MyCity » Ambulanta -> Arhiva Ambulante » Win32/Rootkit.Agenr.ODG Trojan

Win32/Rootkit.Agenr.ODG Trojan

Napisano na dan: 19.6.2009
2

Win32/Rootkit.Agenr.ODG Trojan
Pagination Prethodna strana

Idi na vrh

Poslao: 19 Jun 2009 22:50
Idi na vrh
offline
  • Aco  Male
  • Moderator foruma
  • Aleksandar
  • Pridružio: 12 Maj 2006
  • Poruke: 16823
  • Gde živiš: /home/aco

Evo ga.. i sad poslije skeniranja nod neprijavljuje nista

ComboFix 09-06-18.02 - Aco 06/19/2009 22:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.964 [GMT 2:00]
Running from: c:\documents and settings\Aco\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Aco\Application Data\inst.exe
c:\windows\system32\drivers\mcahsuja.sys
c:\windows\system32\drivers\qkciu.sys
c:\windows\system32\drivers\SKYNETgqlsqmgw.sys
c:\windows\system32\drivers\vdouw.sys
c:\windows\system32\SKYNETfbaksrta.dll
c:\windows\system32\SKYNEToytifpuw.dat
c:\windows\system32\SKYNETreltpcaq.dat
c:\windows\system32\SKYNETvvsaihfd.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETrpsspbll


((((((((((((((((((((((((( Files Created from 2009-05-19 to 2009-06-19 )))))))))))))))))))))))))))))))
.

2009-06-19 20:24 . 2009-06-19 20:24 -------- d-----w- c:\documents and settings\Aco\Application Data\Thinstall
2009-06-19 18:54 . 2009-06-19 19:36 0 ----a-w- C:\backup.reg
2009-06-19 18:40 . 2009-06-19 18:40 -------- d-----w- c:\program files\YouTube Downloader
2009-06-19 11:35 . 2009-06-19 11:35 -------- d-----w- c:\documents and settings\Aco\Local Settings\Application Data\ESET
2009-06-19 11:35 . 2009-06-19 11:35 -------- d-----w- c:\windows\Downloaded Installations
2009-06-19 11:16 . 2009-06-19 11:16 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-19 09:08 . 2009-06-19 09:20 -------- d-----w- c:\documents and settings\Aco\Ekahau Site Survey
2009-06-19 09:07 . 2009-06-19 09:21 -------- d-----w- c:\program files\Ekahau
2009-06-19 08:57 . 2009-06-19 08:57 -------- d-----w- c:\program files\MyLanViewer
2009-06-18 21:41 . 2009-06-18 21:41 -------- d-----w- c:\windows\Icons
2009-06-18 21:34 . 2009-06-18 22:33 -------- d-----w- c:\windows\system32\NtmsData
2009-06-18 21:07 . 2009-06-18 21:34 -------- d-----w- c:\documents and settings\Aco\Application Data\IObit
2009-06-18 21:07 . 2009-06-19 11:42 -------- d-----w- c:\program files\IObit
2009-06-18 20:48 . 2009-06-18 21:33 -------- d-----w- c:\program files\Wise Registry Cleaner
2009-06-18 19:24 . 2009-06-18 19:24 -------- d-----w- c:\program files\Unlocker
2009-06-18 19:10 . 2009-06-18 19:10 -------- d-----w- c:\documents and settings\Aco\Application Data\Media Player Classic
2009-06-18 17:58 . 1997-11-19 13:49 303616 ----a-w- c:\windows\IsUninst.exe
2009-06-18 17:58 . 2009-06-18 17:58 -------- d-----w- c:\documents and settings\Aco\WINDOWS
2009-06-18 17:08 . 2009-06-18 17:08 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-06-18 17:03 . 2009-06-18 17:03 -------- d-----w- c:\documents and settings\Aco\Local Settings\Application Data\Adobe
2009-06-18 16:57 . 2009-06-18 16:57 -------- d-----w- c:\program files\Common Files\Motorola Shared
2009-06-18 16:50 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2009-06-18 16:50 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-06-18 16:50 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-06-18 16:50 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-06-18 16:50 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-06-18 16:50 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-06-18 16:50 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-06-18 16:50 . 2004-01-11 22:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-06-18 16:50 . 2009-06-18 21:33 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-18 16:15 . 2009-06-18 16:15 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-06-18 16:15 . 2009-06-18 16:15 47360 ------w- c:\documents and settings\Aco\Application Data\pcouffin.sys
2009-06-18 16:15 . 2009-06-18 21:33 -------- d-----w- c:\documents and settings\Aco\Application Data\Vso
2009-06-18 16:14 . 2007-03-18 19:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2009-06-18 16:14 . 2006-09-29 11:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2009-06-18 16:14 . 2006-09-29 11:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2009-06-18 16:14 . 2006-09-29 11:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2009-06-18 16:14 . 2006-05-20 15:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2009-06-18 16:14 . 2006-05-11 18:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2009-06-18 16:14 . 2002-12-10 01:20 102439 ----a-w- c:\windows\system32\sipr3260.dll
2009-06-18 16:14 . 2009-06-18 16:14 -------- d-----w- c:\program files\VSO
2009-06-18 15:15 . 2009-06-18 15:15 -------- d-----w- c:\windows\ie8updates
2009-06-18 15:00 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-18 15:00 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-18 15:00 . 2009-04-30 21:22 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-06-18 15:00 . 2009-04-30 21:22 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-19 19:39 . 2009-06-18 14:11 -------- d-----w- c:\program files\Mozilla Firefox 3.5 Beta 4
2009-06-19 14:50 . 2009-06-18 13:02 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-19 12:38 . 2009-06-18 13:28 -------- d-----w- c:\program files\1st Sound Recorder
2009-06-19 11:32 . 2009-06-18 14:03 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-06-18 21:14 . 2009-06-18 14:14 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-06-18 21:10 . 2009-06-18 12:48 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-18 17:22 . 2009-06-18 14:07 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-18 16:40 . 2009-06-18 14:07 -------- d-----w- c:\program files\AC3Filter
2009-06-18 14:27 . 2009-06-18 13:40 -------- d-----w- c:\program files\Java
2009-06-18 14:26 . 2009-06-18 14:26 152576 ------w- c:\documents and settings\Aco\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-18 14:17 . 2009-06-18 14:17 -------- d-----w- c:\documents and settings\Aco\Application Data\Malwarebytes
2009-06-18 14:17 . 2009-06-18 14:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-18 14:17 . 2009-06-18 14:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-18 14:15 . 2009-06-18 14:15 -------- d-----w- c:\documents and settings\Aco\Application Data\TuneUp Software
2009-06-18 14:15 . 2009-06-18 14:15 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-06-18 14:13 . 2009-06-18 14:13 -------- d-----w- c:\program files\VS Revo Group
2009-06-18 14:11 . 2009-06-18 14:11 0 ----a-w- c:\windows\nsreg.dat
2009-06-18 14:09 . 2009-06-18 14:09 -------- d-----w- c:\program files\Mv2Player
2009-06-18 14:09 . 2009-06-18 14:09 -------- d-----w- c:\program files\ASUSTeK
2009-06-18 14:09 . 2009-06-18 12:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-18 14:09 . 2009-06-18 12:55 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-18 14:08 . 2009-06-18 14:08 -------- d-----w- c:\program files\DivX_311alpha
2009-06-18 14:08 . 2009-06-18 14:08 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-18 14:08 . 2009-06-18 14:08 -------- d-----w- c:\program files\DivXCodec
2009-06-18 14:04 . 2009-06-18 14:04 3638 ------r- c:\documents and settings\Aco\Application Data\Microsoft\Installer\{B6BCCB80-B3FC-4E97-8513-A7BEE73A5C5A}\_98A101ADE6B49563D61EBE.exe
2009-06-18 14:04 . 2009-06-18 14:04 3638 ------r- c:\documents and settings\Aco\Application Data\Microsoft\Installer\{B6BCCB80-B3FC-4E97-8513-A7BEE73A5C5A}\_7EC000065F4FCD53105A1C.exe
2009-06-18 14:04 . 2009-06-18 14:04 10134 ------r- c:\documents and settings\Aco\Application Data\Microsoft\Installer\{B6BCCB80-B3FC-4E97-8513-A7BEE73A5C5A}\_C87C479E1DA6C42F6A34D4.exe
2009-06-18 14:04 . 2009-06-18 14:04 10134 ------r- c:\documents and settings\Aco\Application Data\Microsoft\Installer\{B6BCCB80-B3FC-4E97-8513-A7BEE73A5C5A}\_C080941B362BD02C8C608E.exe
2009-06-18 14:04 . 2009-06-18 14:04 10134 ------r- c:\documents and settings\Aco\Application Data\Microsoft\Installer\{B6BCCB80-B3FC-4E97-8513-A7BEE73A5C5A}\_1ACEE05C37FBBF5D65B447.exe
2009-06-18 14:04 . 2009-06-18 14:04 -------- d-----w- c:\program files\Teorex
2009-06-18 14:04 . 2009-06-18 14:04 -------- d-----w- c:\documents and settings\Aco\Application Data\ACD Systems
2009-06-18 14:00 . 2009-06-18 13:23 12912 ------w- c:\documents and settings\Aco\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-18 14:00 . 2009-06-18 14:00 -------- d-----w- c:\program files\TechSmith
2009-06-18 13:51 . 2009-06-18 13:51 -------- d-----w- c:\program files\MSBuild
2009-06-18 13:51 . 2009-06-18 13:51 -------- d-----w- c:\program files\Reference Assemblies
2009-06-18 13:47 . 2009-06-18 13:47 -------- d-----w- c:\program files\Google
2009-06-18 13:34 . 2009-06-18 13:34 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-18 13:34 . 2009-06-18 13:34 -------- d-----w- c:\program files\Microsoft
2009-06-18 13:34 . 2009-06-18 13:33 -------- d-----w- c:\program files\Windows Live
2009-06-18 13:33 . 2009-06-18 13:33 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-18 13:29 . 2009-06-18 13:29 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-18 13:28 . 2009-06-18 13:28 -------- d-----w- c:\documents and settings\Aco\Application Data\Apple Computer
2009-06-18 13:26 . 2009-06-18 13:26 -------- d-----w- c:\documents and settings\Aco\Application Data\Ahead
2009-06-18 13:25 . 2009-06-18 13:25 -------- d-----w- c:\program files\Nero
2009-06-18 13:25 . 2009-06-18 13:25 -------- d-----w- c:\program files\Common Files\Ahead
2009-06-18 13:24 . 2009-06-18 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-18 13:23 . 2009-06-18 13:23 -------- d-----w- c:\program files\QuickTime
2009-06-18 13:21 . 2009-06-18 13:21 -------- d-----w- c:\program files\Apple Software Update
2009-06-18 13:21 . 2009-06-18 13:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-18 13:20 . 2009-06-18 13:20 -------- d-----w- c:\program files\Windows Media Connect 2
2009-06-18 13:18 . 2009-06-18 13:17 -------- d-----w- c:\documents and settings\Aco\Application Data\Winamp
2009-06-18 13:18 . 2009-06-18 13:17 -------- d-----w- c:\program files\Winamp
2009-06-18 13:18 . 2009-06-18 13:17 -------- d-----w- c:\program files\CDex_140b9
2009-06-18 13:15 . 2009-06-18 13:13 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-06-18 13:10 . 2009-06-18 13:10 -------- d-----w- c:\program files\ESET
2009-06-18 13:10 . 2009-06-18 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-06-18 13:06 . 2009-06-18 13:06 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-06-18 13:06 . 2009-06-18 13:06 -------- d-----w- c:\program files\Ovislink
2009-06-18 13:06 . 2009-06-18 13:06 -------- d-----w- c:\documents and settings\Aco\Application Data\InstallShield
2009-06-18 13:02 . 2009-06-18 13:02 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-18 13:00 . 2009-06-18 13:00 -------- d-----w- c:\program files\Realtek
2009-06-18 12:59 . 2009-06-18 12:59 315392 ----a-w- c:\windows\HideWin.exe
2009-06-18 12:55 . 2009-06-18 12:55 -------- d-----w- c:\program files\VIA
2009-06-18 12:49 . 2009-06-18 12:49 -------- d-----w- c:\program files\microsoft frontpage
2009-06-18 12:45 . 2009-06-18 12:45 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-17 09:27 . 2009-06-18 14:17 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 09:27 . 2009-06-18 14:17 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-10 06:28 . 2009-06-10 06:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 06:28 . 2009-06-10 06:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 06:28 . 2009-06-10 06:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 06:28 . 2009-06-10 06:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 06:28 . 2009-06-10 06:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 06:28 . 2009-06-10 06:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 06:28 . 2009-06-10 06:28 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-06-10 04:03 . 2009-06-18 13:02 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 04:03 . 2009-04-30 20:02 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 04:03 . 2009-04-30 20:02 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 04:03 . 2009-04-30 20:02 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 04:03 . 2009-04-30 20:02 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 04:03 . 2009-04-30 20:02 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-06-10 04:03 . 2009-04-30 20:02 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 04:03 . 2009-04-30 20:02 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 04:03 . 2009-04-30 20:02 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 04:03 . 2009-04-30 20:02 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 04:03 . 2009-04-30 20:02 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-08 15:30 . 2009-06-08 15:30 1614848 ----a-w- c:\windows\system32\sfcfiles.dll
2009-06-08 15:30 . 2009-06-08 15:30 990208 ----a-w- c:\windows\system32\syssetup.dll
2009-06-04 14:39 . 2009-06-18 13:02 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-05-14 13:49 . 2009-05-14 13:49 94360 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-05-14 13:47 . 2009-05-14 13:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 13:41 . 2009-05-14 13:41 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-05-13 05:15 . 2008-04-14 03:42 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2008-04-14 03:41 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 21:02 . 2001-12-18 21:02 685056 ----a-w- c:\windows\system32\divx.dll
2009-04-17 12:26 . 2008-04-13 23:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2008-04-14 03:42 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-07 12:45 . 2009-04-07 12:45 12416 ----a-w- c:\windows\system32\drivers\ekauio.sys
2009-04-03 10:39 . 2009-04-03 10:39 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
.

------- Sigcheck -------

[-] 2009-06-08 15:30 1614848 9AEA06C8403D4A20C606CDC242312B41 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-06-17 414992]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-02-26 16125440]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AirLive 802.11G Wireless Utility.lnk - c:\program files\Ovislink\Common\AirLiveUI.exe [2009-6-18 1748992]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"RemoteControl"="c:\program files\ASUSTeK\ASUSDVD\PDVDServ.exe"
"WinampAgent"="c:\program files\Winamp\winampa.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [4/16/2009 13:33 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [4/16/2009 13:33 52224]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [5/14/2009 15:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [5/14/2009 15:49 94360]
R2 Ekauio;Ekahau NDIS Usermode I/O Protocol;c:\windows\system32\drivers\ekauio.sys [4/7/2009 14:45 12416]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [5/14/2009 15:47 731840]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/18/2009 16:17 195856]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\Ovislink\Common\RalinkRegistryWriter.exe [6/18/2009 15:06 69632]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/18/2009 16:17 19096]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]

2009-06-18 c:\windows\Tasks\Wise Registry Cleaner 4.job
- c:\program files\Wise Registry Cleaner\WiseRegistryCleaner.exe [2009-06-18 23:07]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.winzip.com/instcmplt.cgi?pid=WNZP&ver=12.1.8497.0&lang=EN&vid=ekln&3pa=ggle:0
FF - ProfilePath -

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-19 22:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-06-19 22:47
ComboFix-quarantined-files.txt 2009-06-19 20:47

Pre-Run: 45,151,162,368 bytes free
Post-Run: 45,193,863,168 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

304

Poslao: 19 Jun 2009 23:26
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ne bi ni trebao da prijavljuje... Ovo izgleda čisto.

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

combofix /u

Primeti da postoji razmak između "ComboFix" i "/u".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.


To bi bilo to.

Poslao: 19 Jun 2009 23:32
Idi na vrh
offline
  • Aco  Male
  • Moderator foruma
  • Aleksandar
  • Pridružio: 12 Maj 2006
  • Poruke: 16823
  • Gde živiš: /home/aco

OK... Ziv bio Ziveli

MyCity » Ambulanta -> Arhiva Ambulante » Win32/Rootkit.Agenr.ODG Trojan

Ko je trenutno na forumu
 

Ukupno su 1142 korisnika na forumu :: 33 registrovanih, 6 sakrivenih i 1103 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Aleksandar Tomić, babaroga, Bane san, cuculo, draganca, Džordžino, FileFinder, Georgius, HogarStrashni, ikan, kokodakalo, kolle.the.kid, Lieutenant, MiroslavD, nenad81, nikoladim, pein, proka89, raptorsi, royst33, Silvertooth, Srky Boy, stagezin, styg, Tila Painen, tmanda323, Tvrtko I, vandrej, vathra, Vlada1389, Vlada78, voja64, Zerajic