Nepoznati procesi, Bad image exe-i itd

Nepoznati procesi, Bad image exe-i itd

offline
  • Pridružio: 15 Jan 2011
  • Poruke: 4
  • Gde živiš: Bijeljina

Pozdrav,
Vec duze vreme imam problema sa racunarom, prvo je usporio, zatim se pocele pojavljivati neke dial up konekcije i zatim nisam uopste mogla dici sistem.
Uspjela sam uci u safe mod i pokazalo se da avast (tacnije posle produzenja licence i najnovijeg updatea, nije se mogao dici sistem) pravi problem i njegovim brisanjem uspela sam dici sistem. Ali nekad jednostavno cim se ulogujem resetuje se racunar, a nekad i posle duzeg rada.
Uglavnom u task menager-u vidjela sam neke procese koji tu prije nisu bili.
Koristila sam avast, malwarebytes i cc cleaner.
Takodje imam i nekoliko zarazenih usb-ova koji mi prave problem.
Zahvaljujem se unapred na pomoci.
Evo logova.


DDS (Ver_10-12-12.02) - NTFSx86
Run by User at 17:09:59,06 on sub 22.01.2011
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.767.526 [GMT 1:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\nadool.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ovislink\Common\TurboG-UI.exe
C:\WINDOWS\system32\vouhyg.exe
C:\WINDOWS\system32\coucykerou.exe
svchost.exe
C:\WINDOWS\system32\foofowi.exe
C:\WINDOWS\TEMP\gmgodo19A0154A.tmp
C:\WINDOWS\TEMP\go1B4EB371.tmp
C:\DOCUME~1\User\LOCALS~1\Temp\gmgodo19A0154A.tmp
C:\DOCUME~1\User\LOCALS~1\Temp\gmgodo19A0154A.tmp
C:\DOCUME~1\User\LOCALS~1\Temp\go1B4EB371.tmp
C:\DOCUME~1\User\LOCALS~1\Temp\go1B4EB371.tmp
C:\DOCUME~1\User\LOCALS~1\Temp\pxvdmdohwrnf037A5265.tmp
C:\DOCUME~1\User\LOCALS~1\Temp\zhrxn0194F45E.tmp
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2124320
uSearch Bar = hxxp://search.bearshare.com/sidebar.html?src=ssb
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKman000&fl=0&ptb=.IyBejtO0LB4z.acBoa1EQ&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
uInternet Connection Wizard,ShellNext = iexplore
mWinlogon: Userinit=c:\windows\system32\userinit.exe
mWinlogon: Taskman=c:\documents and settings\user\application data\juzjf.exe
uWinlogon: Shell=c:\recycler\s-1-5-21-3452635147-3726938487-066082052-3088\yv8g67.exe,c:\documents and settings\user\application data\nsvb.exe,explorer.exe,c:\documents and settings\user\application data\juzjf.exe
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSConfig] c:\documents and settings\user\oionrul.exe \u
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [baressut] c:\windows\system32\foofowi.exe
mRun: [vageg] c:\windows\system32\vouhyg.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [vageg] c:\documents and settings\localservice\application data\microsoft\coucykerou.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\00zbyud.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\01niqlr.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\0rtqspr.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\1brgynl.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\1lgywtl.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\1rluoxr.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\1rtwcjn.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\1zasbvd.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\55iajdm.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\56cnxit.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\5gqbmgz.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\5qurtqs.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\5sedlgy.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\6ebdacz.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\aidz001hui.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\arbm01xlao.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\auwzq00vr.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\bbicrzt0.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\bjycc55uq.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\bvksnly00.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\c55swvzjokt.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\canrlkm55.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\dlwmpl00.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\ed56ebdaczb.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\egjfmc55.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\fxluixhg.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\fziclfoi.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\g01nsktnwqy.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\gopvgkhj.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\grbmwhs0.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\hof56izfio.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\hpmojxga.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\ht01tnwutpi.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\idfcud56s.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\igbn001xg.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\irpiabr0.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\je01fzowtzo.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\k556sldrakp.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\khj00flcqz.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\kntuqjju.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\le01zkufpal.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\lgo55uubby.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\lpq01pysav.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\m56ilhemavl.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\midfcud5.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\milhkgj5.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\mntykhlq.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\npsp56gtrz.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\nuixhg01n.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\nwqy55wezh.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\o55qmpvwyvx.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\p001dxgupre.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\pbgaj56wkt.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\peolh001v.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\qaflscgd.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\rawtlkg5.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\ruqt5sorlq.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\rzu01daczlf.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\surtqs55o.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\toi56uohve.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\tuimtaog.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\u0npsurtqs5.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\viyhs00jr.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\vokd56oirl.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\voo55owtle.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\vqsvruqt.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\wezh001rcm.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\whr00jxwoh.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\wo55audxgai.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\wsbl00flcq.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\wxd001bpye.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\x56yvxuwtvs.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\xaqblwg5.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\xrzuc556w.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\y01lpmolnog.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\ybn00vbwof.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\yirtqgbh.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\ynp00fbead.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\zfaiifh0.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\zhgi56uoh.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\zt01pembrqm.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\airliv~1.lnk - c:\program files\ovislink\common\TurboG-UI.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC}
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5}
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1223056243652
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {2B0F3E87-2761-4409-B3CE-EE706ABD059C} = 79.143.173.161 79.143.172.3
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - c:\windows\system32\textwareilluminatorbaseProtocol.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\hngiuscv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2321365&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ZaMRadio Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

============= SERVICES / DRIVERS ===============

R0 byocclmt;byocclmt;c:\windows\system32\drivers\byocclmt.sys [2011-1-10 40128]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-2-15 54752]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2003-7-8 585728]
S0 tklpi;tklpi;c:\windows\system32\drivers\ejdjisu.sys --> c:\windows\system32\drivers\ejdjisu.sys [?]
S2 q5ymg2u2;Ati HotKey Poller;c:\windows\system32\nadool.exe [2011-1-22 229888]
S2 tekuaeelug;BsHelpCS;c:\windows\system32\sakouvoo.exe [2011-1-22 229888]
S3 cpuz132;cpuz132;\??\c:\docume~1\user\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\user\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 fsssvc;Windows Live Family Safety Service;"c:\program files\windows live\family safety\fsssvc.exe" --> c:\program files\windows live\family safety\fsssvc.exe [?]
S3 gkmixern;gkmixern;\??\c:\docume~1\user\locals~1\temp\gkmixern.sys --> c:\docume~1\user\locals~1\temp\gkmixern.sys [?]

=============== Created Last 30 ================

2011-01-22 11:34:09 229888 ----a-w- c:\windows\system32\nadool.exe
2011-01-22 11:29:06 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlcB.tmp
2011-01-22 10:55:13 229888 ----a-w- c:\windows\system32\sakouvoo.exe
2011-01-22 10:50:22 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlc22.tmp
2011-01-22 10:40:30 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlc1B.tmp
2011-01-19 11:37:06 739840 ----a-w- c:\windows\system32\drivers\boxtcblcx.sys
2011-01-16 19:17:31 151040 --sh--r- c:\docume~1\user\applic~1\nsvb.exe
2011-01-12 16:15:07 229888 ----a-w- c:\windows\system32\foofowi.exe
2011-01-11 21:30:15 18944 ---ha-w- c:\documents and settings\user\oionrul.exe
2011-01-11 21:30:04 229888 ----a-w- c:\windows\system32\vouhyg.exe
2011-01-10 22:41:47 40128 ----a-w- c:\windows\system32\drivers\byocclmt.sys
2011-01-10 21:26:00 18944 ---ha-w- c:\documents and settings\user\rjs.exe
2011-01-10 21:25:33 229888 ----a-w- c:\windows\system32\coucykerou.exe
2011-01-10 21:24:31 113152 --sh--r- c:\docume~1\user\applic~1\juzjf.exe

==================== Find3M ====================


============= FINISH: 17:10:50,49 ===============

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Zdravo,

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 15 Jan 2011
  • Poruke: 4
  • Gde živiš: Bijeljina

Izvinite sto kasnim, nije hteo da se pokrene u normalnom radu ostavila sam ga sat vremena ali nije mogao da se pokrene pa sam odradila iz safe moda, nadam se da nisam pogresila. Evo loga

ComboFix 11-01-22.01 - User 22.01.2011 21:27:23.1.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.767.623 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\User\Application Data\juzjf.exe
c:\documents and settings\User\Application Data\nsvb.exe
c:\documents and settings\User\Local Settings\Application Data\3098567375.dll
c:\documents and settings\User\Local Settings\Application Data\av.exe
c:\documents and settings\User\Local Settings\Application Data\ave.exe
c:\documents and settings\User\oionrul.exe
c:\documents and settings\User\rjs.exe
c:\documents and settings\User\secupdat.dat
c:\recycler\S-1-5-21-3452635147-3726938487-066082052-3088\yv8g67.exe
c:\windows\system32\Drivers\byocclmt.sys
c:\windows\system32\secupdat.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSUPDATE
-------\Legacy_byocclmt
-------\Service_byocclmt


((((((((((((((((((((((((( Files Created from 2010-12-22 to 2011-01-22 )))))))))))))))))))))))))))))))
.

2011-01-22 11:29 . 2011-01-22 11:29 83249512 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlcB.tmp
2011-01-22 10:55 . 2011-01-22 11:33 229888 ----a-w- c:\windows\system32\sakouvoo.exe
2011-01-22 10:50 . 2011-01-22 10:50 83249512 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlc22.tmp
2011-01-22 10:40 . 2011-01-22 10:41 83249512 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlc1B.tmp
2011-01-19 11:37 . 2011-01-22 20:35 739840 ----a-w- c:\windows\system32\drivers\boxtcblcx.sys
2011-01-12 16:15 . 2011-01-22 16:04 229888 ----a-w- c:\windows\system32\foofowi.exe
2011-01-11 21:30 . 2011-01-22 12:51 229888 ----a-w- c:\windows\system32\vouhyg.exe
2011-01-10 21:25 . 2011-01-22 11:33 229888 ----a-w- c:\windows\system32\coucykerou.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-04-23 3756032]
"nwiz"="nwiz.exe" [2004-04-23 831488]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2004-04-23 46080]
"SoundMan"="SOUNDMAN.EXE" [2004-05-14 67072]
"baressut"="c:\windows\system32\foofowi.exe" [2011-01-22 229888]
"vageg"="c:\windows\system32\coucykerou.exe" [2011-01-22 229888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\User\Start Menu\Programs\Startup\
00zbyud.exe [2011-1-21 42496]
01niqlr.exe [2011-1-21 42496]
0rtqspr.exe [2011-1-20 43008]
1brgynl.exe [2011-1-20 43008]
1lgywtl.exe [2011-1-20 43008]
1rluoxr.exe [2011-1-13 43008]
1rtwcjn.exe [2011-1-12 43008]
1zasbvd.exe [2011-1-13 43008]
55iajdm.exe [2011-1-22 42496]
56cnxit.exe [2011-1-22 43008]
5gqbmgz.exe [2011-1-20 43008]
5qurtqs.exe [2011-1-11 42496]
5sedlgy.exe [2011-1-21 43008]
6ebdacz.exe [2011-1-17 42496]
aidz001hui.exe [2011-1-19 42496]
arbm01xlao.exe [2011-1-12 42496]
auwzq00vr.exe [2011-1-12 43008]
bbicrzt0.exe [2011-1-22 43008]
bjycc55uq.exe [2011-1-12 43008]
bvksnly00.exe [2011-1-22 42496]
c55swvzjokt.exe [2011-1-12 42496]
canrlkm55.exe [2011-1-12 42496]
dlwmpl00.exe [2011-1-22 43008]
ed56ebdaczb.exe [2011-1-17 43008]
egjfmc55.exe [2011-1-22 43008]
fxluixhg.exe [2011-1-21 43008]
fziclfoi.exe [2011-1-22 43008]
g01nsktnwqy.exe [2011-1-18 43008]
gopvgkhj.exe [2011-1-22 42496]
grbmwhs0.exe [2011-1-22 42496]
hof56izfio.exe [2011-1-19 42496]
hpmojxga.exe [2011-1-12 43008]
ht01tnwutpi.exe [2011-1-19 43008]
idfcud56s.exe [2011-1-19 43008]
igbn001xg.exe [2011-1-21 43008]
irpiabr0.exe [2011-1-22 43008]
je01fzowtzo.exe [2011-1-21 42496]
k556sldrakp.exe [2011-1-21 43008]
khj00flcqz.exe [2011-1-18 43008]
kntuqjju.exe [2011-1-21 42496]
le01zkufpal.exe [2011-1-12 43008]
lgo55uubby.exe [2011-1-19 42496]
lpq01pysav.exe [2011-1-18 43008]
m56ilhemavl.exe [2011-1-20 42496]
midfcud5.exe [2011-1-19 43008]
milhkgj5.exe [2011-1-20 42496]
mntykhlq.exe [2011-1-21 43008]
npsp56gtrz.exe [2011-1-15 43008]
nuixhg01n.exe [2011-1-21 42496]
nwqy55wezh.exe [2011-1-18 42496]
o55qmpvwyvx.exe [2011-1-22 43008]
p001dxgupre.exe [2011-1-18 43008]
pbgaj56wkt.exe [2011-1-12 43008]
peolh001v.exe [2011-1-22 42496]
qaflscgd.exe [2011-1-22 43008]
rawtlkg5.exe [2011-1-20 42496]
ruqt5sorlq.exe [2011-1-13 42496]
rzu01daczlf.exe [2011-1-21 43008]
surtqs55o.exe [2011-1-13 42496]
toi56uohve.exe [2011-1-15 42496]
tuimtaog.exe [2011-1-19 43008]
u0npsurtqs5.exe [2011-1-12 42496]
viyhs00jr.exe [2011-1-21 43008]
vokd56oirl.exe [2011-1-20 43008]
voo55owtle.exe [2011-1-19 43008]
vqsvruqt.exe [2011-1-13 43008]
wezh001rcm.exe [2011-1-22 43008]
whr00jxwoh.exe [2011-1-14 42496]
wo55audxgai.exe [2011-1-17 43008]
wsbl00flcq.exe [2011-1-18 42496]
wxd001bpye.exe [2011-1-14 43008]
x56yvxuwtvs.exe [2011-1-11 43008]
xaqblwg5.exe [2011-1-13 43008]
xrzuc556w.exe [2011-1-11 43008]
y01lpmolnog.exe [2011-1-15 43008]
ybn00vbwof.exe [2011-1-14 43008]
yirtqgbh.exe [2011-1-21 43008]
ynp00fbead.exe [2011-1-20 43008]
zfaiifh0.exe [2011-1-19 43008]
zhgi56uoh.exe [2011-1-15 43008]
zt01pembrqm.exe [2011-1-22 43008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AirLive Turbo-G Wireless Utility.lnk - c:\program files\Ovislink\Common\TurboG-UI.exe [2008-8-9 614400]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Multimedia keyboard driver.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Multimedia keyboard driver.lnk
backup=c:\windows\pss\Multimedia keyboard driver.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^5knns01.exe]
path=c:\documents and settings\User\Start Menu\Programs\Startup\5knns01.exe
backup=c:\windows\pss\5knns01.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^ebtedm03.exe]
path=c:\documents and settings\User\Start Menu\Programs\Startup\ebtedm03.exe
backup=c:\windows\pss\ebtedm03.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^euz5mcratj.exe]
path=c:\documents and settings\User\Start Menu\Programs\Startup\euz5mcratj.exe
backup=c:\windows\pss\euz5mcratj.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
c:\documents and settings\User\rjs.exe \u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\baressut]
2011-01-22 12:51 229888 ----a-w- c:\windows\system32\vouhyg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Barsaka]
2008-04-14 03:42 1033728 ----a-w- c:\windows\explorer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:42 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor]
2006-11-03 09:01 319488 ----a-w- c:\windows\PixArt\PAC7302\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-11-22 23:45 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vageg]
2011-01-22 12:51 229888 ----a-w- c:\windows\system32\coucykerou.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\Msmsgs.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S0 tklpi;tklpi;c:\windows\system32\drivers\ejdjisu.sys --> c:\windows\system32\drivers\ejdjisu.sys [?]
S2 q5ymg2u2;Ati HotKey Poller;c:\windows\system32\nadool.exe --> c:\windows\system32\nadool.exe [?]
S2 tekuaeelug;BsHelpCS;c:\windows\system32\sakouvoo.exe [22.1.2011 11:55 229888]
S3 gkmixern;gkmixern;\??\c:\docume~1\User\LOCALS~1\Temp\gkmixern.sys --> c:\docume~1\User\LOCALS~1\Temp\gkmixern.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - boxtcblcx
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2124320
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKman000&fl=0&ptb=.IyBejtO0LB4z.acBoa1EQ&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\hngiuscv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2321365&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ZaMRadio Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 2
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-byocclmt.sys
MSConfigStartUp-avast! - c:\progra~1\ALWILS~1\Avast4\ashDisp.exe
MSConfigStartUp-ISTray - c:\program files\Spyware Doctor\pctsTray.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-My Web Search Bar - c:\progra~1\MYWEBS~1\bar\4.bin\MWSBAR.DLL
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
MSConfigStartUp-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\4.bin\M3PLUGIN.DLL
MSConfigStartUp-WinampAgent - c:\documents and settings\User\My Documents\Natasa\IGRICE\Winamp\winampa.exe
AddRemove-HijackThis - c:\program files\Trend Micro\lala\HijackThis.exe
AddRemove-Tarzan Action Game - c:\progra~1\DISNEY~1\TARZAN~1\DeIsL1.isu
AddRemove-{98E8A2EF-4EAE-43B8-A172-74842B764777} - c:\program files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2011-01-22 21:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\boxtcblcx]

.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\System32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
.
**************************************************************************
.
Completion time: 2011-01-22 21:40:52 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-22 20:40

Pre-Run: 12.058.583.040 bytes free
Post-Run: 12.269.379.584 bytes free

- - End Of File - - C9ACF800F25C392C1D3C58FFB7492C8C

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Otvoriti Notepad i iskopirati sledeci tekst:

KillAll::

File::
c:\program files\Common Files\Windows Live\.cache\wlcB.tmp
c:\windows\system32\sakouvoo.exe
c:\program files\Common Files\Windows Live\.cache\wlc22.tmp
c:\program files\Common Files\Windows Live\.cache\wlc1B.tmp
c:\windows\system32\drivers\boxtcblcx.sys
c:\windows\system32\foofowi.exe
c:\windows\system32\vouhyg.exe
c:\windows\system32\coucykerou.exe
c:\documents and settings\User\Start Menu\Programs\Startup\00zbyud.exe
c:\documents and settings\User\Start Menu\Programs\Startup\01niqlr.exe
c:\documents and settings\User\Start Menu\Programs\Startup\0rtqspr.exe
c:\documents and settings\User\Start Menu\Programs\Startup\1brgynl.exe
c:\documents and settings\User\Start Menu\Programs\Startup\1lgywtl.exe
c:\documents and settings\User\Start Menu\Programs\Startup\1rluoxr.exe
c:\documents and settings\User\Start Menu\Programs\Startup\1rtwcjn.exe
c:\documents and settings\User\Start Menu\Programs\Startup\1zasbvd.exe
c:\documents and settings\User\Start Menu\Programs\Startup\55iajdm.exe
c:\documents and settings\User\Start Menu\Programs\Startup\56cnxit.exe
c:\documents and settings\User\Start Menu\Programs\Startup\5gqbmgz.exe
c:\documents and settings\User\Start Menu\Programs\Startup\5qurtqs.exe
c:\documents and settings\User\Start Menu\Programs\Startup\5sedlgy.exe
c:\documents and settings\User\Start Menu\Programs\Startup\6ebdacz.exe
c:\documents and settings\User\Start Menu\Programs\Startup\aidz001hui.exe
c:\documents and settings\User\Start Menu\Programs\Startup\arbm01xlao.exe
c:\documents and settings\User\Start Menu\Programs\Startup\auwzq00vr.exe
c:\documents and settings\User\Start Menu\Programs\Startup\bbicrzt0.exe
c:\documents and settings\User\Start Menu\Programs\Startup\bjycc55uq.exe
c:\documents and settings\User\Start Menu\Programs\Startup\bvksnly00.exe
c:\documents and settings\User\Start Menu\Programs\Startup\c55swvzjokt.exe
c:\documents and settings\User\Start Menu\Programs\Startup\canrlkm55.exe
c:\documents and settings\User\Start Menu\Programs\Startup\dlwmpl00.exe
c:\documents and settings\User\Start Menu\Programs\Startup\ed56ebdaczb.exe
c:\documents and settings\User\Start Menu\Programs\Startup\egjfmc55.exe
c:\documents and settings\User\Start Menu\Programs\Startup\fxluixhg.exe
c:\documents and settings\User\Start Menu\Programs\Startup\fziclfoi.exe
c:\documents and settings\User\Start Menu\Programs\Startup\g01nsktnwqy.exe
c:\documents and settings\User\Start Menu\Programs\Startup\gopvgkhj.exe
c:\documents and settings\User\Start Menu\Programs\Startup\grbmwhs0.exe
c:\documents and settings\User\Start Menu\Programs\Startup\hof56izfio.exe
c:\documents and settings\User\Start Menu\Programs\Startup\hpmojxga.exe
c:\documents and settings\User\Start Menu\Programs\Startup\ht01tnwutpi.exe
c:\documents and settings\User\Start Menu\Programs\Startup\idfcud56s.exe
c:\documents and settings\User\Start Menu\Programs\Startup\igbn001xg.exe
c:\documents and settings\User\Start Menu\Programs\Startup\irpiabr0.exe
c:\documents and settings\User\Start Menu\Programs\Startup\je01fzowtzo.exe
c:\documents and settings\User\Start Menu\Programs\Startup\k556sldrakp.exe
c:\documents and settings\User\Start Menu\Programs\Startup\khj00flcqz.exe
c:\documents and settings\User\Start Menu\Programs\Startup\kntuqjju.exe
c:\documents and settings\User\Start Menu\Programs\Startup\le01zkufpal.exe
c:\documents and settings\User\Start Menu\Programs\Startup\lgo55uubby.exe
c:\documents and settings\User\Start Menu\Programs\Startup\lpq01pysav.exe
c:\documents and settings\User\Start Menu\Programs\Startup\m56ilhemavl.exe
c:\documents and settings\User\Start Menu\Programs\Startup\midfcud5.exe
c:\documents and settings\User\Start Menu\Programs\Startup\milhkgj5.exe
c:\documents and settings\User\Start Menu\Programs\Startup\mntykhlq.exe
c:\documents and settings\User\Start Menu\Programs\Startup\npsp56gtrz.exe
c:\documents and settings\User\Start Menu\Programs\Startup\nuixhg01n.exe
c:\documents and settings\User\Start Menu\Programs\Startup\nwqy55wezh.exe
c:\documents and settings\User\Start Menu\Programs\Startup\o55qmpvwyvx.exe
c:\documents and settings\User\Start Menu\Programs\Startup\p001dxgupre.exe
c:\documents and settings\User\Start Menu\Programs\Startup\pbgaj56wkt.exe
c:\documents and settings\User\Start Menu\Programs\Startup\peolh001v.exe
c:\documents and settings\User\Start Menu\Programs\Startup\qaflscgd.exe
c:\documents and settings\User\Start Menu\Programs\Startup\rawtlkg5.exe
c:\documents and settings\User\Start Menu\Programs\Startup\ruqt5sorlq.exe
c:\documents and settings\User\Start Menu\Programs\Startup\rzu01daczlf.exe
c:\documents and settings\User\Start Menu\Programs\Startup\surtqs55o.exe
c:\documents and settings\User\Start Menu\Programs\Startup\toi56uohve.exe
c:\documents and settings\User\Start Menu\Programs\Startup\tuimtaog.exe
c:\documents and settings\User\Start Menu\Programs\Startup\u0npsurtqs5.exe
c:\documents and settings\User\Start Menu\Programs\Startup\viyhs00jr.exe
c:\documents and settings\User\Start Menu\Programs\Startup\vokd56oirl.exe
c:\documents and settings\User\Start Menu\Programs\Startup\voo55owtle.exe
c:\documents and settings\User\Start Menu\Programs\Startup\vqsvruqt.exe
c:\documents and settings\User\Start Menu\Programs\Startup\wezh001rcm.exe
c:\documents and settings\User\Start Menu\Programs\Startup\whr00jxwoh.exe
c:\documents and settings\User\Start Menu\Programs\Startup\wo55audxgai.exe
c:\documents and settings\User\Start Menu\Programs\Startup\wsbl00flcq.exe
c:\documents and settings\User\Start Menu\Programs\Startup\wxd001bpye.exe
c:\documents and settings\User\Start Menu\Programs\Startup\x56yvxuwtvs.exe
c:\documents and settings\User\Start Menu\Programs\Startup\xaqblwg5.exe
c:\documents and settings\User\Start Menu\Programs\Startup\xrzuc556w.exe
c:\documents and settings\User\Start Menu\Programs\Startup\y01lpmolnog.exe
c:\documents and settings\User\Start Menu\Programs\Startup\ybn00vbwof.exe
c:\documents and settings\User\Start Menu\Programs\Startup\yirtqgbh.exe
c:\documents and settings\User\Start Menu\Programs\Startup\ynp00fbead.exe
c:\documents and settings\User\Start Menu\Programs\Startup\zfaiifh0.exe
c:\documents and settings\User\Start Menu\Programs\Startup\zhgi56uoh.exe
c:\documents and settings\User\Start Menu\Programs\Startup\zt01pembrqm.exe
c:\documents and settings\User\Start Menu\Programs\Startup\5knns01.exe
c:\windows\pss\5knns01.exeStartup
c:\documents and settings\User\Start Menu\Programs\Startup\ebtedm03.exe
c:\windows\pss\ebtedm03.exeStartup
c:\documents and settings\User\Start Menu\Programs\Startup\euz5mcratj.exe
c:\windows\pss\euz5mcratj.exeStartup
c:\documents and settings\User\rjs.exe
c:\windows\system32\drivers\ejdjisu.sys
c:\windows\system32\nadool.exe
c:\docume~1\User\LOCALS~1\Temp\gkmixern.sys


Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"baressut"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vageg"=-
[-HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^5knns01.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^ebtedm03.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^euz5mcratj.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\baressut]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Barsaka]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vageg]



Driver::
tklpi
q5ymg2u2
tekuaeelug
gkmixern


DDS::
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKman000&fl=0&ptb=.IyBejtO0LB4z.acBoa1EQ&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 15 Jan 2011
  • Poruke: 4
  • Gde živiš: Bijeljina

Evo loga:

ComboFix 11-01-22.01 - User 23.01.2011 0:09.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.767.536 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt

FILE ::
"c:\docume~1\User\LOCALS~1\Temp\gkmixern.sys"
"c:\documents and settings\User\rjs.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\00zbyud.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\01niqlr.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\0rtqspr.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\1brgynl.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\1lgywtl.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\1rluoxr.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\1rtwcjn.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\1zasbvd.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\55iajdm.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\56cnxit.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\5gqbmgz.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\5knns01.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\5qurtqs.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\5sedlgy.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\6ebdacz.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\aidz001hui.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\arbm01xlao.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\auwzq00vr.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\bbicrzt0.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\bjycc55uq.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\bvksnly00.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\c55swvzjokt.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\canrlkm55.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\dlwmpl00.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\ebtedm03.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\ed56ebdaczb.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\egjfmc55.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\euz5mcratj.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\fxluixhg.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\fziclfoi.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\g01nsktnwqy.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\gopvgkhj.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\grbmwhs0.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\hof56izfio.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\hpmojxga.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\ht01tnwutpi.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\idfcud56s.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\igbn001xg.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\irpiabr0.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\je01fzowtzo.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\k556sldrakp.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\khj00flcqz.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\kntuqjju.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\le01zkufpal.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\lgo55uubby.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\lpq01pysav.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\m56ilhemavl.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\midfcud5.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\milhkgj5.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\mntykhlq.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\npsp56gtrz.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\nuixhg01n.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\nwqy55wezh.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\o55qmpvwyvx.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\p001dxgupre.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\pbgaj56wkt.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\peolh001v.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\qaflscgd.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\rawtlkg5.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\ruqt5sorlq.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\rzu01daczlf.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\surtqs55o.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\toi56uohve.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\tuimtaog.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\u0npsurtqs5.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\viyhs00jr.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\vokd56oirl.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\voo55owtle.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\vqsvruqt.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\wezh001rcm.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\whr00jxwoh.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\wo55audxgai.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\wsbl00flcq.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\wxd001bpye.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\x56yvxuwtvs.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\xaqblwg5.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\xrzuc556w.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\y01lpmolnog.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\ybn00vbwof.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\yirtqgbh.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\ynp00fbead.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\zfaiifh0.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\zhgi56uoh.exe"
"c:\documents and settings\User\Start Menu\Programs\Startup\zt01pembrqm.exe"
"c:\program files\Common Files\Windows Live\.cache\wlc1B.tmp"
"c:\program files\Common Files\Windows Live\.cache\wlc22.tmp"
"c:\program files\Common Files\Windows Live\.cache\wlcB.tmp"
"c:\windows\pss\5knns01.exeStartup"
"c:\windows\pss\ebtedm03.exeStartup"
"c:\windows\pss\euz5mcratj.exeStartup"
"c:\windows\system32\coucykerou.exe"
"c:\windows\system32\drivers\boxtcblcx.sys"
"c:\windows\system32\drivers\ejdjisu.sys"
"c:\windows\system32\foofowi.exe"
"c:\windows\system32\nadool.exe"
"c:\windows\system32\sakouvoo.exe"
"c:\windows\system32\vouhyg.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\User\Start Menu\Programs\Startup\00zbyud.exe
c:\documents and settings\User\Start Menu\Programs\Startup\01niqlr.exe
c:\documents and settings\User\Start Menu\Programs\Startup\0rtqspr.exe
c:\documents and settings\User\Start Menu\Programs\Startup\1brgynl.exe
c:\documents and settings\User\Start Menu\Programs\Startup\1lgywtl.exe
c:\documents and settings\User\Start Menu\Programs\Startup\1rluoxr.exe
c:\documents and settings\User\Start Menu\Programs\Startup\1rtwcjn.exe
c:\documents and settings\User\Start Menu\Programs\Startup\1zasbvd.exe
c:\documents and settings\User\Start Menu\Programs\Startup\55iajdm.exe
c:\documents and settings\User\Start Menu\Programs\Startup\56cnxit.exe
c:\documents and settings\User\Start Menu\Programs\Startup\5gqbmgz.exe
c:\documents and settings\User\Start Menu\Programs\Startup\5qurtqs.exe
c:\documents and settings\User\Start Menu\Programs\Startup\5sedlgy.exe
c:\documents and settings\User\Start Menu\Programs\Startup\6ebdacz.exe
c:\documents and settings\User\Start Menu\Programs\Startup\aidz001hui.exe
c:\documents and settings\User\Start Menu\Programs\Startup\arbm01xlao.exe
c:\documents and settings\User\Start Menu\Programs\Startup\auwzq00vr.exe
c:\documents and settings\User\Start Menu\Programs\Startup\bbicrzt0.exe
c:\documents and settings\User\Start Menu\Programs\Startup\bjycc55uq.exe
c:\documents and settings\User\Start Menu\Programs\Startup\bvksnly00.exe
c:\documents and settings\User\Start Menu\Programs\Startup\c55swvzjokt.exe
c:\documents and settings\User\Start Menu\Programs\Startup\canrlkm55.exe
c:\documents and settings\User\Start Menu\Programs\Startup\dlwmpl00.exe
c:\documents and settings\User\Start Menu\Programs\Startup\ed56ebdaczb.exe
c:\documents and settings\User\Start Menu\Programs\Startup\egjfmc55.exe
c:\documents and settings\User\Start Menu\Programs\Startup\fxluixhg.exe
c:\documents and settings\User\Start Menu\Programs\Startup\fziclfoi.exe
c:\documents and settings\User\Start Menu\Programs\Startup\g01nsktnwqy.exe
c:\documents and settings\User\Start Menu\Programs\Startup\gopvgkhj.exe
c:\documents and settings\User\Start Menu\Programs\Startup\grbmwhs0.exe
c:\documents and settings\User\Start Menu\Programs\Startup\hof56izfio.exe
c:\documents and settings\User\Start Menu\Programs\Startup\hpmojxga.exe
c:\documents and settings\User\Start Menu\Programs\Startup\ht01tnwutpi.exe
c:\documents and settings\User\Start Menu\Programs\Startup\idfcud56s.exe
c:\documents and settings\User\Start Menu\Programs\Startup\igbn001xg.exe
c:\documents and settings\User\Start Menu\Programs\Startup\irpiabr0.exe
c:\documents and settings\User\Start Menu\Programs\Startup\je01fzowtzo.exe
c:\documents and settings\User\Start Menu\Programs\Startup\k556sldrakp.exe
c:\documents and settings\User\Start Menu\Programs\Startup\khj00flcqz.exe
c:\documents and settings\User\Start Menu\Programs\Startup\kntuqjju.exe
c:\documents and settings\User\Start Menu\Programs\Startup\le01zkufpal.exe
c:\documents and settings\User\Start Menu\Programs\Startup\lgo55uubby.exe
c:\documents and settings\User\Start Menu\Programs\Startup\lpq01pysav.exe
c:\documents and settings\User\Start Menu\Programs\Startup\m56ilhemavl.exe
c:\documents and settings\User\Start Menu\Programs\Startup\midfcud5.exe
c:\documents and settings\User\Start Menu\Programs\Startup\milhkgj5.exe
c:\documents and settings\User\Start Menu\Programs\Startup\mntykhlq.exe
c:\documents and settings\User\Start Menu\Programs\Startup\npsp56gtrz.exe
c:\documents and settings\User\Start Menu\Programs\Startup\nuixhg01n.exe
c:\documents and settings\User\Start Menu\Programs\Startup\nwqy55wezh.exe
c:\documents and settings\User\Start Menu\Programs\Startup\o55qmpvwyvx.exe
c:\documents and settings\User\Start Menu\Programs\Startup\p001dxgupre.exe
c:\documents and settings\User\Start Menu\Programs\Startup\pbgaj56wkt.exe
c:\documents and settings\User\Start Menu\Programs\Startup\peolh001v.exe
c:\documents and settings\User\Start Menu\Programs\Startup\qaflscgd.exe
c:\documents and settings\User\Start Menu\Programs\Startup\rawtlkg5.exe
c:\documents and settings\User\Start Menu\Programs\Startup\ruqt5sorlq.exe
c:\documents and settings\User\Start Menu\Programs\Startup\rzu01daczlf.exe
c:\documents and settings\User\Start Menu\Programs\Startup\surtqs55o.exe
c:\documents and settings\User\Start Menu\Programs\Startup\toi56uohve.exe
c:\documents and settings\User\Start Menu\Programs\Startup\tuimtaog.exe
c:\documents and settings\User\Start Menu\Programs\Startup\u0npsurtqs5.exe
c:\documents and settings\User\Start Menu\Programs\Startup\viyhs00jr.exe
c:\documents and settings\User\Start Menu\Programs\Startup\vokd56oirl.exe
c:\documents and settings\User\Start Menu\Programs\Startup\voo55owtle.exe
c:\documents and settings\User\Start Menu\Programs\Startup\vqsvruqt.exe
c:\documents and settings\User\Start Menu\Programs\Startup\wezh001rcm.exe
c:\documents and settings\User\Start Menu\Programs\Startup\whr00jxwoh.exe
c:\documents and settings\User\Start Menu\Programs\Startup\wo55audxgai.exe
c:\documents and settings\User\Start Menu\Programs\Startup\wsbl00flcq.exe
c:\documents and settings\User\Start Menu\Programs\Startup\wxd001bpye.exe
c:\documents and settings\User\Start Menu\Programs\Startup\x56yvxuwtvs.exe
c:\documents and settings\User\Start Menu\Programs\Startup\xaqblwg5.exe
c:\documents and settings\User\Start Menu\Programs\Startup\xrzuc556w.exe
c:\documents and settings\User\Start Menu\Programs\Startup\y01lpmolnog.exe
c:\documents and settings\User\Start Menu\Programs\Startup\ybn00vbwof.exe
c:\documents and settings\User\Start Menu\Programs\Startup\yirtqgbh.exe
c:\documents and settings\User\Start Menu\Programs\Startup\ynp00fbead.exe
c:\documents and settings\User\Start Menu\Programs\Startup\zfaiifh0.exe
c:\documents and settings\User\Start Menu\Programs\Startup\zhgi56uoh.exe
c:\documents and settings\User\Start Menu\Programs\Startup\zt01pembrqm.exe
c:\program files\Common Files\Windows Live\.cache\wlc1B.tmp
c:\program files\Common Files\Windows Live\.cache\wlc22.tmp
c:\program files\Common Files\Windows Live\.cache\wlcB.tmp
c:\windows\pss\5knns01.exeStartup
c:\windows\pss\ebtedm03.exeStartup
c:\windows\pss\euz5mcratj.exeStartup
c:\windows\system32\coucykerou.exe
c:\windows\system32\drivers\boxtcblcx.sys
c:\windows\system32\foofowi.exe
c:\windows\system32\sakouvoo.exe
c:\windows\system32\vouhyg.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_Q5YMG2U2
-------\Legacy_TEKUAEELUG
-------\Service_gkmixern
-------\Service_q5ymg2u2
-------\Service_tekuaeelug
-------\Service_tklpi
-------\Legacy_boxtcblcx
-------\Service_boxtcblcx


((((((((((((((((((((((((( Files Created from 2010-12-22 to 2011-01-22 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-04-23 3756032]
"nwiz"="nwiz.exe" [2004-04-23 831488]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2004-04-23 46080]
"SoundMan"="SOUNDMAN.EXE" [2004-05-14 67072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AirLive Turbo-G Wireless Utility.lnk - c:\program files\Ovislink\Common\TurboG-UI.exe [2008-8-9 614400]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Multimedia keyboard driver.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Multimedia keyboard driver.lnk
backup=c:\windows\pss\Multimedia keyboard driver.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:42 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor]
2006-11-03 09:01 319488 ----a-w- c:\windows\PixArt\PAC7302\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-11-22 23:45 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\Msmsgs.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2124320
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKman000&fl=0&ptb=.IyBejtO0LB4z.acBoa1EQ&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {2B0F3E87-2761-4409-B3CE-EE706ABD059C} = 79.143.173.161 79.143.172.3
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\hngiuscv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2321365&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ZaMRadio Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 2
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2011-01-23 00:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\System32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
.
**************************************************************************
.
Completion time: 2011-01-23 00:20:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-22 23:20
ComboFix2.txt 2011-01-22 20:40

Pre-Run: 12.250.066.944 bytes free
Post-Run: 11.952.062.464 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - A574DFD02C004E59E097DACE3E833B4C

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save scrambled log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

offline
  • Pridružio: 15 Jan 2011
  • Poruke: 4
  • Gde živiš: Bijeljina

Prvo sam ubacila USB flash drive, a posle njega mp3 plejer.

USBNoRisk 2.7 (28 December 2010) by bobby

Started at 23.1.2011 12:11:37

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {93d926e0-7433-11d9-9366-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 93d926e0-7433-11d9-9366-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 23.1.2011 12:11:50

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================

========================================

========================================


New device connected at 23.1.2011 12:12:13

Scanning for connected USB mass storage...
----------------------------------------
E: {6deaafc0-d74c-11dc-bcf4-000fea73f7d5}
Added E:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on E:
----------------------------------------
autorun.inf found on E:
----------------------------------------
File E:\autorun.inf renamed successfully

Content of E:\autorun.inf.blocked
----------------------------------------
;7V486579t6M16
[autorun]
;dK525J486S4Z72T1
open=yam.exe
;Dw8\8[U5Vi5PY\=x2541x72wz13v[6N[4L=r\tv268Yf
icon=%SystemRoot%\System32\SHELL32.dll,4
;Dq9n32nX04hM8xkL934TNb222j7%a587EGIdr%WNc15c
;eMKai77jO6hsG6bq02e41s3P5Q7ClP5v
shell\\open\\command=yam.exe
;2c6634y9732I230f36114IJE6fX73fRl
;GoU3k11570585]K5K3F5O8s7\81mm78BPEv]S
shell\\explore\\command=yam.exe
;Wd21ur5ruL23[O24564=4D7V486579t6M16dK
;525J486S4Z72T1H1L47
useautoplay=1
;E23q40JUC43Dw8\8[U5
;Vi5PY\=x2541x72
:GOTO NUL
;wz13v[6N[4L=r\tv2
----------------------------------------

Files referenced from E:\autorun.inf.blocked
----------------------------------------
E:\yam.exe -r-hs 113152
----------------------------------------

No mountpoint found for 6deaafc0-d74c-11dc-bcf4-000fea73f7d5
----------------------------------------

----------------------------------------
Desktop.ini found at E:\SANJA\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
Desktop.ini found at E:\NATASA\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------

No mimics found on drive E:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive E:
========================================

========================================
Removed E:
========================================


New device connected at 23.1.2011 12:12:54

Scanning for connected USB mass storage...
----------------------------------------
E: {f4d4c580-9d50-11de-821c-000fea73f7d5}
Added E:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on E:
----------------------------------------
autorun.inf found on E:
----------------------------------------
File E:\autorun.inf renamed successfully

Content of E:\autorun.inf.blocked
----------------------------------------
;7V486579t6M16
[autorun]
;dK525J486S4Z72T1
open=yam.exe
;Dw8\8[U5Vi5PY\=x2541x72wz13v[6N[4L=r\tv268Yf
icon=%SystemRoot%\System32\SHELL32.dll,4
;Dq9n32nX04hM8xkL934TNb222j7%a587EGIdr%WNc15c
;eMKai77jO6hsG6bq02e41s3P5Q7ClP5v
shell\\open\\command=yam.exe
;2c6634y9732I230f36114IJE6fX73fRl
;GoU3k11570585]K5K3F5O8s7\81mm78BPEv]S
shell\\explore\\command=yam.exe
;Wd21ur5ruL23[O24564=4D7V486579t6M16dK
;525J486S4Z72T1H1L47
useautoplay=1
;E23q40JUC43Dw8\8[U5
;Vi5PY\=x2541x72
:GOTO NUL
;wz13v[6N[4L=r\tv2
----------------------------------------

Files referenced from E:\autorun.inf.blocked
----------------------------------------
E:\yam.exe -r-hs 113152
----------------------------------------

No mountpoint found for f4d4c580-9d50-11de-821c-000fea73f7d5
----------------------------------------

----------------------------------------
Desktop.ini found at E:\NATASA\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------

No mimics found on drive E:
----------------------------------------

No .lnk/.pif/.com/.scr files found on drive E:
========================================

========================================
Removed E:
========================================

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Skini sledeci program i uninstaliraj do kraja Norton koji ti se nalazi na sistemu: ftp://ftp.symantec.com/public/english_us_canada/re.....l_Tool.exe



Zatim instaliraj neki Antivirus.

Ko je trenutno na forumu
 

Ukupno su 841 korisnika na forumu :: 39 registrovanih, 8 sakrivenih i 794 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Petar, A.R.Chafee.Jr., airsuba, Atomski čoban, babaroga, bojank, CikaKURE, Dorcolac, HogarStrashni, Ivica1102, Karla, Krvava Devetka, loon123, Lord Nem, lord sir giga, Metanoja, Mi lao shu, milenko crazy north, Milometer, MilosKop, Misirac, Mitraljeta, Mixelotti, Motocar, naki011, nebidrag, nemkea71, nenad81, Panter, pein, pera bager, Sirius, Srle993, stagezin, stegonosa, Stoilkovic, Vlad000, Yugol33, zbazin