 --------- d-----w C:\Program Files\Makayama
2008-09-07 22:42 --------- d-----w C:\Program Files\Sony Ericsson
2008-09-07 22:42 --------- d-----w C:\Program Files\Common Files\Sony Shared
2008-09-07 16:22 --------- d-----w C:\Documents and Settings\Nikola\Application Data\Ubisoft
2008-09-07 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-09-07 13:05 --------- d-----w C:\Program Files\Sony
2008-09-07 13:05 --------- d-----w C:\Documents and Settings\Nikola\Application Data\Sony
2008-09-07 12:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2008-09-07 12:53 --------- d-----w C:\Program Files\QuickTime
2008-09-07 12:53 --------- d-----w C:\Program Files\Apple Software Update
2008-09-07 12:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-07 12:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-09-07 12:46 --------- d-----w C:\Documents and Settings\Nikola\Application Data\Sony Setup
2008-09-07 12:45 --------- d-----w C:\Program Files\Sony Setup
2008-09-04 23:48 --------- d-----w C:\Documents and Settings\Nikola\Application Data\NSeries
2008-09-04 23:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-09-04 23:45 --------- d-----w C:\Program Files\Nokia
2008-09-04 23:45 --------- d-----w C:\Program Files\Common Files\Nokia
2008-09-04 23:45 --------- d-----w C:\Documents and Settings\Nikola\Application Data\Nokia
2008-09-04 23:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nokia
2008-09-04 23:43 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-09-04 23:43 --------- d-----w C:\Program Files\DIFX
2008-09-04 23:43 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-09-04 23:43 --------- d-----w C:\Documents and Settings\Nikola\Application Data\PC Suite
2008-09-03 07:09 --------- d-----w C:\Program Files\AliveMedia
2008-09-02 09:00 --------- d-----w C:\Program Files\LimeWire
2008-09-02 05:29 --------- d-----w C:\Program Files\SOLLAB
2008-08-29 19:46 --------- d-----w C:\Documents and Settings\Nikola\Application Data\Hide IP NG
2008-08-29 07:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-29 07:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-29 07:07 --------- d-----w C:\Documents and Settings\Nikola\Application Data\Uniblue
2008-08-20 13:35 --------- d-----w C:\Program Files\Common Files\NSV
2008-08-20 13:33 --------- d-----w C:\Program Files\Winamp
2008-08-20 13:33 --------- d-----w C:\Documents and Settings\Nikola\Application Data\Winamp
2008-08-20 07:04 --------- d-----w C:\Program Files\Skype
2008-08-20 07:04 --------- d-----w C:\Program Files\Common Files\Skype
2008-08-20 07:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-08-19 11:43 --------- d-----w C:\Program Files\Avanquest update
2008-08-19 09:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
.

------- Sigcheck -------

2008-01-13 08:22 502272 6e8ca4fcb30282f216f5db9dd58a5f81 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-11 8429568]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-05-11 00:03 81920 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 12:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2006-08-14 08:00 16050176 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
"mW[íľˆÖ¾`=ľú¾˜v%S8’ÿÙêé>grl>­Ý\†Ð=ŸàÛąÞ"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"E:\\Games\\asasin creed\\rld-acrr\\rld-acrr\\111\\AssassinsCreed_Dx9.exe"=
"E:\\Games\\asasin creed\\rld-acrr\\rld-acrr\\111\\AssassinsCreed_Dx10.exe"=
"E:\\Games\\asasin creed\\rld-acrr\\rld-acrr\\111\\AssassinsCreed_Launcher.exe"=
"C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2006-03-20 30336]
S2 SSPORT;SSPORT;C:\WINDOWS\system32\Drivers\SSPORT.sys [ ]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-04-13 13352]
.
Contents of the 'Scheduled Tasks' folder

2008-10-15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-10-17 18:27:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-17 18:28:44
ComboFix-quarantined-files.txt 2008-10-17 16:28:39
ComboFix2.txt 2008-10-16 21:01:02

Pre-Run: 10,279,739,392 bytes free
Post-Run: 10,397,364,224 bytes free

249 --- E O F --- 2008-05-29 18:45:07

next step>

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Skini sledeći file na Desktop:
https://www.mycity.rs/must-login.png

Dvoklikni na njega - crni prozor će se nakratko otvoriti.

U istom folderu u kome si pokrenuo file sa gornjeg linka će biti kreiran file list.txt - priloži taj file korišćenjem opcije Prikači fajl.

Ko je trenutno na forumu
 

Ukupno su 748 korisnika na forumu :: 2 registrovanih, 0 sakrivenih i 746 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: oganj123, panzerwaffe