Poslao: 24 Jan 2008 09:09
|
offline
- TeoDos
- Građanin
- Pridružio: 23 Jan 2008
- Poruke: 65
- Gde živiš: Beograd
|
Kao sto i sam naziv kaze, Avast mi je od juce poceo da nalazi ovog trojanca. Svaki put sam ga obrisao ali vidim da se generise.
Izvestaj Hijackthis-a:
Logfile of HijackThis v1.99.1
Scan saved at 8:57:27, on 24.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\WinSnap\WinSnap.exe
D:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\sistray.exe
D:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
D:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
D:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\PopTray\PopTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\MANAGER\Desktop\Skeniranje\TR3.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2423041F-8B96-4280-95DC-709250944B8D} - C:\WINDOWS\system32\iifcayv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live pomagac za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] D:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinSnap] D:\Program Files\WinSnap\WinSnap.exe /startup
O4 - Startup: Yahoo! Widget Engine.lnk = D:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\rapidownGetAll.htm
O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\rapidownGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - D:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe
O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - community.webshots.com/html/atx/wsaxcontrol.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D69485C-EAB1-42AE-93C1-B5A53F238C5A} (FileInterface Class) - online.deltabanka.rs/RetailDLL/FSINT.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} (ProxyModule Class) - online.deltabanka.rs/RetailDLL/SGCMSCCD.DLL
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EA5E79E5-3E25-46DA-A519-F8FC52B66ADC} (SecAPI Class) - online.deltabanka.rs/RetailDLL/EBCCDC2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F5D6F2B-3763-4341-8C1D-A42ECF7D9244}: NameServer = 192.168.0.11,91.150.90.2,91.150.90.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F5D6F2B-3763-4341-8C1D-A42ECF7D9244}: NameServer = 192.168.0.11,91.150.90.2,91.150.90.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - D:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
Racunar koristi vise nas i moja sumnja je da je "navucen" preko MsnMessenger-a.
U prilogu stavljam i fotku iz Avast loga-a.
Unapred se zahvaljujem na pomoci i izvinjavam ako tema vec postoji. Ja je nisam pronasao.
|
|
|
|
Poslao: 24 Jan 2008 10:56
|
offline
- helen1
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8620
- Gde živiš: Novi Beograd
|
Skini VundoFix:
http://www.atribune.org/ccount/click.php?id=4
* Dvoklikom se startuje fajl VundoFix.exe.
* Izabere opcija Scan for Vundo.
* Posle završenog skeniranja i pojave poruke Done Searching for files klikne se na OK.
* Sada, kada je skeniranje obavljeno potrebno je kliknuti na opciju Remove Vundo.
* Po pojavljivanju upita o uklanjaju Vundo fajlova klikne se na Yes.
* Pokretanje ove opcije učiniće Desktop privremeno praznim u cilju pripreme sistema za uklanjanje Vundo-a.
* Po završetku, pojaviće se obaveštenje o gašnjenju računara, klikne se OK.
* Uključi se računar i podigne sistem iznova.
* Iskopira se sadržaj loga sa putanje C:\vundofix.txt i novi HiJackThis log u poruku na forumu.
Dopuna: 24 Jan 2008 10:56
Posto link za download VundoFix-a ne radi.Pokusacemo sledece:
Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.
|
|
|
|
Poslao: 24 Jan 2008 12:41
|
offline
- TeoDos
- Građanin
- Pridružio: 23 Jan 2008
- Poruke: 65
- Gde živiš: Beograd
|
Drugar mi je poslao VundoFix tako da upravo skeniram sa istim. Cim zavrsi postavljam logove od njega i HijackThis-a.
Dopuna: 24 Jan 2008 12:41
Ovako stoje stvari:
VundoFix V6.7.7
Checking Java version...
Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Java version is 1.5.0.11
Scan started at 11:13:10 24.1.2008
Listing files found while scanning....
C:\WINDOWS\system32\iifcayv.dll
C:\WINDOWS\system32\sstqr.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\iifcayv.dll
C:\WINDOWS\system32\iifcayv.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\sstqr.dll
C:\WINDOWS\system32\sstqr.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\iifcayv.dll
C:\WINDOWS\system32\iifcayv.dll Could not be deleted.
Performing Repairs to the registry.
Done!
VundoFix V6.7.7
Checking Java version...
Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Java version is 1.5.0.11
Scan started at 11:53:11 24.1.2008
Listing files found while scanning....
C:\WINDOWS\system32\iifcayv.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\iifcayv.dll
C:\WINDOWS\system32\iifcayv.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\iifcayv.dll
C:\WINDOWS\system32\iifcayv.dll Could not be deleted.
Performing Repairs to the registry.
Done!
i
Logfile of HijackThis v1.99.1
Scan saved at 12:37:49, on 24.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\a-squared Free\a2service.exe
D:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\WinSnap\WinSnap.exe
D:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\sistray.exe
D:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
D:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
D:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
D:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
D:\Program Files\PopTray\PopTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\MANAGER\Desktop\Skeniranje\TR3.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2423041F-8B96-4280-95DC-709250944B8D} - C:\WINDOWS\system32\iifcayv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live pomagac za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] D:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinSnap] D:\Program Files\WinSnap\WinSnap.exe /startup
O4 - Startup: Yahoo! Widget Engine.lnk = D:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\rapidownGetAll.htm
O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\rapidownGet.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - D:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe
O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - community.webshots.com/html/atx/wsaxcontrol.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D69485C-EAB1-42AE-93C1-B5A53F238C5A} (FileInterface Class) - online.deltabanka.rs/RetailDLL/FSINT.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} (ProxyModule Class) - online.deltabanka.rs/RetailDLL/SGCMSCCD.DLL
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EA5E79E5-3E25-46DA-A519-F8FC52B66ADC} (SecAPI Class) - online.deltabanka.rs/RetailDLL/EBCCDC2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F5D6F2B-3763-4341-8C1D-A42ECF7D9244}: NameServer = 192.168.0.11,91.150.90.2,91.150.90.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F5D6F2B-3763-4341-8C1D-A42ECF7D9244}: NameServer = 192.168.0.11,91.150.90.2,91.150.90.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - D:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
Kako dalje?
|
|
|
|
|
Poslao: 24 Jan 2008 14:07
|
offline
- TeoDos
- Građanin
- Pridružio: 23 Jan 2008
- Poruke: 65
- Gde živiš: Beograd
|
Stizeeee: ;-)
ComboFix 08-01-23.2 - MANAGER 2008-01-24 13:51:31.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.442 [GMT 1:00]
Running from: D:\Svastara-FireFox\ComboFix(3).exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\iifcayv.dll
.
((((((((((((((((((((((((( Files Created from 2007-12-24 to 2008-01-24 )))))))))))))))))))))))))))))))
.
2008-01-24 12:42 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-24 11:13 . 2008-01-24 12:08 <DIR> d-------- C:\VundoFix Backups
2008-01-23 09:57 . 2008-01-23 10:27 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-01-21 11:29 . 2008-01-21 11:29 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-01-10 11:39 . 2008-01-23 15:11 1,736 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-09 14:32 . 2008-01-09 14:32 0 --a------ C:\LOG47.tmp
2008-01-09 11:01 . 2008-01-09 11:01 0 --a------ C:\LOG132.tmp
2008-01-09 08:43 . 2008-01-09 08:43 <DIR> d-------- C:\Desktop
2008-01-09 08:36 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-09 08:36 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2007-12-25 15:25 . 2004-11-30 13:10 44,163 --a------ C:\WINDOWS\system32\drivers\btwhid.sys
2007-12-25 12:03 . 2008-01-08 08:43 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-25 12:02 . 2008-01-09 12:29 155,648 --a------ C:\WINDOWS\system32\NeroCheck .exe
2007-12-25 12:02 . 2008-01-09 12:28 45,056 --a------ C:\WINDOWS\gtwatch .exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-20 09:43 --------- d-----w C:\Program Files\SmartFTP Setup Files
2007-12-20 09:43 --------- d-----w C:\Program Files\SmartFTP
2007-12-19 11:27 155,648 ----a-w C:\WINDOWS\system32\libssl32.dll
2007-12-19 09:53 --------- d-----w C:\Program Files\Windows Live
2007-12-19 09:51 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-04 14:56 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 -c--a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-30 09:33 --------- d-----w C:\Program Files\Rapidown
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 16:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 16:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-24 00:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2007-10-24 00:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
2007-10-24 00:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2007-10-24 00:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
.
<pre>
----a-w 79,224 2008-01-08 07:43:38 C:\Program Files\Alwil Software\Avast4\ashDisp .exe
----a-w 180,269 2008-01-09 11:29:01 C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w 98,304 2008-01-09 11:29:06 C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder .exe
----a-w 132,496 2008-01-09 11:28:56 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w 45,056 2008-01-09 11:28:59 C:\WINDOWS\gtwatch .exe
----a-w 15,360 2008-01-08 07:43:53 C:\WINDOWS\system32\ctfmon .exe
----a-w 155,648 2008-01-09 11:29:04 C:\WINDOWS\system32\NeroCheck .exe
</pre>
((((((((((((((((((((((((((((( snapshot@2008-01-24_12.48.07,62 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-24 12:01:21 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4dc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"WinSnap"="D:\Program Files\WinSnap\WinSnap.exe" [2006-09-12 00:06 137216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 20:42 77824 C:\WINDOWS\SOUNDMAN.EXE]
"SiSPower"="SiSPower.dll" [2005-10-21 12:51 49152 C:\WINDOWS\system32\SiSPower.dll]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="D:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 22:48 479232]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
C:\Documents and Settings\MANAGER\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - D:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe [2007-07-20 18:57:16 2913584]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-06-01 12:17:35 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
BTTray.lnk - D:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe [2004-11-30 13:30:00 565309]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2006-04-06 08:22:03 262144]
R1 eusk2par;EUTRON SmartKey Parallel Driver;C:\WINDOWS\system32\Drivers\eusk2par.sys [2004-11-18 11:49]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-09-22 16:44]
R3 genmcmnUSB;USB Scroll Mouse Driver;C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2004-04-19 15:01]
R3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 11:31]
S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2003-04-18 06:15]
S3 eusk3usb;SmartKey 3 USB;C:\WINDOWS\system32\Drivers\eusk3usb.sys [2004-11-18 11:49]
S3 GT681x;%GrandTechICNameNT%;C:\WINDOWS\system32\DRIVERS\GT681x.SYS []
S3 n558;N558 Bluetooth USB Filter Driver;C:\WINDOWS\system32\Drivers\n558.sys [2007-08-15 07:27]
S3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 13:22]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4a95054-be86-11dc-8772-003005bb818d}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2008-01-18 14:00:42 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-01-24 13:53:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
|
|
|
|
Poslao: 24 Jan 2008 19:33
|
offline
- helen1
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8620
- Gde živiš: Novi Beograd
|
Otvoriti Notepad i iskopirati sledeci tekst:
RenV::
C:\Program Files\Alwil Software\Avast4\ashDisp .exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\WINDOWS\gtwatch .exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\NeroCheck .exe
DirLook::
C:\Desktop
Snimiti na Desktop fajl iz Notepada kao "CFScript"
Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.
|
|
|
|
Poslao: 25 Jan 2008 09:36
|
offline
- TeoDos
- Građanin
- Pridružio: 23 Jan 2008
- Poruke: 65
- Gde živiš: Beograd
|
Odradio sam sve po uputstvu i evo izvestaja:
ComboFix 08-01-23.2 - MANAGER 2008-01-25 9:14:16.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.387 [GMT 1:00]
Running from: C:\Documents and Settings\MANAGER\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\MANAGER\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\iifcayv.dll
.
((((((((((((((((((((((((( Files Created from 2007-12-25 to 2008-01-25 )))))))))))))))))))))))))))))))
.
2008-01-24 12:42 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-24 11:13 . 2008-01-24 12:08 <DIR> d-------- C:\VundoFix Backups
2008-01-23 09:57 . 2008-01-23 10:27 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-01-21 11:29 . 2008-01-21 11:29 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-01-10 11:39 . 2008-01-23 15:11 1,736 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-09 14:32 . 2008-01-09 14:32 0 --a------ C:\LOG47.tmp
2008-01-09 11:01 . 2008-01-09 11:01 0 --a------ C:\LOG132.tmp
2008-01-09 08:43 . 2008-01-09 08:43 <DIR> d-------- C:\Desktop
2008-01-09 08:36 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-09 08:36 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2007-12-25 15:25 . 2004-11-30 13:10 44,163 --a------ C:\WINDOWS\system32\drivers\btwhid.sys
2007-12-25 12:03 . 2008-01-08 08:43 15,360 --a------ C:\WINDOWS\system32\dllcache\ctfmon.exe
2007-12-25 12:03 . 2008-01-08 08:43 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2007-12-25 12:02 . 2008-01-09 12:29 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-12-25 12:02 . 2008-01-09 12:28 45,056 --a------ C:\WINDOWS\gtwatch.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-20 09:43 --------- d-----w C:\Program Files\SmartFTP Setup Files
2007-12-20 09:43 --------- d-----w C:\Program Files\SmartFTP
2007-12-19 09:53 --------- d-----w C:\Program Files\Windows Live
2007-12-19 09:51 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-04 14:56 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-30 09:33 --------- d-----w C:\Program Files\Rapidown
2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\Desktop ----
2005-09-22 06:34 20286 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\mw2kxp_y.cat
2005-09-16 16:25 7480 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\MREADM_Y.txt
2005-09-16 02:25 7480 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\readme_2English.txt
2005-09-02 19:04 36663 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\MSDMLT_Y.HL_
2005-08-31 16:15 412686 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\MSUMLT_Y.DL_
2005-08-30 13:58 315259 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\MLEDL__Y.PR_
2005-08-30 13:57 313648 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\MLEDA__Y.PR_
2005-08-30 13:56 117329 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\MGUID1_Y.PR_
2005-08-30 13:55 103882 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\MGUID2_Y.PR_
2005-08-30 11:50 217941 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\MSTMON_Y.DL_
2005-08-30 11:49 84506 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\MSTMON_Y.EX_
2005-08-26 14:43 936 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\MSDMLT_Y.CN_
2005-08-26 13:58 45965 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\MLMON__Y.DL_
2005-08-26 13:47 6248 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\MSTMON_Y.IN_
2005-08-26 13:36 483379 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\setup.exe
2005-08-19 17:07 80199 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\MSDMLT_Y.DL_
2005-08-19 17:03 2982 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\M2KXP__Y.inf
2005-07-11 20:10 147456 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\MUINST_Y.exe
2005-07-11 20:09 61440 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\MCOINS_Y.dll
2005-07-11 20:01 4442 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\MSUMLT_Y.IN_
2005-07-11 20:01 3005 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\MUNZ___Y.unm
2005-07-11 20:00 4135 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\MSDMLT_Y.SD_
2005-07-11 19:57 5543 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\setup.ini
2005-07-11 17:02 10464 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\MINST__Y.hlp
2005-06-27 17:19 6772 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\MSTMON_Y.HL_
2005-03-07 13:24 68732 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\MLTSRV_Y.DL_
2005-02-28 14:54 33245 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\MDDM32_Y.DL_
2005-02-14 10:51 355 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\MSTMON_Y.CN_
2005-02-09 14:49 9414 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\MNT5UI_Y.DL_
2005-02-09 14:48 22738 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\MIMFN5_Y.DL_
2005-02-09 14:44 32323 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\MSD4___Y.DL_
2005-02-09 14:39 81528 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\MIMF16_Y.DR_
2005-02-09 13:40 14146 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\MCMM___Y.DL_
2005-02-09 13:38 5496 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\MICM___Y.DL_
2005-02-09 13:31 56159 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\MDDMUI_Y.DL_
2005-02-09 13:30 19944 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\MSPL32_Y.EX_
2005-02-09 13:21 13347 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\MSDIMF_Y.DL_
2005-02-09 11:59 18576 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\MQDPRT_Y.DL_
2005-02-09 11:55 48389 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\MSD32__Y.DL_
2005-02-09 11:52 80230 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\MSR32__Y.DL_
2005-02-09 11:40 5650 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\MIMFPR_Y.DL_
2005-02-09 11:39 7851 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\MIMF32_Y.DL_
2005-02-09 11:38 13203 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\MGDI32_Y.DL_
2005-02-09 11:37 29151 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\MSPOOL_Y.DL_
2005-02-09 11:01 10932 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\MTAG32_Y.DL_
2005-02-01 13:06 934 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\MSD4___Y.IN_
2005-02-01 13:06 4632 --a------ C:\Desktop\Konica\PP1400W_English_Win2kXP\LICENSE.TXT
((((((((((((((((((((((((((((( snapshot@2008-01-24_12.48.07,62 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-24 11:43:00 241,664 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-25 08:13:47 241,664 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-24 11:43:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-25 08:13:47 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-24 11:43:00 241,664 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-25 08:13:47 241,664 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-24 11:43:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-25 08:13:47 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-24 11:43:00 6,021,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-25 08:13:47 6,021,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-24 11:43:01 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-25 08:13:47 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-25 08:17:53 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4c8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-08 08:43 15360]
"WinSnap"="D:\Program Files\WinSnap\WinSnap.exe" [2006-09-12 00:06 137216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 20:42 77824 C:\WINDOWS\SOUNDMAN.EXE]
"SiSPower"="SiSPower.dll" [2005-10-21 12:51 49152 C:\WINDOWS\system32\SiSPower.dll]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-08 08:43 79224]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="D:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 22:48 479232]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-01-08 08:43 15360]
C:\Documents and Settings\MANAGER\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - D:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe [2007-07-20 18:57:16 2913584]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-06-01 12:17:35 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
BTTray.lnk - D:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe [2004-11-30 13:30:00 565309]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2006-04-06 08:22:03 262144]
R1 eusk2par;EUTRON SmartKey Parallel Driver;C:\WINDOWS\system32\Drivers\eusk2par.sys [2004-11-18 11:49]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-09-22 16:44]
R3 genmcmnUSB;USB Scroll Mouse Driver;C:\WINDOWS\system32\DRIVERS\gflmouhid.sys [2004-04-19 15:01]
S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2003-04-18 06:15]
S3 eusk3usb;SmartKey 3 USB;C:\WINDOWS\system32\Drivers\eusk3usb.sys [2004-11-18 11:49]
S3 GT681x;%GrandTechICNameNT%;C:\WINDOWS\system32\DRIVERS\GT681x.SYS []
S3 n558;N558 Bluetooth USB Filter Driver;C:\WINDOWS\system32\Drivers\n558.sys [2007-08-15 07:27]
S3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 11:31]
S3 vncdrv;vncdrv;C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 13:22]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4a95054-be86-11dc-8772-003005bb818d}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2008-01-18 14:00:42 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-01-25 09:18:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
|
|
|
|
|
|