log...

1

log...

offline
  • Pridružio: 13 Maj 2007
  • Poruke: 163
  • Gde živiš: Gracanica

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:13:24 PM, on 6/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\WLAN\ACU.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Jasko\Desktop\ccc\TR3.exe..exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = my.freeze.com/?AcquisitionID=2b836f71-4788-.....=&ipc=
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ACU] "C:\Program Files\WLAN\ACU.exe" -nogui
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [w3dr.exe] D:\Program files\Warcraft III\w3dr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bitmeter2.lnk = C:\Program Files\Codebox\BitMeter\BitMeter2.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: WLAN Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Seekeen Service - Unknown owner - C:\Documents and Settings\All Users.WINDOWS\Application Data\Seekeen\seekeen140.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6455 bytes

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Zdravo,

Preuzmi sUBs-ov ComboFix sa jedne od sledećih adresa na Desktop:


Bleeping Computer . . . . . Geeks to Go!
Klikni desnim tasterom na neki od linkova i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
zatvori pokrenute programe;
deaktiviraj zaštitni softver (uputstvo);
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 13 Maj 2007
  • Poruke: 163
  • Gde živiš: Gracanica

ComboFix 09-06-26.02 - Jasko 06/27/2009 15:28.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.178 [GMT 2:00]
Running from: c:\documents and settings\Jasko\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jasmin\Favorites\Download programs.url
c:\documents and settings\Jasmin\Favorites\Translator.url
c:\documents and settings\Jasmin\Favorites\Videos.url
c:\documents and settings\Jasmin\Start Menu\Programs\Download programs.url
c:\documents and settings\Jasmin\Start Menu\Programs\Games.url
c:\documents and settings\Jasmin\Start Menu\Programs\Translator.url
c:\documents and settings\Jasmin\Start Menu\Programs\Videos.url

.
((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-06-27 )))))))))))))))))))))))))))))))
.

2009-06-22 21:19 . 2009-06-22 21:19 -------- d-----w- c:\documents and settings\Jasko\Local Settings\Application Data\Yahoo
2009-06-22 21:17 . 2009-06-22 21:17 -------- d-----w- c:\docume~1\Jasko\APPLIC~1\Yahoo!
2009-06-22 21:13 . 2009-06-27 12:39 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo!
2009-06-22 21:13 . 2009-06-27 12:39 -------- d-----w- c:\program files\Yahoo!
2009-06-22 18:50 . 2009-06-22 18:51 -------- d-----w- c:\program files\aMSN
2009-06-17 14:50 . 2009-06-17 14:50 -------- d-----w- c:\docume~1\Jasko\APPLIC~1\Search Settings
2009-06-17 14:45 . 2009-06-17 14:45 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\POP3Profiles
2009-06-17 14:21 . 2009-06-17 14:21 -------- d-----w- c:\program files\Search Settings
2009-06-17 14:20 . 2005-03-11 16:37 1986560 ----a-w- c:\windows\system32\AudFile.dll
2009-06-17 14:20 . 2005-02-24 11:11 1212416 ----a-w- c:\windows\system32\AudioInfos.dll
2009-06-17 14:20 . 2005-02-24 10:51 348160 ----a-w- c:\windows\system32\WMAFile.dll
2009-06-17 14:20 . 2003-01-26 10:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2009-06-17 14:20 . 1998-07-12 20:00 15360 ----a-w- c:\windows\system32\inetfr.DLL
2009-06-17 14:20 . 2000-10-01 16:00 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2009-06-17 14:20 . 1999-03-25 16:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2009-06-17 14:20 . 1998-07-12 20:00 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2009-06-17 14:20 . 2003-04-18 13:29 44544 ----a-w- c:\windows\system32\msxml4a.dll
2009-06-17 14:20 . 1998-07-12 16:00 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2009-06-17 14:20 . 2009-06-17 18:52 -------- d-----w- c:\program files\Free Easy Burner
2009-06-17 10:15 . 2009-06-17 10:15 -------- d-----w- c:\program files\SystemRequirementsLab
2009-06-14 17:47 . 2009-06-14 17:47 -------- d-----w- c:\program files\Warcraft III
2009-06-14 17:47 . 2009-06-14 17:47 -------- d-----w- c:\windows\Eurobattle.net
2009-06-13 17:13 . 2009-06-13 17:13 -------- d-----w- c:\program files\Puff_Bomb
2009-06-13 16:50 . 2009-06-13 16:50 -------- d-----w- c:\program files\Digital Tome
2009-06-13 16:36 . 1998-01-01 01:01 284160 ----a-w- c:\windows\uninst.exe
2009-06-13 16:36 . 2009-06-13 16:36 -------- d-----w- c:\documents and settings\Jasko\WINDOWS
2009-06-10 21:34 . 2009-06-10 21:34 -------- d-----w- c:\program files\mIRC
2009-05-28 20:53 . 2009-05-28 23:39 -------- d-----w- c:\docume~1\Jasko\APPLIC~1\TeamViewer
2009-05-28 20:53 . 2009-05-28 20:53 -------- d-----w- c:\program files\TeamViewer
2009-05-28 20:52 . 2009-05-28 20:52 -------- d-----w- c:\documents and settings\Jasko\temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-27 13:32 . 2009-01-14 00:56 22997024 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-27 13:25 . 2009-02-03 06:49 -------- d-----w- c:\docume~1\Jasko\APPLIC~1\DNA
2009-06-27 12:45 . 2008-06-18 01:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-27 12:45 . 2009-02-13 04:10 -------- d-----w- c:\program files\Common Files\Macromedia
2009-06-27 12:43 . 2009-01-13 20:38 -------- d-----w- c:\program files\WLAN
2009-06-27 12:43 . 2009-04-17 08:28 -------- d-----w- c:\program files\Dernek.ba
2009-06-27 11:15 . 2009-02-03 06:49 -------- d-----w- c:\program files\DNA
2009-06-26 23:18 . 2009-01-14 00:56 269744 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-18 20:47 . 2009-02-07 09:05 -------- d-----w- c:\program files\Garena
2009-06-14 17:47 . 2009-02-07 08:50 98179 ----a-w- c:\windows\War3Unin.dat
2009-06-10 21:44 . 2009-01-13 08:51 -------- d-----w- c:\docume~1\Jasko\APPLIC~1\mIRC
2009-06-09 10:13 . 2009-03-24 07:32 4595005 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-05-29 11:20 . 2009-01-13 05:54 45280 ----a-w- c:\documents and settings\Jasko\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-27 19:06 . 2009-01-13 06:15 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-25 23:09 . 2009-05-25 22:51 -------- d-----w- c:\docume~1\Jasko\APPLIC~1\Likno
2009-05-25 08:48 . 2009-05-25 08:48 -------- d-----w- c:\program files\vSoft
2009-05-25 08:31 . 2009-05-25 07:47 -------- d-----w- c:\docume~1\Jasko\APPLIC~1\BitTorrent
2009-05-25 07:47 . 2009-05-25 07:46 -------- d-----w- c:\program files\BitTorrent
2009-05-25 07:27 . 2009-05-25 07:27 155648 ----a-w- c:\windows\system32\libssl32.dll
2009-05-03 17:01 . 2009-05-03 17:01 -------- d-----w- c:\program files\Skylive-NG
2009-04-28 18:26 . 2009-04-28 18:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVS4YOU
2009-04-28 16:38 . 2009-04-28 16:36 -------- d-----w- c:\program files\AVS4YOU
2009-04-28 16:38 . 2009-04-28 16:37 -------- d-----w- c:\program files\Common Files\AVSMedia
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-07 3885408]
"Uniblue SpyEraser"="c:\program files\Uniblue\SpyEraser\SpyEraser.exe" [2008-04-02 1424648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"ACU"="c:\program files\WLAN\ACU.exe" [2006-01-06 303104]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 45056]
"w3dr.exe"="d:\program files\Warcraft III\w3dr.exe" [2008-08-03 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Bitmeter2.lnk - c:\program files\Codebox\BitMeter\BitMeter2.exe [2006-2-11 1359872]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SearchSettings"=c:\program files\Search Settings\SearchSettings.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8240:TCP"= 8240:TCP:akwedamp

S2 jayjknxkz;System Manager;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 2:00 PM 14336]
S2 pyfdi;Config Shell;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 2:00 PM 14336]
S2 Seekeen Service;Seekeen Service;"c:\documents and settings\All Users.WINDOWS\Application Data\Seekeen\seekeen140.exe" "c:\program files\Seekeen\seekeen.dll" Service --> c:\documents and settings\All Users.WINDOWS\Application Data\Seekeen\seekeen140.exe [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
jayjknxkz
pyfdi
.
Contents of the 'Scheduled Tasks' folder

2009-06-26 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2006-10-05 14:09]

2009-01-15 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2009-01-15 17:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.freeze.com/?AcquisitionID=2b836f71-4788-40d5-b670-88b46f6ab1d1&s=&ipc=
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\docume~1\Jasko\APPLIC~1\Mozilla\Firefox\Profiles\2y28v3nh.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-06-27 15:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jayjknxkz]
"ServiceDll"="c:\windows\system32\huhorw.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pyfdi]
"ServiceDll"="c:\windows\system32\huhorw.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(668-)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-06-27 15:33
ComboFix-quarantined-files.txt 2009-06-27 13:33

Pre-Run: 12,519,997,440 bytes free
Post-Run: 12,530,892,800 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

177

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Otvoriti Notepad i iskopirati sledeci tekst:

Registry:
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jayjknxkz]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pyfdi]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8240:TCP"=-

DirLook:
c:\program files\Search Settings

File::
c:\windows\system32\huhorw.dll

Driver::
jayjknxkz
pyfdi
Seekeen Service

NetSvc::
jayjknxkz
pyfdi

Folder::
c:\documents and settings\All Users.WINDOWS\Application Data\Seekeen
c:\program files\Seekeen



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 13 Maj 2007
  • Poruke: 163
  • Gde živiš: Gracanica

ComboFix 09-06-26.02 - Jasko 06/27/2009 16:30.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.184 [GMT 2:00]
Running from: c:\documents and settings\Jasko\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jasko\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"c:\windows\system32\huhorw.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users.WINDOWS\Application Data\Seekeen
c:\program files\Seekeen
c:\program files\Seekeen\home.js
c:\program files\Seekeen\readme.html
c:\program files\Seekeen\seekeen.dll
c:\program files\Seekeen\uninstall.exe
c:\windows\system32\huhorw.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_JAYJKNXKZ
-------\Legacy_PYFDI
-------\Legacy_SEEKEEN_SERVICE
-------\Service_jayjknxkz
-------\Service_pyfdi
-------\Service_Seekeen Service


((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-06-27 )))))))))))))))))))))))))))))))
.

2009-06-27 13:32 . 2009-06-27 13:32 -------- dc----w- c:\windows\system32\dllcache\cache
2009-06-22 21:19 . 2009-06-22 21:19 -------- d-----w- c:\documents and settings\Jasko\Local Settings\Application Data\Yahoo
2009-06-22 21:17 . 2009-06-22 21:17 -------- d-----w- c:\docume~1\Jasko\APPLIC~1\Yahoo!
2009-06-22 21:13 . 2009-06-27 12:39 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo!
2009-06-22 21:13 . 2009-06-27 12:39 -------- d-----w- c:\program files\Yahoo!
2009-06-22 18:50 . 2009-06-22 18:51 -------- d-----w- c:\program files\aMSN
2009-06-17 14:50 . 2009-06-17 14:50 -------- d-----w- c:\docume~1\Jasko\APPLIC~1\Search Settings
2009-06-17 14:45 . 2009-06-17 14:45 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\POP3Profiles
2009-06-17 14:21 . 2009-06-17 14:21 -------- d-----w- c:\program files\Search Settings
2009-06-17 14:20 . 2005-03-11 16:37 1986560 ----a-w- c:\windows\system32\AudFile.dll
2009-06-17 14:20 . 2005-02-24 11:11 1212416 ----a-w- c:\windows\system32\AudioInfos.dll
2009-06-17 14:20 . 2005-02-24 10:51 348160 ----a-w- c:\windows\system32\WMAFile.dll
2009-06-17 14:20 . 2003-01-26 10:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2009-06-17 14:20 . 1998-07-12 20:00 15360 ----a-w- c:\windows\system32\inetfr.DLL
2009-06-17 14:20 . 2000-10-01 16:00 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2009-06-17 14:20 . 1999-03-25 16:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2009-06-17 14:20 . 1998-07-12 20:00 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2009-06-17 14:20 . 2003-04-18 13:29 44544 ----a-w- c:\windows\system32\msxml4a.dll
2009-06-17 14:20 . 1998-07-12 16:00 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2009-06-17 14:20 . 2009-06-17 18:52 -------- d-----w- c:\program files\Free Easy Burner
2009-06-17 10:15 . 2009-06-17 10:15 -------- d-----w- c:\program files\SystemRequirementsLab
2009-06-14 17:47 . 2009-06-14 17:47 -------- d-----w- c:\program files\Warcraft III
2009-06-14 17:47 . 2009-06-14 17:47 -------- d-----w- c:\windows\Eurobattle.net
2009-06-13 17:13 . 2009-06-13 17:13 -------- d-----w- c:\program files\Puff_Bomb
2009-06-13 16:50 . 2009-06-13 16:50 -------- d-----w- c:\program files\Digital Tome
2009-06-13 16:36 . 1998-01-01 01:01 284160 ----a-w- c:\windows\uninst.exe
2009-06-13 16:36 . 2009-06-13 16:36 -------- d-----w- c:\documents and settings\Jasko\WINDOWS
2009-06-10 21:34 . 2009-06-10 21:34 -------- d-----w- c:\program files\mIRC
2009-05-28 20:53 . 2009-05-28 23:39 -------- d-----w- c:\docume~1\Jasko\APPLIC~1\TeamViewer
2009-05-28 20:53 . 2009-05-28 20:53 -------- d-----w- c:\program files\TeamViewer
2009-05-28 20:52 . 2009-05-28 20:52 -------- d-----w- c:\documents and settings\Jasko\temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-27 14:40 . 2009-01-14 00:56 23103520 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-27 14:37 . 2009-01-14 00:56 272744 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-27 13:40 . 2009-02-03 06:49 -------- d-----w- c:\docume~1\Jasko\APPLIC~1\DNA
2009-06-27 12:45 . 2008-06-18 01:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-27 12:45 . 2009-02-13 04:10 -------- d-----w- c:\program files\Common Files\Macromedia
2009-06-27 12:43 . 2009-01-13 20:38 -------- d-----w- c:\program files\WLAN
2009-06-27 12:43 . 2009-04-17 08:28 -------- d-----w- c:\program files\Dernek.ba
2009-06-27 11:15 . 2009-02-03 06:49 -------- d-----w- c:\program files\DNA
2009-06-18 20:47 . 2009-02-07 09:05 -------- d-----w- c:\program files\Garena
2009-06-14 17:47 . 2009-02-07 08:50 98179 ----a-w- c:\windows\War3Unin.dat
2009-06-10 21:44 . 2009-01-13 08:51 -------- d-----w- c:\docume~1\Jasko\APPLIC~1\mIRC
2009-06-09 10:13 . 2009-03-24 07:32 4595005 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-05-29 11:20 . 2009-01-13 05:54 45280 ----a-w- c:\documents and settings\Jasko\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-27 19:06 . 2009-01-13 06:15 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-25 23:09 . 2009-05-25 22:51 -------- d-----w- c:\docume~1\Jasko\APPLIC~1\Likno
2009-05-25 08:48 . 2009-05-25 08:48 -------- d-----w- c:\program files\vSoft
2009-05-25 08:31 . 2009-05-25 07:47 -------- d-----w- c:\docume~1\Jasko\APPLIC~1\BitTorrent
2009-05-25 07:47 . 2009-05-25 07:46 -------- d-----w- c:\program files\BitTorrent
2009-05-25 07:27 . 2009-05-25 07:27 155648 ----a-w- c:\windows\system32\libssl32.dll
2009-05-03 17:01 . 2009-05-03 17:01 -------- d-----w- c:\program files\Skylive-NG
2009-04-28 18:26 . 2009-04-28 18:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVS4YOU
2009-04-28 16:38 . 2009-04-28 16:36 -------- d-----w- c:\program files\AVS4YOU
2009-04-28 16:38 . 2009-04-28 16:37 -------- d-----w- c:\program files\Common Files\AVSMedia
.

((((((((((((((((((((((((((((( SnapShot@2009-06-27_13.32.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-27 13:32 . 2004-08-04 12:00 82944 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-06-27 13:32 . 2004-08-04 12:00 24576 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-06-27 13:32 . 2004-08-04 12:00 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-06-27 13:32 . 2004-08-04 12:00 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-06-27 13:32 . 2004-08-04 12:00 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-06-27 13:32 . 2004-08-04 12:00 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-06-27 13:32 . 2004-08-04 12:00 24576 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-06-27 13:32 . 2004-08-04 12:00 29056 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-06-27 13:32 . 2004-08-04 12:00 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2009-06-27 13:32 . 2004-08-04 12:00 111104 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-06-27 13:32 . 2004-08-04 12:00 502272 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-06-27 13:32 . 2004-08-04 12:00 656384 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-06-27 13:32 . 2004-08-04 12:00 577024 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-06-27 13:32 . 2004-08-04 12:00 295424 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-06-27 13:32 . 2004-08-04 12:00 359040 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-06-27 13:32 . 2004-08-04 12:00 108032 c:\windows\system32\dllcache\cache\services.exe
+ 2009-06-27 13:32 . 2004-08-04 12:00 182912 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-06-27 13:32 . 2004-08-04 12:00 983552 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-06-27 13:32 . 2004-08-04 12:00 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-06-27 13:32 . 2004-08-04 12:00 167936 c:\windows\system32\dllcache\cache\appmgmts.dll
+ 2009-06-27 13:32 . 2004-08-04 12:00 1580544 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-06-27 13:32 . 2004-08-04 12:00 2180992 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-06-27 13:32 . 2004-08-04 12:00 2056832 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-06-27 13:32 . 2004-08-04 12:00 1032192 c:\windows\system32\dllcache\cache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-07 3885408]
"Uniblue SpyEraser"="c:\program files\Uniblue\SpyEraser\SpyEraser.exe" [2008-04-02 1424648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"ACU"="c:\program files\WLAN\ACU.exe" [2006-01-06 303104]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 45056]
"w3dr.exe"="d:\program files\Warcraft III\w3dr.exe" [2008-08-03 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Bitmeter2.lnk - c:\program files\Codebox\BitMeter\BitMeter2.exe [2006-2-11 1359872]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SearchSettings"=c:\program files\Search Settings\SearchSettings.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8240:TCP"= 8240:TCP:akwedamp

S2 uuzwdj;Image Update;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 2:00 PM 14336]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - UUZWDJ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
uuzwdj
.
Contents of the 'Scheduled Tasks' folder

2009-06-26 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2006-10-05 14:09]

2009-01-15 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2009-01-15 17:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.freeze.com/?AcquisitionID=2b836f71-4788-40d5-b670-88b46f6ab1d1&s=&ipc=
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\docume~1\Jasko\APPLIC~1\Mozilla\Firefox\Profiles\2y28v3nh.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-06-27 16:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uuzwdj]
"ServiceDll"="c:\windows\system32\huhorw.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(672)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3076)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ZoneLabs\vsmon.exe
c:\windows\system32\acs.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Completion time: 2009-06-27 16:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-27 14:44
ComboFix2.txt 2009-06-27 13:33

Pre-Run: 12,691,902,464 bytes free
Post-Run: 16,147,329,024 bytes free

221

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Otvoriti Notepad i iskopirati sledeci tekst:

KILLALL::
File::
c:\windows\system32\huhorw.dll

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uuzwdj]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8240:TCP"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SearchSettings"=-

Folder::
c:\program files\Search Settings
c:\docume~1\Jasko\APPLIC~1\Search Settings

DirLook:
c:\documents and settings\All Users.WINDOWS\Application Data\POP3Profiles

NetSvc::
uuzwdj

Driver::
uuzwdj




Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 13 Maj 2007
  • Poruke: 163
  • Gde živiš: Gracanica

ComboFix 09-06-26.02 - Jasko 06/27/2009 17:42.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.240 [GMT 2:00]
Running from: c:\documents and settings\Jasko\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jasko\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"c:\windows\system32\huhorw.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Jasko\APPLIC~1\Search Settings
c:\docume~1\Jasko\APPLIC~1\Search Settings\kb128\temp\ws-14419.log
c:\docume~1\Jasko\APPLIC~1\Search Settings\kb128\temp\ws-14420.log
c:\docume~1\Jasko\APPLIC~1\Search Settings\kb128\temp\ws-14421.log
c:\docume~1\Jasko\APPLIC~1\Search Settings\kb128\temp\ws-14422.log
c:\program files\Search Settings
c:\program files\Search Settings\kb128\SearchSettings.dll
c:\program files\Search Settings\kb128\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_UUZWDJ
-------\Service_uuzwdj


((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-06-27 )))))))))))))))))))))))))))))))
.

2009-06-27 13:32 . 2009-06-27 13:32 -------- dc----w- c:\windows\system32\dllcache\cache
2009-06-22 21:19 . 2009-06-22 21:19 -------- d-----w- c:\documents and settings\Jasko\Local Settings\Application Data\Yahoo
2009-06-22 21:17 . 2009-06-22 21:17 -------- d-----w- c:\docume~1\Jasko\APPLIC~1\Yahoo!
2009-06-22 21:13 . 2009-06-27 12:39 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo!
2009-06-22 21:13 . 2009-06-27 12:39 -------- d-----w- c:\program files\Yahoo!
2009-06-22 18:50 . 2009-06-22 18:51 -------- d-----w- c:\program files\aMSN
2009-06-17 14:45 . 2009-06-17 14:45 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\POP3Profiles
2009-06-17 14:20 . 2005-03-11 16:37 1986560 ----a-w- c:\windows\system32\AudFile.dll
2009-06-17 14:20 . 2005-02-24 11:11 1212416 ----a-w- c:\windows\system32\AudioInfos.dll
2009-06-17 14:20 . 2005-02-24 10:51 348160 ----a-w- c:\windows\system32\WMAFile.dll
2009-06-17 14:20 . 2003-01-26 10:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2009-06-17 14:20 . 1998-07-12 20:00 15360 ----a-w- c:\windows\system32\inetfr.DLL
2009-06-17 14:20 . 2000-10-01 16:00 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2009-06-17 14:20 . 1999-03-25 16:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2009-06-17 14:20 . 1998-07-12 20:00 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2009-06-17 14:20 . 2003-04-18 13:29 44544 ----a-w- c:\windows\system32\msxml4a.dll
2009-06-17 14:20 . 1998-07-12 16:00 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2009-06-17 14:20 . 2009-06-17 18:52 -------- d-----w- c:\program files\Free Easy Burner
2009-06-17 10:15 . 2009-06-17 10:15 -------- d-----w- c:\program files\SystemRequirementsLab
2009-06-14 17:47 . 2009-06-14 17:47 -------- d-----w- c:\program files\Warcraft III
2009-06-14 17:47 . 2009-06-14 17:47 -------- d-----w- c:\windows\Eurobattle.net
2009-06-13 17:13 . 2009-06-13 17:13 -------- d-----w- c:\program files\Puff_Bomb
2009-06-13 16:50 . 2009-06-13 16:50 -------- d-----w- c:\program files\Digital Tome
2009-06-13 16:36 . 1998-01-01 01:01 284160 ----a-w- c:\windows\uninst.exe
2009-06-13 16:36 . 2009-06-13 16:36 -------- d-----w- c:\documents and settings\Jasko\WINDOWS
2009-06-10 21:34 . 2009-06-10 21:34 -------- d-----w- c:\program files\mIRC
2009-05-28 20:53 . 2009-05-28 23:39 -------- d-----w- c:\docume~1\Jasko\APPLIC~1\TeamViewer
2009-05-28 20:53 . 2009-05-28 20:53 -------- d-----w- c:\program files\TeamViewer
2009-05-28 20:52 . 2009-05-28 20:52 -------- d-----w- c:\documents and settings\Jasko\temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-27 15:50 . 2009-01-14 00:56 23218208 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-27 15:47 . 2009-01-14 00:56 274088 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-27 13:40 . 2009-02-03 06:49 -------- d-----w- c:\docume~1\Jasko\APPLIC~1\DNA
2009-06-27 12:45 . 2008-06-18 01:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-27 12:45 . 2009-02-13 04:10 -------- d-----w- c:\program files\Common Files\Macromedia
2009-06-27 12:43 . 2009-01-13 20:38 -------- d-----w- c:\program files\WLAN
2009-06-27 12:43 . 2009-04-17 08:28 -------- d-----w- c:\program files\Dernek.ba
2009-06-27 11:15 . 2009-02-03 06:49 -------- d-----w- c:\program files\DNA
2009-06-18 20:47 . 2009-02-07 09:05 -------- d-----w- c:\program files\Garena
2009-06-14 17:47 . 2009-02-07 08:50 98179 ----a-w- c:\windows\War3Unin.dat
2009-06-10 21:44 . 2009-01-13 08:51 -------- d-----w- c:\docume~1\Jasko\APPLIC~1\mIRC
2009-06-09 10:13 . 2009-03-24 07:32 4595005 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-05-29 11:20 . 2009-01-13 05:54 45280 ----a-w- c:\documents and settings\Jasko\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-27 19:06 . 2009-01-13 06:15 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-25 23:09 . 2009-05-25 22:51 -------- d-----w- c:\docume~1\Jasko\APPLIC~1\Likno
2009-05-25 08:48 . 2009-05-25 08:48 -------- d-----w- c:\program files\vSoft
2009-05-25 08:31 . 2009-05-25 07:47 -------- d-----w- c:\docume~1\Jasko\APPLIC~1\BitTorrent
2009-05-25 07:47 . 2009-05-25 07:46 -------- d-----w- c:\program files\BitTorrent
2009-05-25 07:27 . 2009-05-25 07:27 155648 ----a-w- c:\windows\system32\libssl32.dll
2009-05-03 17:01 . 2009-05-03 17:01 -------- d-----w- c:\program files\Skylive-NG
2009-04-28 18:26 . 2009-04-28 18:26 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVS4YOU
2009-04-28 16:38 . 2009-04-28 16:36 -------- d-----w- c:\program files\AVS4YOU
2009-04-28 16:38 . 2009-04-28 16:37 -------- d-----w- c:\program files\Common Files\AVSMedia
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\All Users.WINDOWS\Application Data\POP3Profiles ----

2009-06-17 14:45 . 2005-11-14 12:58 760 ----a-r- c:\documents and settings\All Users.WINDOWS\Application Data\POP3Profiles\SafeProfile.DAT


((((((((((((((((((((((((((((( SnapShot@2009-06-27_13.32.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-27 13:32 . 2004-08-04 12:00 82944 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-06-27 13:32 . 2004-08-04 12:00 24576 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-06-27 13:32 . 2004-08-04 12:00 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-06-27 13:32 . 2004-08-04 12:00 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-06-27 13:32 . 2004-08-04 12:00 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-06-27 13:32 . 2004-08-04 12:00 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-06-27 13:32 . 2004-08-04 12:00 24576 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-06-27 13:32 . 2004-08-04 12:00 29056 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-06-27 13:32 . 2004-08-04 12:00 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2009-06-27 13:32 . 2004-08-04 12:00 111104 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-06-27 13:32 . 2004-08-04 12:00 502272 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-06-27 13:32 . 2004-08-04 12:00 656384 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-06-27 13:32 . 2004-08-04 12:00 577024 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-06-27 13:32 . 2004-08-04 12:00 295424 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-06-27 13:32 . 2004-08-04 12:00 359040 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-06-27 13:32 . 2004-08-04 12:00 108032 c:\windows\system32\dllcache\cache\services.exe
+ 2009-06-27 13:32 . 2004-08-04 12:00 182912 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-06-27 13:32 . 2004-08-04 12:00 983552 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-06-27 13:32 . 2004-08-04 12:00 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-06-27 13:32 . 2004-08-04 12:00 167936 c:\windows\system32\dllcache\cache\appmgmts.dll
+ 2009-06-27 13:32 . 2004-08-04 12:00 1580544 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-06-27 13:32 . 2004-08-04 12:00 2180992 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-06-27 13:32 . 2004-08-04 12:00 2056832 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-06-27 13:32 . 2004-08-04 12:00 1032192 c:\windows\system32\dllcache\cache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-07 3885408]
"Uniblue SpyEraser"="c:\program files\Uniblue\SpyEraser\SpyEraser.exe" [2008-04-02 1424648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"ACU"="c:\program files\WLAN\ACU.exe" [2006-01-06 303104]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 45056]
"w3dr.exe"="d:\program files\Warcraft III\w3dr.exe" [2008-08-03 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Bitmeter2.lnk - c:\program files\Codebox\BitMeter\BitMeter2.exe [2006-2-11 1359872]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

.
Contents of the 'Scheduled Tasks' folder

2009-06-26 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2006-10-05 14:09]

2009-01-15 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2009-01-15 17:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.freeze.com/?AcquisitionID=2b836f71-4788-40d5-b670-88b46f6ab1d1&s=&ipc=
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\docume~1\Jasko\APPLIC~1\Mozilla\Firefox\Profiles\2y28v3nh.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-06-27 17:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(672)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2008-)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ZoneLabs\vsmon.exe
c:\windows\system32\acs.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Completion time: 2009-06-27 17:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-27 15:53
ComboFix2.txt 2009-06-27 14:44
ComboFix3.txt 2009-06-27 13:33

Pre-Run: 16,091,602,944 bytes free
Post-Run: 16,078,348,288 bytes free

211

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Ima li sad nekih problema?

offline
  • Pridružio: 13 Maj 2007
  • Poruke: 163
  • Gde živiš: Gracanica

za sad nema.Hvala =)

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Uradi jos ovo:

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

combofix /u

Primeti da postoji razmak između "ComboFix" i "/u".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.

Ko je trenutno na forumu
 

Ukupno su 1301 korisnika na forumu :: 41 registrovanih, 6 sakrivenih i 1254 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Areal84, babaroga, bladesu, Brana01, cenejac111, cikadeda, CikaKURE, Dimitrije Paunovic, Dorcolac, DPera, draganl, galijot, GandorCC, Georgius, Hexe, hyla, ikan, kihot, krkalon, Krvava Devetka, kybonacci, Lieutenant, ljuba, markF, mercedesamg, milenko crazy north, Milos ZA, MilosKop, Miroljub1979, Mixelotti, nemkea71, nick79, procesor, robert1979, S-lash, sasa87, Smd, vathra, zlaya011, 79693