Poslao: 22 Jan 2009 21:31
|
offline
- orkabitola
- Novi MyCity građanin
- Pridružio: 22 Jan 2009
- Poruke: 18
- Gde živiš: bitola
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:57:39, on 22.01.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\r_server.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\csrcs.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ORL\VNC\WinVNC.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Di recnik\Di.exe
C:\WINDOWS\System32\rs32net.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\rs32net.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Di dictionary] "C:\Program Files\Di recnik\Di.exe"
O4 - HKLM\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe
O4 - HKLM\..\Run: [Pjoxusuyanamisu] rundll32.exe "C:\WINDOWS\Fjosobesit.dll",e
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: prevedi sa di recnikom - C:\Program Files\Di recnik\diie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{59B1FFBD-5C10-44C5-A4F5-45F0E9F0F528}: NameServer = 62.162.32.5 62.162.32.6
O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: VNC Server (winvnc) - AT&T Research Labs Cambridge - C:\Program Files\ORL\VNC\WinVNC.exe
--
End of file - 5475 bytes
------------------------------------------------------------------
nemogu se aktivirati spybot i slicne alatke...cak i njihove WEB stranice se
isklucuju...postoecki antivirus ( AVG ) nemoze updatovati .... cak i u safe mode nista ne radi
|
|
|
|
|
Poslao: 23 Jan 2009 09:50
|
offline
- orkabitola
- Novi MyCity građanin
- Pridružio: 22 Jan 2009
- Poruke: 18
- Gde živiš: bitola
|
nijedna od ovih stranica se ne ukljucuje...pojavise ovo
The page cannot be displayed
The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may need to adjust your browser settings.
------------- ovo se desava sa svakom stranicom koja sadrzi nesto ciscenje
Dopuna: 23 Jan 2009 9:50
da naglasim da imam ISDN konekciu....
|
|
|
|
|
Poslao: 24 Jan 2009 11:15
|
offline
- orkabitola
- Novi MyCity građanin
- Pridružio: 22 Jan 2009
- Poruke: 18
- Gde živiš: bitola
|
ComboFix 09-01-21.04 - USER 2009-01-24 11:05:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.503.269 [GMT 1:00]
Running from: c:\documents and settings\USER\Desktop\C-F.exe
AV: AVG 7.5.549 *On-access scanning disabled* (Outdated)
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - svchost.exe: deleted 25600 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Internet Explorer\setupapi.dll
c:\program files\Mozilla Firefox\setupapi.dll
c:\windows\system32\AutoRun.inf
c:\windows\system32\crypts.dll
c:\windows\system32\csrcs.exe
c:\windows\system32\drivers\65cbc041.sys
c:\windows\system32\drivers\ati0msxx.sys
c:\windows\system32\drivers\TDSSpaxt.sys
c:\windows\system32\rs32net.exe
c:\windows\system32\TDSScfum.dll
c:\windows\system32\TDSSfxwp.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSnrsr.dll
c:\windows\system32\TDSSofxh.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\TDSSrhym.log
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSSsbhc.dll
c:\windows\system32\TDSStkdv.log
c:\windows\system32\xadzlfus.dll
c:\windows\system32\xadzlfus32.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_TDSSserv.sys
-------\Legacy_TDSSserv.sys
-------\Legacy_ati0msxx
-------\Legacy_icf
-------\Legacy_R_SERVER
-------\Service_ati0msxx
-------\Service_icf
-------\Service_r_server
((((((((((((((((((((((((( Files Created from 2008-12-24 to 2009-01-24 )))))))))))))))))))))))))))))))
.
2009-01-23 17:53 . 2009-01-23 17:53 <DIR> d-------- c:\program files\Universal Math Solver
2009-01-22 18:54 . 2009-01-22 18:54 <DIR> d-------- c:\program files\Trend Micro
2009-01-22 18:52 . 2009-01-22 18:52 41,984 --a------ c:\windows\Fjosobesit.dll
2009-01-22 18:52 . 2009-01-22 18:52 41,984 --a------ C:\goygfvyr.exe
2009-01-22 18:52 . 2009-01-22 18:52 705 --a------ C:\nhjib.exe
2009-01-22 18:49 . 2009-01-22 18:52 91,736 --a------ C:\tsdl.exe
2009-01-22 18:48 . 2009-01-22 18:48 2 --a------ C:\1422989061
2009-01-22 18:47 . 2009-01-22 18:47 82,432 --a------ C:\iicj.exe
2009-01-21 19:24 . 2009-01-21 19:25 <DIR> d-------- c:\program files\Spyware Terminator
2009-01-21 19:24 . 2009-01-23 17:36 <DIR> d-------- c:\documents and settings\USER\Application Data\Spyware Terminator
2009-01-21 19:24 . 2009-01-21 19:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-01-21 19:24 . 2009-01-21 19:24 141,312 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys
2009-01-20 19:35 . 2009-01-23 17:38 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-14 10:12 . 2009-01-14 10:13 248,488 --a------ c:\windows\system32\ht7x.exe
2009-01-13 17:10 . 2009-01-13 17:10 <DIR> d-------- c:\program files\Parsons Technology
2009-01-13 17:10 . 1995-01-13 14:10 108,032 --a------ c:\windows\system\Mfcuia32.dll
2009-01-13 17:10 . 1996-09-13 09:49 76,765 --a------ c:\windows\DANN5032.EXE
2009-01-09 18:21 . 2009-01-09 18:21 0 -rahs---- C:\khs
2009-01-09 18:17 . 2009-01-09 18:17 100,588 --a------ c:\windows\system32\drivers\2081d44c.sys
2009-01-09 11:21 . 2009-01-09 11:21 102,439 --a------ c:\windows\system32\msvcrt2.dll
2009-01-08 17:49 . 2009-01-09 17:57 <DIR> d-------- c:\program files\Glary Utilities
2009-01-08 08:51 . 2009-01-21 17:41 <DIR> d-------- c:\documents and settings\Administrator\Application Data\AVG7
2009-01-08 08:48 . 2009-01-22 18:42 <DIR> d-------- c:\documents and settings\Administrator
2009-01-06 10:42 . 2009-01-24 11:09 100,588 --a------ c:\windows\system32\drivers\4e221b4f.sys
2008-12-31 10:47 . 2008-12-31 10:47 883 -rahs---- c:\windows\system32\autorun.i
2008-12-31 10:47 . 2008-12-31 10:47 859 -rahs---- c:\windows\system32\autorun.in
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 19:12 14,336 ----a-w c:\windows\system32\svchost.exe
2009-01-23 08:37 --------- d-----w c:\program files\Weather Watcher
2009-01-22 17:54 --------- d-----w c:\program files\Di recnik
2009-01-21 12:29 --------- d-----w c:\documents and settings\USER\Application Data\AVG7
2009-01-13 17:27 --------- d-----w c:\documents and settings\USER\Application Data\BSplayer
2008-12-26 07:00 --------- d-----w c:\documents and settings\LocalService\Application Data\AVG7
2004-08-03 22:56 171,362 --sha-r c:\windows\system32\ipwelf.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-11-07 590848]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 131072]
"WinVNC"="c:\program files\ORL\VNC\WinVNC.exe" [2000-05-23 208896]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"Di dictionary"="c:\program files\Di recnik\Di.exe" [2007-03-16 518656]
"Pjoxusuyanamisu"="c:\windows\Fjosobesit.dll" [2009-01-22 41984]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2006-03-09 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-12-18 219136]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-18 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list]
"3775:TCP"= 3775:TCP:xjjnstdg
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2006-09-18 13696]
R3 netModUSBService;Service for netMod USB CAPI Driver;c:\windows\system32\drivers\nMUSB.sys [2007-12-17 61648]
S1 65cbc041;65cbc041;c:\windows\system32\drivers\65cbc041.sys --> c:\windows\system32\drivers\65cbc041.sys [?]
S3 vmdmc;ELCON VCOMM Port Driver;c:\windows\system32\drivers\vmdmc.sys [2007-12-17 326688]
S4 vytkxhmcu;Server Network;c:\windows\system32\svchost.exe -k netsvcs [2004-08-03 14336]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
vytkxhmcu
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-rs32net - c:\windows\System32\rs32net.exe
HKLM-Explorer_Run-csrcs - c:\windows\system32\csrcs.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: prevedi sa di recnikom - c:\program files\Di recnik\diie.htm
IE: translate with di dictionary -
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-01-24 11:08:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\4e221b4f]
"ImagePath"="\SystemRoot\System32\drivers\4e221b4f.sys"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vytkxhmcu]
"ServiceDll"="c:\windows\system32\ipwelf.dll"
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\progra~1\Grisoft\AVG7\avgemc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\ntvdm.exe
.
**************************************************************************
.
Completion time: 2009-01-24 11:10:15 - machine was rebooted [USER]
ComboFix-quarantined-files.txt 2009-01-24 10:10:12
Pre-Run: 37,858,254,848 bytes free
Post-Run: 37,802,602,496 bytes free
171
|
|
|
|
|
Poslao: 24 Jan 2009 12:38
|
offline
- orkabitola
- Novi MyCity građanin
- Pridružio: 22 Jan 2009
- Poruke: 18
- Gde živiš: bitola
|
ComboFix 09-01-21.04 - USER 2009-01-24 12:30:53.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.503.207 [GMT 1:00]
Running from: c:\documents and settings\USER\Desktop\C-F.exe
Command switches used :: c:\documents and settings\USER\Desktop\CFScript.txt
AV: AVG 7.5.549 *On-access scanning disabled* (Outdated)
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\1422989061
C:\goygfvyr.exe
C:\iicj.exe
C:\nhjib.exe
C:\tsdl.exe
c:\windows\Fjosobesit.dll
c:\windows\system32\autorun.i
c:\windows\system32\autorun.in
c:\windows\system32\drivers\2081d44c.sys
c:\windows\system32\drivers\4e221b4f.sys
c:\windows\system32\ht7x.exe
c:\windows\system32\ipwelf.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\1422989061
C:\goygfvyr.exe
C:\iicj.exe
C:\nhjib.exe
C:\tsdl.exe
c:\windows\Fjosobesit.dll
c:\windows\system32\autorun.i
c:\windows\system32\autorun.in
c:\windows\system32\drivers\2081d44c.sys
c:\windows\system32\drivers\4e221b4f.sys
c:\windows\system32\ht7x.exe
c:\windows\system32\ipwelf.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_VYTKXHMCU
-------\Service_4e221b4f
-------\Service_65cbc041
-------\Service_vytkxhmcu
((((((((((((((((((((((((( Files Created from 2008-12-24 to 2009-01-24 )))))))))))))))))))))))))))))))
.
2009-01-23 17:53 . 2009-01-23 17:53 <DIR> d-------- c:\program files\Universal Math Solver
2009-01-22 18:54 . 2009-01-22 18:54 <DIR> d-------- c:\program files\Trend Micro
2009-01-21 19:24 . 2009-01-21 19:25 <DIR> d-------- c:\program files\Spyware Terminator
2009-01-21 19:24 . 2009-01-23 17:36 <DIR> d-------- c:\documents and settings\USER\Application Data\Spyware Terminator
2009-01-21 19:24 . 2009-01-21 19:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-01-21 19:24 . 2009-01-21 19:24 141,312 --a------ c:\windows\system32\drivers\sp_rsdrv2.sys
2009-01-20 19:35 . 2009-01-23 17:38 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-13 17:10 . 2009-01-13 17:10 <DIR> d-------- c:\program files\Parsons Technology
2009-01-13 17:10 . 1995-01-13 14:10 108,032 --a------ c:\windows\system\Mfcuia32.dll
2009-01-13 17:10 . 1996-09-13 09:49 76,765 --a------ c:\windows\DANN5032.EXE
2009-01-09 18:21 . 2009-01-09 18:21 0 -rahs---- C:\khs
2009-01-09 11:21 . 2009-01-09 11:21 102,439 --a------ c:\windows\system32\msvcrt2.dll
2009-01-08 17:49 . 2009-01-09 17:57 <DIR> d-------- c:\program files\Glary Utilities
2009-01-08 08:51 . 2009-01-21 17:41 <DIR> d-------- c:\documents and settings\Administrator\Application Data\AVG7
2009-01-08 08:48 . 2009-01-22 18:42 <DIR> d-------- c:\documents and settings\Administrator
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 19:12 14,336 ----a-w c:\windows\system32\svchost.exe
2009-01-23 08:37 --------- d-----w c:\program files\Weather Watcher
2009-01-22 17:54 --------- d-----w c:\program files\Di recnik
2009-01-21 12:29 --------- d-----w c:\documents and settings\USER\Application Data\AVG7
2009-01-13 17:27 --------- d-----w c:\documents and settings\USER\Application Data\BSplayer
2008-12-26 07:00 --------- d-----w c:\documents and settings\LocalService\Application Data\AVG7
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\DANN5032.EXE -- 16-bit executable. Not a PE file.
MD5: 2228283ba0ac4e765ddd486c9071fa1a
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-11-07 590848]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 131072]
"WinVNC"="c:\program files\ORL\VNC\WinVNC.exe" [2000-05-23 208896]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"Di dictionary"="c:\program files\Di recnik\Di.exe" [2007-03-16 518656]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2006-03-09 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-12-18 219136]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-18 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"=
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2006-09-18 13696]
R3 netModUSBService;Service for netMod USB CAPI Driver;c:\windows\system32\drivers\nMUSB.sys [2007-12-17 61648]
S3 vmdmc;ELCON VCOMM Port Driver;c:\windows\system32\drivers\vmdmc.sys [2007-12-17 326688]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Prevedi sa Di recnikom - c:\program files\Di recnik\diie.htm
IE: Translate with Di dictionary -
TCP: {59B1FFBD-5C10-44C5-A4F5-45F0E9F0F528} = 62.162.32.5 62.162.32.6
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-01-24 12:33:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\progra~1\Grisoft\AVG7\avgemc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2009-01-24 12:34:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-24 11:34:21
ComboFix2.txt 2009-01-24 10:10:16
Pre-Run: 37.789.560.832 bytes free
Post-Run: 37,777,932,288 bytes free
149
|
|
|
|
|
Poslao: 25 Jan 2009 22:53
|
offline
- orkabitola
- Novi MyCity građanin
- Pridružio: 22 Jan 2009
- Poruke: 18
- Gde živiš: bitola
|
AVG update ...radi
spybot ..radi za ostale stvari sam u teku..videcu
|
|
|
|
|