MyCity » Ambulanta -> Arhiva Ambulante » KIS 2009 firewall cesto obavestava o napadu....

KIS 2009 firewall cesto obavestava o napadu....

Napisano na dan: 29.9.2009
1

KIS 2009 firewall cesto obavestava o napadu....
Sledeća strana Pagination

Idi na vrh

Poslao: 29 Sep 2009 16:40
Idi na vrh
offline
  • Pridružio: 06 Jan 2009
  • Poruke: 265

Napisano: 29 Sep 2009 16:36

-Kao sto sam napisao u topic -u firewall od kaspersky internet security me obavestava da me neko napada vec dva dana, u kratkom vremenskom intervalu.
-Skenirao sam racunar kasperskim, malwarebytes, spybot -om i sa SUPERAntiSpyware Free Edition ... Ccleaner uredno koristim... I Iscistio racunar.Takodje sam instalirao peer guardian.
-Imam ADSL 1mb/s.
Nadam se da je tu sve sto Vam treba, unapred se zahvaljujem na pomoci. Love you people.




DDS (Ver_09-09-29.01) - NTFSx86
Run by Luxon at 16:13:23.81 on Tue 09/29/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.204 [GMT 2:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAgent.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\slmdmsr.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\TUProgSt.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Documents and Settings\Luxon\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FF6C3CF0-4B15-11D1-ABED-709549C10000} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mPolicies-explorer: LoginPrompt = 94988A829E818C9B848C94988ADDDE
IE: &Clean Traces
IE: &Download with &DAP
IE: Add to Banner Ad Blocker - c:\program files\kaspersky lab\kaspersky internet security 2009\ie_banner_deny.htm
IE: Download &all with DAP
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\progra~1\speedb~1\sblsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {A235CBFA-F722-49BD-9A3C-A15D308A16FC} = 195.66.160.1 195.66.160.2
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\luxon\applic~1\mozilla\firefox\profiles\bjeykgh2.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 7070
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-9-26 213520]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe [2008-7-29 208616]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-7-30 604488]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~1\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~1\VideoAcceleratorService.exe -start -scm [?]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2009-5-28 108032]
S3 econceal;MicroWorld Technologies Network Service;c:\windows\system32\drivers\econceal.sys --> c:\windows\system32\drivers\econceal.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]
S3 ZSMC0305;Vimicro USB PC Camera (VC0305);c:\windows\system32\drivers\usbVM305.sys [2009-9-9 391737]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-09-29 14:07 <DIR> --d----- c:\docume~1\luxon\applic~1\Hide IP NG
2009-09-29 14:01 32 a------- c:\windows\go
2009-09-28 22:58 <DIR> --ds---- C:\ComboFix
2009-09-28 22:42 389,120 a------- c:\windows\system32\CF15848.exe
2009-09-28 22:25 <DIR> --d----- c:\docume~1\luxon\applic~1\Malwarebytes
2009-09-28 22:25 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-28 22:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-28 22:24 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-28 22:24 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-28 19:02 <DIR> --d----- c:\program files\PeerGuardian2
2009-09-28 17:08 <DIR> --d----- c:\documents and settings\luxon\.housecall6.6
2009-09-27 18:07 13,056 a------- c:\windows\SPORDER.EXE
2009-09-27 14:08 <DIR> --d----- c:\program files\SpeedBit Video Accelerator
2009-09-27 14:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SpeedBit
2009-09-27 14:03 172,032 a------- c:\windows\system32\AniGIF.ocx
2009-09-27 14:03 <DIR> --d----- c:\program files\DAP
2009-09-27 13:46 <DIR> --d----- c:\docume~1\luxon\applic~1\BitTorrent
2009-09-27 13:31 <DIR> --d----- c:\program files\BitTorrent
2009-09-27 13:25 <DIR> --d----- c:\program files\BitTorrent Turbo Accelerator
2009-09-26 19:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-09-26 19:26 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-09-26 19:26 <DIR> --d----- c:\docume~1\luxon\applic~1\SUPERAntiSpyware.com
2009-09-26 19:26 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-09-26 18:15 <DIR> --d----- c:\program files\uTorrent
2009-09-26 18:15 <DIR> --d----- c:\docume~1\luxon\applic~1\uTorrent
2009-09-26 16:43 <DIR> --d----- C:\Sandbox
2009-09-26 16:42 1,450 a------- c:\windows\Sandboxie.ini
2009-09-26 16:40 <DIR> --d----- c:\program files\Sandboxie
2009-09-26 15:24 229,208 a------- c:\windows\system32\drivers\VMM.sys
2009-09-26 15:23 153,088 -c------ c:\windows\system32\dllcache\triedit.dll
2009-09-26 14:20 107,547 a------- c:\windows\system32\drivers\klin.dat
2009-09-26 14:20 95,259 a------- c:\windows\system32\drivers\klick.dat
2009-09-26 14:19 3,354,656 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-09-26 14:19 516,128 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-09-26 14:19 28,336 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-09-26 14:19 3,892 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-09-26 14:19 <DIR> --d----- c:\program files\Kaspersky Lab
2009-09-24 13:12 <DIR> --d----- c:\program files\Super Internet TV
2009-09-23 11:55 <DIR> a-d----- c:\windows\rundll16.exe
2009-09-23 11:55 <DIR> a-d----- c:\windows\logo1_.exe
2009-09-21 18:31 <DIR> --d----- c:\windows\MsTemp
2009-09-21 18:31 <DIR> --d----- c:\windows\IN
2009-09-21 17:46 5,455,261 a------- c:\windows\REGBK00.ZIP
2009-09-21 17:10 <DIR> a-d----- c:\windows\VDLL.DLL
2009-09-21 17:10 <DIR> a-d----- c:\windows\system32\runouce.exe
2009-09-21 17:10 <DIR> a-d----- c:\windows\RUNDL132.EXE
2009-09-21 17:10 <DIR> a-d----- c:\windows\logo_1.exe
2009-09-21 17:04 632,064 a------- c:\windows\system32\msvcr80.dll
2009-09-21 17:04 554,240 a------- c:\windows\system32\msvcp80.dll
2009-09-21 17:04 522 a------- c:\windows\system32\Microsoft.VC80.CRT.manifest
2009-09-21 17:04 270,472 -------- c:\windows\system32\drivers\bdfsfltr.sys
2009-09-21 17:02 <DIR> --d----- c:\docume~1\luxon\applic~1\MicroWorld
2009-09-21 17:02 0 a------- C:\23990098.$$$
2009-09-21 17:02 105,944 a------- c:\windows\winsbak2.reg
2009-09-21 17:02 357 a------- C:\bootini.ins
2009-09-21 17:02 146,432 a------- c:\windows\R.COM
2009-09-21 17:02 135,680 a------- c:\windows\system32\T.COM
2009-09-21 17:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MicroWorld
2009-09-21 17:01 <DIR> --d----- c:\program files\common files\MicroWorld
2009-09-14 19:00 311,296 -------- c:\windows\system32\fppmon2.dll
2009-09-14 19:00 118,784 -------- c:\windows\system32\fppr232.dll
2009-09-14 18:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\pdf995
2009-09-14 18:47 249,856 a------- c:\windows\system32\pdfmona.dll
2009-09-14 18:47 51,716 a------- c:\windows\system32\pdf995mon.dll
2009-09-14 18:47 <DIR> --d----- c:\program files\pdf995
2009-09-12 18:13 12,916,066 a------- c:\windows\system32\aweyuwe.wav
2009-09-08 21:47 175,104 ac------ c:\windows\system32\dllcache\csamsp.dll
2009-09-08 21:47 16,128 ac------ c:\windows\system32\dllcache\modemcsa.sys
2009-09-08 21:47 175,104 a------- c:\windows\system32\csamsp.dll
2009-09-08 21:47 16,128 a------- c:\windows\system32\drivers\MODEMCSA.sys
2009-09-08 21:40 <DIR> --d----- c:\windows\system32\drivers\SLDRV
2009-09-08 21:40 221,184 a------- c:\windows\system32\slmdmsp.dll
2009-09-08 21:40 192,512 a------- c:\windows\system32\slmdmgx.dll
2009-09-08 21:40 77,824 a------- c:\windows\system32\slmdmco.dll
2009-09-08 21:40 61,440 a------- c:\windows\system32\slmdmsr.exe
2009-09-08 21:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Innovative Solutions
2009-09-08 21:29 <DIR> --d----- c:\program files\Innovative Solutions
2009-08-30 16:40 <DIR> --d----- c:\program files\common files\Vbox

==================== Find3M ====================

2009-09-26 19:28 2,516 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2009-09-26 19:28 88 ---shr-- c:\docume~1\alluse~1\applic~1\196C603409.sys
2009-09-26 15:06 33,808 a------- c:\windows\system32\drivers\klbg.sys
2009-09-21 17:11 1,124,872 a------- c:\windows\system32\contfilt.dll
2009-09-21 17:11 178,696 a------- c:\windows\system32\mwnsp.dll
2009-09-21 17:11 539,144 a------- c:\windows\system32\mwtsp.dll
2009-08-20 12:32 280,016 a------- c:\windows\system32\drivers\sfi.dat
2009-08-13 00:48 20,328 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-08-06 13:13 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-08-05 13:11 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 11:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-01 23:20 499,712 a------- c:\windows\system32\msvcp71.dll
2009-08-01 23:20 348,160 a------- c:\windows\system32\msvcr71.dll
2009-07-31 01:01 182,792 a------- c:\windows\system32\BACKUP.16677845.mwnsp.dll
2009-07-31 01:00 1,124,872 a------- c:\windows\system32\BACKUP.10122138.contfilt.dll
2009-07-31 00:52 543,240 a------- c:\windows\system32\BACKUP.47394011.mwtsp.dll
2009-07-31 00:52 237,576 a------- c:\windows\inst_tspx.exe
2009-07-31 00:52 178,696 a------- c:\windows\inst_tsp.exe
2009-07-31 00:51 125,448 a------- c:\windows\killproc.exe
2009-07-30 20:17 410,976 a------- c:\windows\system32\deploytk.dll
2009-07-30 19:51 604,488 a------- c:\windows\system32\TUProgSt.exe
2009-07-30 19:51 361,288 a------- c:\windows\system32\TuneUpDefragService.exe
2009-07-27 13:42 108,144 a------- c:\windows\system32\CmdLineExt.dll
2009-07-17 21:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-15 19:09 135,936 a------- c:\windows\system32\ZIPDLL.DLL
2009-07-15 19:08 130,816 a------- c:\windows\system32\UNZDLL.DLL
2009-07-15 19:08 13,840 a------- c:\windows\system32\sporder.dll
2009-07-15 19:08 13,840 a------- c:\windows\sporder.dll
2009-07-15 11:48 29,000 a------- c:\windows\system32\uxtuneup.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-03 19:09 915,456 -------- c:\windows\system32\wininet.dll

============= FINISH: 16:14:22.03 ===============







https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

Dopuna: 29 Sep 2009 16:40

Da ne zaboravim...Combofix sam takodje koristio.

Poslao: 29 Sep 2009 17:09
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Daj mi log od Combofixa...U uputstvu ne stoji da treba isti pokretati...

btw..Ne vidim nista sporno..KIS samo radi svoj posao...

Poslao: 29 Sep 2009 18:04
Idi na vrh
offline
  • Pridružio: 06 Jan 2009
  • Poruke: 265

Napisano: 29 Sep 2009 18:03

Imam ovo, samo ne znam otkud mi na c: particiji i sto je najgore od svega, ne mogu da obrisem to... Moze li da bude virus... U njemu se nalazi folder open office koji ne mogu da otvorim. -- Sorry za offtopic.






ComboFix 09-09-28.01 - Luxon 09/29/2009 17:35.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.277 [GMT 2:00]
Running from: c:\documents and settings\Luxon\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-29 )))))))))))))))))))))))))))))))
.

2009-09-29 12:07 . 2009-09-29 12:28 -------- d-----w- c:\documents and settings\Luxon\Application Data\Hide IP NG
2009-09-28 20:25 . 2009-09-28 20:25 -------- d-----w- c:\documents and settings\Luxon\Application Data\Malwarebytes
2009-09-28 20:25 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-28 20:25 . 2009-09-28 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-28 20:24 . 2009-09-28 20:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-28 20:24 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-28 17:02 . 2009-09-29 15:37 -------- d-----w- c:\program files\PeerGuardian2
2009-09-28 15:08 . 2009-09-28 15:09 -------- d-----w- c:\documents and settings\Luxon\.housecall6.6
2009-09-27 16:07 . 2009-07-22 20:39 13056 ----a-w- c:\windows\SPORDER.EXE
2009-09-27 12:08 . 2009-09-27 12:09 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2009-09-27 12:03 . 2009-09-27 12:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2009-09-27 12:03 . 2009-09-28 19:57 -------- d-----w- c:\program files\DAP
2009-09-27 11:46 . 2009-09-27 13:56 -------- d-----w- c:\documents and settings\Luxon\Application Data\BitTorrent
2009-09-27 11:31 . 2009-09-27 11:31 -------- d-----w- c:\program files\BitTorrent
2009-09-27 11:25 . 2009-09-27 13:56 -------- d-----w- c:\program files\BitTorrent Turbo Accelerator
2009-09-26 17:27 . 2009-09-26 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-26 17:26 . 2009-09-26 17:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-26 17:26 . 2009-09-26 17:26 -------- d-----w- c:\documents and settings\Luxon\Application Data\SUPERAntiSpyware.com
2009-09-26 17:26 . 2009-09-26 17:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-26 16:15 . 2009-09-26 16:15 -------- d-----w- c:\program files\uTorrent
2009-09-26 16:15 . 2009-09-26 16:46 -------- d-----w- c:\documents and settings\Luxon\Application Data\uTorrent
2009-09-26 14:43 . 2009-09-26 14:43 -------- d-----w- C:\Sandbox
2009-09-26 14:40 . 2009-09-26 14:40 -------- d-----w- c:\program files\Sandboxie
2009-09-26 13:24 . 2009-09-26 13:24 229208 ----a-w- c:\windows\system32\drivers\VMM.sys
2009-09-26 13:23 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-26 13:08 . 2009-09-26 13:08 -------- d-----w- c:\documents and settings\Luxon\Local Settings\Application Data\Opera
2009-09-26 13:08 . 2009-09-26 13:08 -------- d-----w- c:\program files\Opera
2009-09-26 12:20 . 2009-09-26 12:50 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-09-26 12:20 . 2009-09-26 12:50 107547 ----a-w- c:\windows\system32\drivers\klin.dat
2009-09-26 12:19 . 2009-09-29 15:34 524320 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-09-26 12:19 . 2009-09-29 08:33 3354656 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-26 12:19 . 2009-09-26 12:19 -------- d-----w- c:\program files\Kaspersky Lab
2009-09-24 11:12 . 2009-09-24 11:18 -------- d-----w- c:\program files\Super Internet TV
2009-09-23 09:55 . 2009-09-23 09:55 -------- d---a-w- c:\windows\rundll16.exe
2009-09-23 09:55 . 2009-09-23 09:55 -------- d---a-w- c:\windows\logo1_.exe
2009-09-21 16:31 . 2009-09-21 16:31 -------- d-----w- c:\windows\MsTemp
2009-09-21 16:31 . 2009-09-21 16:31 -------- d-----w- c:\windows\IN
2009-09-21 15:46 . 2009-09-21 15:47 5455261 ----a-w- c:\windows\REGBK00.ZIP
2009-09-21 15:10 . 2009-09-21 15:10 -------- d---a-w- c:\windows\VDLL.DLL
2009-09-21 15:10 . 2009-09-21 15:10 -------- d---a-w- c:\windows\system32\runouce.exe
2009-09-21 15:10 . 2009-09-21 15:10 -------- d---a-w- c:\windows\RUNDL132.EXE
2009-09-21 15:10 . 2009-09-21 15:10 -------- d---a-w- c:\windows\logo_1.exe
2009-09-21 15:04 . 2009-09-21 15:04 632064 ----a-w- c:\windows\system32\msvcr80.dll
2009-09-21 15:04 . 2009-09-21 15:04 554240 ----a-w- c:\windows\system32\msvcp80.dll
2009-09-21 15:04 . 2009-05-08 14:39 270472 ------w- c:\windows\system32\drivers\bdfsfltr.sys
2009-09-21 15:01 . 2009-07-30 22:51 125448 ----a-w- c:\windows\killproc.exe
2009-09-19 15:01 . 2009-09-19 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-14 17:00 . 2007-01-29 16:03 118784 ------w- c:\windows\system32\fppr232.dll
2009-09-14 17:00 . 2007-01-29 16:00 311296 ------w- c:\windows\system32\fppmon2.dll
2009-09-14 16:47 . 2009-09-14 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2009-09-14 16:47 . 2009-09-14 16:49 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2009-09-14 16:47 . 2009-09-14 16:49 249856 ----a-w- c:\windows\system32\pdfmona.dll
2009-09-14 16:47 . 2009-09-14 16:48 -------- d-----w- c:\program files\pdf995
2009-09-09 11:14 . 2006-06-28 09:54 49152 ----a-r- c:\windows\Domino.EXE
2009-09-09 11:14 . 2005-08-08 08:36 114688 ----a-r- c:\windows\VM305Cap.exe
2009-09-09 11:14 . 2006-06-28 09:39 49152 ----a-r- c:\windows\VMSnap5.EXE
2009-09-09 11:14 . 2005-05-03 07:51 176128 ----a-r- c:\windows\amcap.exe
2009-09-09 11:14 . 2005-08-05 10:36 81920 ----a-r- c:\windows\system32\VM305STI.dll
2009-09-09 11:14 . 2006-08-10 04:32 391737 ----a-r- c:\windows\system32\drivers\usbVM305.sys
2009-09-09 11:14 . 2008-04-14 00:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-09-09 11:14 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-09-08 19:47 . 2001-08-17 20:36 175104 -c--a-w- c:\windows\system32\dllcache\csamsp.dll
2009-09-08 19:47 . 2001-08-17 20:36 175104 ----a-w- c:\windows\system32\csamsp.dll
2009-09-08 19:47 . 2001-08-17 11:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2009-09-08 19:47 . 2001-08-17 11:57 16128 ----a-w- c:\windows\system32\drivers\MODEMCSA.sys
2009-09-08 19:40 . 2009-09-08 19:40 -------- d-----w- c:\windows\system32\drivers\SLDRV
2009-09-08 19:40 . 2005-05-10 10:54 77824 ----a-w- c:\windows\system32\slmdmco.dll
2009-09-08 19:40 . 2005-05-10 10:53 61440 ----a-w- c:\windows\system32\slmdmsr.exe
2009-09-08 19:40 . 2005-05-10 10:50 192512 ----a-w- c:\windows\system32\slmdmgx.dll
2009-09-08 19:40 . 2005-05-10 10:49 221184 ----a-w- c:\windows\system32\slmdmsp.dll
2009-09-08 19:29 . 2009-09-08 19:29 -------- d-----w- c:\documents and settings\Luxon\Local Settings\Application Data\Innovative Solutions
2009-09-08 19:29 . 2009-09-08 19:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Innovative Solutions
2009-09-08 19:29 . 2009-09-08 19:29 -------- d-----w- c:\program files\Innovative Solutions

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-29 15:33 . 2009-09-26 12:19 3920 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-09-29 14:57 . 2009-06-16 21:15 -------- d-----w- c:\documents and settings\Luxon\Application Data\.purple
2009-09-29 14:37 . 2009-06-17 15:07 -------- d-----w- c:\program files\Medjed-Skript v1.5 Black
2009-09-29 12:28 . 2009-08-01 12:31 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-09-29 10:20 . 2009-08-24 11:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-09-29 08:33 . 2009-09-26 12:19 28336 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-28 10:54 . 2009-06-16 21:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-28 10:42 . 2009-06-16 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-27 13:59 . 2009-06-16 20:17 -------- d-----w- c:\documents and settings\Luxon\Application Data\Skype
2009-09-27 13:32 . 2009-06-17 20:14 -------- d-----w- c:\documents and settings\Luxon\Application Data\skypePM
2009-09-27 09:02 . 2009-06-16 20:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-26 17:28 . 2009-07-11 12:14 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-09-26 17:28 . 2009-07-11 12:14 88 --sh--r- c:\documents and settings\All Users\Application Data\196C603409.sys
2009-09-26 17:17 . 2009-06-17 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-26 17:17 . 2009-06-17 16:27 -------- d-----w- c:\program files\Lavasoft
2009-09-26 14:56 . 2009-06-16 21:13 -------- d-----w- c:\program files\SpywareBlaster
2009-09-26 13:06 . 2008-01-29 16:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-09-26 12:16 . 2009-08-20 13:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-09-24 10:23 . 2009-09-21 15:02 -------- d-----w- c:\documents and settings\All Users\Application Data\MicroWorld
2009-09-21 15:11 . 2009-09-21 15:01 1124872 ----a-w- c:\windows\system32\contfilt.dll
2009-09-21 15:11 . 2009-09-21 15:01 178696 ----a-w- c:\windows\system32\mwnsp.dll
2009-09-21 15:11 . 2009-09-21 15:01 539144 ----a-w- c:\windows\system32\mwtsp.dll
2009-09-21 15:02 . 2009-09-21 15:02 -------- d-----w- c:\documents and settings\Luxon\Application Data\MicroWorld
2009-09-21 15:02 . 2009-09-21 15:01 -------- d-----w- c:\program files\Common Files\MicroWorld
2009-09-21 15:02 . 2009-09-21 15:02 105944 ----a-w- c:\windows\winsbak2.reg
2009-09-08 15:23 . 2009-07-12 23:31 -------- d-----w- c:\documents and settings\Luxon\Application Data\gtk-2.0
2009-08-30 14:40 . 2009-08-30 14:40 -------- d-----w- c:\program files\Common Files\Vbox
2009-08-28 11:26 . 2009-08-28 11:20 -------- d-----w- c:\program files\Wise Registry Cleaner
2009-08-26 16:32 . 2009-08-26 16:32 -------- d-----w- c:\program files\Microsoft Virtual PC
2009-08-24 19:24 . 2009-08-24 18:59 -------- d-----w- c:\program files\Google
2009-08-23 14:20 . 2009-08-23 14:20 -------- d-----w- c:\program files\Free WMV to AVI MPEG Converter
2009-08-23 14:03 . 2009-08-05 19:56 -------- d-----w- c:\program files\Free Video Converter
2009-08-23 14:03 . 2009-06-16 22:11 20328 ----a-w- c:\documents and settings\Luxon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-22 14:27 . 2009-08-09 21:56 -------- d-----w- c:\program files\ApexDC++
2009-08-21 17:06 . 2009-08-20 23:05 -------- d-----w- c:\program files\fastcall
2009-08-20 22:30 . 2009-08-20 22:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-08-20 22:28 . 2009-08-20 22:28 -------- d-----w- c:\program files\Yahoo!
2009-08-20 22:21 . 2009-08-20 21:47 -------- d-----w- c:\documents and settings\Luxon\Application Data\FreeCall
2009-08-20 21:42 . 2009-08-20 21:01 -------- d-----w- c:\documents and settings\Luxon\Application Data\VoipBuster
2009-08-20 15:14 . 2009-08-20 15:14 -------- d-----w- c:\documents and settings\Luxon\Application Data\Sony Ericsson
2009-08-20 15:14 . 2009-08-20 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Ericsson
2009-08-20 13:24 . 2009-08-19 14:50 -------- d-----w- c:\program files\COMODO
2009-08-20 10:32 . 2009-08-19 15:56 280016 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-08-19 15:56 . 2009-06-16 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-08-19 11:30 . 2009-08-19 11:30 -------- d-----w- c:\program files\Alcohol Soft
2009-08-19 11:29 . 2009-08-14 15:06 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2009-08-19 11:29 . 2009-08-15 13:14 -------- d-----w- c:\program files\IRCXpro
2009-08-19 11:29 . 2009-08-16 13:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-08-17 21:38 . 2009-06-16 19:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-16 13:24 . 2009-08-16 13:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-08-16 13:24 . 2009-08-16 13:24 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-08-14 13:42 . 2009-08-02 10:15 -------- d-----w- c:\documents and settings\Luxon\Application Data\Download Manager
2009-08-12 22:48 . 2009-08-09 19:37 20328 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-08-09 19:22 . 2009-08-09 19:22 -------- d-----w- c:\program files\Torbutton
2009-08-07 22:58 . 2009-08-07 22:58 -------- d-----w- c:\program files\MSBuild
2009-08-07 22:58 . 2009-08-07 22:58 -------- d-----w- c:\program files\Reference Assemblies
2009-08-07 08:32 . 2009-08-24 17:28 1076 ----a-w- c:\windows\GenuineXP.reg
2009-08-06 22:26 . 2009-08-06 22:26 -------- d-----w- c:\program files\avijoin
2009-08-05 20:35 . 2009-08-05 20:35 -------- d-----w- c:\program files\URUSoft
2009-08-05 14:23 . 2009-07-25 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-08-05 12:42 . 2009-08-05 12:32 -------- d-----w- c:\documents and settings\Luxon\Application Data\Ahead
2009-08-05 12:36 . 2009-08-05 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2009-08-05 12:34 . 2009-08-05 12:34 -------- d-----w- c:\program files\Common Files\LightScribe
2009-08-05 12:34 . 2009-08-05 12:29 -------- d-----w- c:\program files\Common Files\Ahead
2009-08-05 12:29 . 2009-08-05 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-08-05 12:29 . 2009-08-05 12:29 -------- d-----w- c:\program files\Nero
2009-08-05 11:11 . 2009-06-16 20:34 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 09:01 . 2004-08-04 01:07 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 10:19 . 2009-08-02 10:19 -------- d-----w- c:\program files\YouTube Downloader
2009-08-01 21:20 . 2009-08-01 21:20 -------- d-----w- c:\program files\Common Files\xing shared
2009-08-01 21:20 . 2009-08-01 21:20 -------- d-----w- c:\program files\Common Files\Real
2009-08-01 21:20 . 2003-03-18 18:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-08-01 21:20 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-08-01 21:20 . 2009-08-01 21:20 -------- d-----w- c:\program files\Real
2009-08-01 18:28 . 2009-08-01 18:28 -------- d-----w- c:\program files\MSXML 4.0
2009-08-01 14:01 . 2009-08-01 13:43 -------- d-----w- c:\documents and settings\Luxon\Application Data\TeamViewer
2009-08-01 13:43 . 2009-08-01 13:43 -------- d-----w- c:\program files\TeamViewer
2009-08-01 12:40 . 2009-08-01 12:40 -------- d-----w- c:\program files\Microsoft
2009-08-01 12:40 . 2009-08-01 12:40 -------- d-----w- c:\program files\Windows Live
2009-08-01 12:40 . 2009-08-01 12:40 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-08-01 12:31 . 2009-08-01 12:31 -------- d-----w- c:\documents and settings\Luxon\Application Data\Thunderbird
2009-08-01 12:28 . 2009-08-01 12:28 -------- d-----w- c:\program files\Common Files\Windows Live
2009-07-30 23:01 . 2009-09-21 15:01 182792 ----a-w- c:\windows\system32\BACKUP.16677845.mwnsp.dll
2009-07-30 23:00 . 2009-09-21 15:01 1124872 ----a-w- c:\windows\system32\BACKUP.10122138.contfilt.dll
2009-07-30 22:52 . 2009-09-21 15:01 543240 ----a-w- c:\windows\system32\BACKUP.47394011.mwtsp.dll
2009-07-30 22:52 . 2009-09-21 15:01 237576 ----a-w- c:\windows\inst_tspx.exe
2009-07-30 22:52 . 2009-09-21 15:01 178696 ----a-w- c:\windows\inst_tsp.exe
2009-07-30 18:17 . 2009-07-30 18:18 410976 ----a-w- c:\windows\system32\deploytk.dll
2009-07-30 17:51 . 2009-07-30 17:51 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-07-30 17:51 . 2009-07-30 17:51 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-07-27 11:42 . 2009-07-27 11:42 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-25 14:20 . 2009-07-25 14:20 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-17 19:01 . 2004-08-04 01:07 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-15 17:09 . 2009-09-21 15:01 135936 ----a-w- c:\windows\system32\ZIPDLL.DLL
2009-07-15 17:08 . 2009-09-21 15:01 130816 ----a-w- c:\windows\system32\UNZDLL.DLL
2009-07-15 17:08 . 2009-09-21 15:01 13840 ----a-w- c:\windows\system32\sporder.dll
2009-07-15 17:08 . 2009-09-21 15:01 13840 ----a-w- c:\windows\sporder.dll
2009-07-15 09:48 . 2009-07-30 17:51 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2009-07-13 21:43 . 2004-08-04 01:07 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-04 01:07 915456 ------w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-09-26 208616]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-27 7184384]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-07-22 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LoginPrompt"= 94988A829E818C9B848C94988ADDDE

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKLM\~\startupfolder\C:^Documents and Settings^Luxon^Start Menu^Programs^Startup^BitTorrent Turbo Accelerator.lnk]
path=c:\documents and settings\Luxon\Start Menu\Programs\Startup\BitTorrent Turbo Accelerator.lnk
backup=c:\windows\pss\BitTorrent Turbo Accelerator.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog305
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Medjed-Skript v1.5 Black\\mirc.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\PROGRA~1\\COMMON~1\\MICROW~1\\Agent\\MWAGENT.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 6:29 PM 33808]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 11:42 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 74480]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 7:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 6:06 PM 24592]
R3 SbieDrv;SbieDrv;c:\program files\Sandboxie\SbieDrv.sys [5/28/2009 3:32 PM 108032]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [7/30/2009 7:51 PM 604488]
S3 econceal;MicroWorld Technologies Network Service;c:\windows\system32\DRIVERS\econceal.sys --> c:\windows\system32\DRIVERS\econceal.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 7408]
S3 ZSMC0305;Vimicro USB PC Camera (VC0305);c:\windows\system32\drivers\usbVM305.sys [9/9/2009 1:14 PM 391737]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PGFILTER
*NewlyCreated* - PXTDAPOB
*Deregistered* - pxtdapob

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
IE: &Clean Traces
IE: &Download with &DAP
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Download &all with DAP
LSP: c:\progra~1\SPEEDB~1\sblsp.dll
FF - ProfilePath - c:\documents and settings\Luxon\Application Data\Mozilla\Firefox\Profiles\bjeykgh2.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

BHO-{FF6C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-29 17:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1229272821-1482476501-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FD711827-7373-FF5C-AB83-18E4E4C97ED3}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iakfmjkambomibpkfj"=hex:6b,61,6e,66,6e,68,68,69,69,63,70,68,70,6f,66,6c,69,61,
64,67,67,6b,00,00
"jakgaegpjddjgogcdmee"=hex:62,61,6d,61,00,00
"jakgaegpjddjgogcdmie"=hex:62,61,66,61,00,00
"haegojmeebjolijd"=hex:6b,61,6e,66,6e,68,68,69,69,63,70,68,70,6f,66,6c,69,61,
64,67,67,6b,00,00
"iaegojjjmdknddbean"=hex:68,61,6a,66,63,6b,6e,61,70,6e,61,6c,6f,61,6c,64,00,21
"haodeenkdmkpbklg"=hex:61,61,00,7c
"jalgjdfnpedbbaflenln"=hex:61,61,00,7c
"jabglllgdfhclieckgng"=hex:62,61,61,67,00,e6
"baie"=hex:63,61,6d,61,70,68,00,00
"bafe"=hex:63,61,6a,61,61,6a,00,00
"caldog"=hex:64,61,66,61,63,64,69,67,00,7d
"caldng"=hex:64,61,6b,61,68,63,6c,70,00,7d
"ialedbiopaiglfmaal"=hex:65,61,6e,66,70,68,6c,68,6c,61,00,77
"ialedbiopaiglfmabl"=hex:64,61,68,61,67,6a,6b,68,00,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FD711827-7373-FF5C-AB83-18E4E4C97ED3}\InProcServer32*]
"jaahagonobicmdgehilk"=hex:63,61,63,67,6f,6b,00,77

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1356)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(1292)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\ADFSMenu.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\BIB.dll
c:\windows\system32\nvcpl.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2009-09-29 17:42
ComboFix-quarantined-files.txt 2009-09-29 15:42

Pre-Run: 14,375,190,528 bytes free
Post-Run: 14,334,545,920 bytes free

351 --- E O F --- 2009-09-26 13:29


I jos nesto....Zasto mene bilo ko napada? :S Primetio sam da su dve ip iz moje drzave...Da li da ih prijavim provajderu?

Poslao: 29 Sep 2009 18:20
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Otvoriti Notepad i iskopirati sledeci tekst:

Folder::
c:\windows\rundll16.exe
c:\windows\logo1_.exe
c:\windows\VDLL.DLL
c:\windows\system32\runouce.exe
c:\windows\RUNDL132.EXE
c:\windows\logo_1.exe

Dirlook::
c:\windows\MsTemp


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Citat: I jos nesto....Zasto mene bilo ko napada? :S Primetio sam da su dve ip iz moje drzave...Da li da ih prijavim provajderu?


c:\program files\ApexDC++
c:\program files\BitTorrent
c:\program files\uTorrent


Btw..odluci se za jedan antivirus i firewall

Ovde vidim gomilu tragova drugih antivirusa..

Poslao: 29 Sep 2009 21:00
Idi na vrh
offline
  • Pridružio: 06 Jan 2009
  • Poruke: 265

Hvala ti Smile A sta da ti kazem...Testirao sam sve i svasta Smile

Poslao: 29 Sep 2009 21:12
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Citat:Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.


Gde je Smile

Poslao: 30 Sep 2009 19:08
Idi na vrh
offline
  • Pridružio: 06 Jan 2009
  • Poruke: 265

Napisano: 30 Sep 2009 18:49

Posto sam vec prikacio logove... Mozda je najbolje ovde da pitam jos nesto...

C:\ZZZZZZZZZZZ\ZZZZZ\ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ\ZZZZZZZZZ.Z.Z\ZZZZZZZZZZ\ZZZ\ZZZZZZZZZZ.ZZZZZ\ZZZZZ\ZZZZZZZZZZZZ\ZZZZZ\ZZZZZZZZ\ZZZ.ZZZ.ZZZZ.ZZZZ.ZZZZZZZZZZ.ZZZZZZZZZZZZZ.ZZZZZZZZZZZZZZZZZZZZZZ\ZZZZZZZZ\ZZZZ\ZZZ\openoffice

Krajnji folder ne moze da se obrise... :S Ko zna sta je u njemu...Sta da radim?:S

Dopuna: 30 Sep 2009 19:08

Evo najnovijeg loga Smile Nazalost sam onaj koji je koristio ovu scriptu obrisao, medjutim video sam, da je obrisao ove fajlove sto ste u scripti stavili da brise. Izvinite .

https://www.mycity.rs/must-login.png

Poslao: 30 Sep 2009 19:16
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Taj folder probaj obrisati sa ovim programom

http://ccollomb.free.fr/unlocker/unlocker1.8.7.exe

Sacekaj neko vreme pa javi ima li jos napada i kakvo je opste stanje sistema.

Poslao: 30 Sep 2009 19:50
Idi na vrh
offline
  • Pridružio: 06 Jan 2009
  • Poruke: 265

HVala, obrisao sam. Eh sad....Napadi nisu toliko ucestali, mada uvek kada prijavi to su napadi na 135 port i 1434.Za port 1434 nije problem. jer izgleda je to port za sql servere, ali ne znam za ovaj 135 kakva je situacija...Mada, ima i nekoliko false alarma kad sam hteo online scan da proverim takodje Smile
https://www.mycity.rs/must-login.png

Poslao: 02 Okt 2009 12:56
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

http://forum.kaspersky.com/lofiversion/index.php/t88430.html

Dalje..uradi update windowsa

http://windowsupdate.microsoft.com/

dalje

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

combofix /u

Primeti da postoji razmak između "ComboFix" i "/u".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.

to je to..pozzz

MyCity » Ambulanta -> Arhiva Ambulante » KIS 2009 firewall cesto obavestava o napadu....

Ko je trenutno na forumu
 

Ukupno su 852 korisnika na forumu :: 61 registrovanih, 5 sakrivenih i 786 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., aleksmajstor, AleksSE, bankulen, bokisha253, Boris90, cavatina, comi_pfc, Dimitrise93, doktor123, doktor1964, dragoljub11987, dulleo, Gargantua, Grah0, havoc995, HogarStrashni, ivan979, Karla, Klecaviks, kokodakalo, Koridor, Krusarac, Krvava Devetka, Kubovac, lord sir giga, mile23, milenko crazy north, mnn2, mrvica78, nenooo, opt1, Petarvu, pirke96, proka89, Rogonos, Romibrat, ruma, Sale.S, samsung, sevenino, Sirius, SlaKoj, SR-3m, Srky Boy, StepskiVuk, strelac07, suton, t84dar, taz1cl, trutcina, tubular, Tvrtko I, uros, uruk, Vatreni Zmaj, Webb, Čivi, 125, 79693