Dosadni Win32/Rootkit.Agent.ODG trojan

Dosadni Win32/Rootkit.Agent.ODG trojan

offline
  • Pridružio: 03 Jun 2009
  • Poruke: 1

Napisano: 03 Jun 2009 12:32

Imam problem sa ovom napasti. Usla u operating memory i nema nameru da ode. Smile
Skenirano sa Eset SS 4
Hvala unapred.


hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:14, on 3.6.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\xampp\apache\bin\apache.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\xampp\filezillaftp\filezillaserver.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\tccargo\tccargo.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\xampp\apache\bin\apache.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ivan Dulic\Desktop\New Folder\TR3.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [TRUCK & CARGO Online] c:\tccargo\tccargo.exe --autostart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\xampp\filezillaftp\filezillaserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: ?????? Google Update (gupdate1c9dd26a6c3f288-) (gupdate1c9dd26a6c3f288-) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 6785 bytes

Dopuna: 03 Jun 2009 13:16

Izgleda je resen problem. Pokrenuo sam Combofix i on je pobrisao neke sumnjive fajlove. Simptomi su posle toga nestali.
U svakom slucaju, evo loga combofixa:

ComboFix 09-06-01.03 - Ivan Dulic 03.06.2009 13:03.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1633 [GMT 2:00]
Running from: c:\documents and settings\Ivan Dulic\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\kungsftltxjbqp.sys
c:\windows\system32\kungsfewpkhanb.dat
c:\windows\system32\kungsfgvkduiqx.dll
c:\windows\system32\kungsfrbaivllu.dll
c:\windows\system32\kungsfwruwxwnp.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_kungsfhtkkylkf


((((((((((((((((((((((((( Files Created from 2009-05-03 to 2009-06-03 )))))))))))))))))))))))))))))))
.

2009-06-02 07:15 . 2009-06-02 07:15 -------- d-----w- C:\TCCARGO
2009-06-01 12:18 . 2009-06-01 12:18 -------- d-sh--w- c:\documents and settings\Ivan Dulic\IECompatCache
2009-06-01 09:53 . 2009-06-01 09:53 -------- d-sh--w- c:\documents and settings\Ivan Dulic\PrivacIE
2009-06-01 09:52 . 2009-06-01 09:52 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-01 09:52 . 2009-06-01 09:52 -------- d-sh--w- c:\documents and settings\Ivan Dulic\IETldCache
2009-06-01 09:49 . 2009-06-01 09:49 -------- d-----w- c:\windows\ie8updates
2009-06-01 09:49 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-01 09:49 . 2009-06-01 09:49 -------- dc-h--w- c:\windows\ie8
2009-06-01 09:47 . 2009-06-01 09:47 -------- d-----w- c:\program files\MSXML 4.0
2009-06-01 09:36 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-06-01 09:33 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-06-01 09:33 . 2008-09-04 17:15 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-06-01 09:33 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-06-01 09:33 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-06-01 08:40 . 2009-06-01 08:40 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-06-01 08:40 . 2009-06-01 08:40 362240 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-06-01 08:40 . 2008-11-12 14:44 27904 ----a-w- c:\windows\system32\uxtuneup.dll
2009-06-01 08:40 . 2009-06-01 08:40 -------- d-----w- c:\documents and settings\Ivan Dulic\Application Data\TuneUp Software
2009-06-01 08:40 . 2009-06-01 08:40 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-06-01 08:40 . 2009-06-01 08:40 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-06-01 08:39 . 2009-06-01 08:39 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-06-01 08:32 . 2009-06-01 08:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-05-31 11:01 . 2009-05-31 11:46 188416 ----a-w- c:\windows\system32\inst_n82.exe
2009-05-31 10:11 . 2009-05-31 10:44 -------- d-----w- c:\program files\Digital Photo Recovery
2009-05-31 10:08 . 2009-05-31 10:08 7168 ----a-w- c:\documents and settings\Ivan Dulic\Application Data\Thinstall\Easy Photo Recovery 2.5\40000093400002i\PhotoRec.exe
2009-05-31 10:08 . 2009-05-31 10:46 -------- d-----w- c:\documents and settings\Ivan Dulic\Application Data\Thinstall
2009-05-31 10:08 . 2009-05-31 10:08 7168 ----a-w- c:\documents and settings\Ivan Dulic\Application Data\Thinstall\Easy Photo Recovery 2.5\4000002800002i\UNWISE.EXE
2009-05-27 20:31 . 2009-05-27 20:31 2998 ----a-r- c:\documents and settings\Ivan Dulic\Application Data\Microsoft\Installer\{009AC76E-1A66-4682-82B7-417E77F3C648}\ARPPRODUCTICON.exe
2009-05-27 20:31 . 2009-05-27 20:31 -------- d-----w- c:\program files\Common Files\DigiDesign
2009-05-27 20:31 . 2009-05-27 20:31 -------- d-----w- c:\program files\Toontrack
2009-05-27 20:23 . 2009-05-27 20:23 -------- d-----w- C:\Superior2_PC_201
2009-05-27 19:24 . 2009-05-27 19:24 -------- d-----w- c:\documents and settings\Ivan Dulic\Application Data\Steinberg
2009-05-27 19:21 . 2005-06-04 07:11 85504 ----a-w- c:\windows\system32\encdnet.dll
2009-05-27 19:21 . 2005-06-04 07:09 61952 ----a-w- c:\windows\system32\decdnet.dll
2009-05-27 19:21 . 2005-06-04 07:09 130560 ----a-w- c:\windows\system32\pnc3250.dll
2009-05-27 19:21 . 2005-06-04 07:09 131072 ----a-w- c:\windows\system32\pneng50.dll
2009-05-27 19:21 . 2005-06-04 07:09 352768 ----a-w- c:\windows\system32\pngu3263.dll
2009-05-27 19:21 . 2005-06-04 07:09 81920 ----a-w- c:\windows\system32\ra3214_4.dll
2009-05-27 19:21 . 2005-06-04 07:09 72704 ----a-w- c:\windows\system32\ra3228_8.dll
2009-05-27 19:21 . 2005-06-04 07:09 21504 ----a-w- c:\windows\system32\ra32dnet.dll
2009-05-27 19:21 . 2005-06-04 07:08 87040 ----a-w- c:\windows\system32\ra32sipr.dll
2009-05-27 19:21 . 2005-06-04 07:08 487936 ----a-w- c:\windows\system32\rmbe3260.dll
2009-05-27 19:20 . 2009-05-27 19:21 -------- d-----w- c:\program files\Steinberg
2009-05-27 19:18 . 2005-05-09 18:08 33792 ----a-w- c:\windows\system32\drivers\cledx.sys
2009-05-27 19:18 . 2002-11-25 03:46 16896 ----a-w- c:\windows\system32\drivers\synasUSB.sys
2009-05-27 19:18 . 2002-11-25 06:36 45056 ----a-w- c:\windows\system32\Synsopos.exe
2009-05-27 19:18 . 2009-05-27 19:18 -------- d-----w- c:\program files\Syncrosoft
2009-05-27 19:18 . 2005-10-17 07:35 704512 ----a-w- c:\windows\system32\SYNSOACC.dll
2009-05-27 19:18 . 2004-05-10 13:58 147456 ----a-w- c:\windows\system32\SynsoLChk.dll
2009-05-26 09:18 . 2009-05-26 16:38 -------- d-----w- c:\documents and settings\All Users\Application Data\2DBoy
2009-05-26 07:11 . 2009-05-26 07:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-05-25 10:50 . 2009-05-25 10:50 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-05-25 10:50 . 2009-05-25 10:56 -------- d-----w- c:\documents and settings\Ivan Dulic\Local Settings\Application Data\Google
2009-05-25 10:49 . 2009-05-25 10:50 -------- d-----w- c:\program files\Google
2009-05-25 10:49 . 2009-05-25 10:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-05-25 10:35 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-05-22 09:46 . 2009-05-22 09:46 -------- d-----w- c:\program files\coverXP
2009-05-20 13:34 . 1998-05-11 20:01 12496 ----a-w- c:\windows\system\vbas.dll
2009-05-20 13:34 . 1996-08-24 11:11 398416 ----a-w- c:\windows\system32\Vbrun300.dll
2009-05-20 13:34 . 2009-05-20 13:34 -------- d-----w- c:\program files\aSkola
2009-05-20 13:34 . 2009-05-20 13:34 -------- d-----w- C:\askola
2009-05-20 13:33 . 1999-03-23 07:12 299520 ----a-w- c:\windows\uninst.exe
2009-05-20 13:33 . 2009-05-20 13:33 -------- d-----w- c:\documents and settings\Ivan Dulic\WINDOWS
2009-05-20 10:08 . 2009-05-20 10:08 -------- d-----w- c:\documents and settings\Ivan Dulic\Library
2009-05-20 10:08 . 2009-05-20 10:08 -------- d-----w- c:\documents and settings\Ivan Dulic\Application Data\com.adobe.ExMan
2009-05-20 08:44 . 2009-05-20 08:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Watermark Factory
2009-05-20 08:31 . 2009-05-20 08:32 -------- d-----w- c:\program files\Watermark Factory 2
2009-05-18 09:59 . 2009-05-28 10:54 -------- d-----w- C:\tmp
2009-05-18 09:56 . 2009-05-18 09:57 -------- d-----w- c:\program files\xat.com Image Optimizer
2009-05-18 09:09 . 2009-05-18 09:09 2275712 ----a-w- c:\documents and settings\Ivan Dulic\Application Data\Lunascape\Lunascape5\ApplicationData\Temp\patch.exe
2009-05-13 08:49 . 2008-04-14 03:42 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-05-13 08:45 . 2008-04-14 03:42 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-05-13 08:45 . 2009-05-13 08:45 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-13 08:43 . 2009-05-13 08:50 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-05-13 08:43 . 2009-05-13 08:43 -------- d-----w- c:\windows\system32\LogFiles
2009-05-11 21:13 . 2009-05-24 14:55 -------- d-----w- c:\program files\Pawn 2
2009-05-10 21:14 . 2009-05-10 21:14 -------- d-----w- c:\program files\Hasbro
2009-05-09 22:47 . 2009-06-01 08:53 -------- d-----w- c:\documents and settings\Ivan Dulic\Tracing
2009-05-09 22:46 . 2009-05-09 22:46 -------- d-----w- c:\program files\Microsoft
2009-05-09 22:46 . 2009-05-09 22:46 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-09 22:45 . 2009-05-09 22:46 -------- d-----w- c:\program files\Windows Live
2009-05-09 22:42 . 2009-05-09 22:42 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-08 09:01 . 2001-08-17 11:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2009-05-08 09:01 . 2001-08-17 11:57 16128 ----a-w- c:\windows\system32\drivers\MODEMCSA.sys
2009-05-08 09:01 . 2002-12-04 09:55 635716 ----a-r- c:\windows\system32\drivers\Intels51.sys
2009-05-06 11:05 . 2001-08-17 20:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-05-06 11:05 . 2008-04-14 03:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-05-05 09:14 . 2009-05-05 09:14 -------- d-----w- c:\documents and settings\Ivan Dulic\Application Data\MozillaControl
2009-05-05 09:13 . 2009-05-05 09:13 -------- d-----w- c:\documents and settings\Ivan Dulic\Application Data\Lunascape
2009-05-05 09:11 . 2009-05-05 09:11 -------- d-----w- c:\program files\Lunascape

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-03 09:37 . 2009-04-17 12:59 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-06-02 17:46 . 2009-04-18 10:36 1 ----a-w- c:\documents and settings\Ivan Dulic\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-01 08:34 . 2009-04-29 07:32 -------- d-----w- c:\program files\Common Files\Ahead
2009-06-01 07:10 . 2009-04-19 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-05-31 10:35 . 2009-04-19 20:04 -------- d-----w- c:\documents and settings\Ivan Dulic\Application Data\uTorrent
2009-05-27 20:31 . 2009-05-02 10:14 -------- d-----w- c:\program files\VstPlugins
2009-05-27 19:23 . 2009-04-17 12:32 734288 ----a-w- c:\documents and settings\Ivan Dulic\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-25 10:37 . 2009-04-19 10:38 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-24 14:55 . 2009-04-17 12:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-24 14:42 . 2009-04-17 12:35 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-19 09:30 . 2009-05-19 09:30 1496 ----a-w- c:\windows\Fonts\tbscr___.PFM
2009-05-19 09:29 . 2009-05-19 09:29 1655 ----a-w- c:\windows\Fonts\lr______.PFM
2009-05-19 09:28 . 2009-05-19 09:28 1750 ----a-w- c:\windows\Fonts\dne_____.PFM
2009-05-19 09:27 . 2009-05-19 09:27 682 ----a-w- c:\windows\Fonts\aqua____.PFM
2009-05-19 09:27 . 2009-05-19 09:27 680 ----a-w- c:\windows\Fonts\ariab___.PFM
2009-05-19 09:27 . 2009-05-19 09:27 1031 ----a-w- c:\windows\Fonts\ANATOL__.PFM
2009-05-19 09:27 . 2009-05-19 09:27 703 ----a-w- c:\windows\Fonts\ami_____.PFM
2009-05-19 09:27 . 2009-05-19 09:27 707 ----a-w- c:\windows\Fonts\ambi____.PFM
2009-05-19 09:27 . 2009-05-19 09:27 701 ----a-w- c:\windows\Fonts\amb_____.PFM
2009-05-19 09:27 . 2009-05-19 09:27 696 ----a-w- c:\windows\Fonts\am______.PFM
2009-05-19 09:27 . 2009-05-19 09:27 1952 ----a-w- c:\windows\Fonts\abeli___.PFM
2009-05-19 09:26 . 2009-05-19 09:26 913 ----a-w- c:\windows\Fonts\_psb____.PFM
2009-05-19 09:26 . 2009-05-19 09:26 1603 ----a-w- c:\windows\Fonts\_ei_____.PFM
2009-05-19 09:26 . 2009-05-19 09:26 1560 ----a-w- c:\windows\Fonts\_er_____.PFM
2009-05-19 09:26 . 2009-05-19 09:26 1579 ----a-w- c:\windows\Fonts\_ebi____.PFM
2009-05-19 09:26 . 2009-05-19 09:26 1653 ----a-w- c:\windows\Fonts\_eb_____.PFM
2009-05-04 08:09 . 2009-05-04 08:08 -------- d-----w- c:\program files\FOX Video Converter
2009-05-04 08:00 . 2009-05-04 08:00 -------- d-----w- c:\documents and settings\Ivan Dulic\Application Data\Vso
2009-05-04 08:00 . 2009-05-04 08:00 81920 ----a-w- c:\documents and settings\Ivan Dulic\Application Data\ezpinst.exe
2009-05-04 08:00 . 2009-05-04 08:00 81920 ----a-w- c:\documents and settings\Ivan Dulic\Application Data\ezpinst.exe
2009-05-04 08:00 . 2009-05-04 08:00 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-05-04 08:00 . 2009-05-04 08:00 47360 ----a-w- c:\documents and settings\Ivan Dulic\Application Data\pcouffin.sys
2009-05-04 08:00 . 2009-05-04 08:00 47360 ----a-w- c:\documents and settings\Ivan Dulic\Application Data\pcouffin.sys
2009-05-02 10:17 . 2009-05-02 10:14 -------- d-----w- c:\program files\Image-Line
2009-04-29 10:12 . 2009-04-21 10:31 -------- d-----w- c:\documents and settings\Ivan Dulic\Application Data\Likno
2009-04-29 07:39 . 2009-04-29 07:39 -------- d-----w- c:\documents and settings\Ivan Dulic\Application Data\Ahead
2009-04-29 07:32 . 2009-04-29 07:32 -------- d-----w- c:\program files\Nero
2009-04-28 22:13 . 2009-04-28 22:13 -------- d-----w- c:\program files\Guitar Pro 5
2009-04-24 11:18 . 2009-04-24 11:17 -------- d-----w- c:\program files\SWiSH Max2
2009-04-24 11:17 . 2009-04-24 11:17 -------- d-----w- c:\program files\Common Files\SWiSHzone.com
2009-04-24 11:17 . 2009-04-24 11:17 33207746 ----a-w- c:\windows\system32\xa6934671.exe
2009-04-24 11:17 . 2009-04-24 11:17 33207746 ----a-w- c:\windows\system32\xa6932578.exe
2009-04-23 09:59 . 2009-04-21 10:29 -------- d-----w- c:\program files\AllWebMenus5
2009-04-23 09:59 . 2009-04-21 10:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2009-04-21 09:35 . 2009-04-21 09:35 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI
2009-04-21 09:27 . 2009-04-21 09:20 -------- d-----w- c:\documents and settings\Ivan Dulic\Application Data\DAEMON Tools Lite
2009-04-21 09:26 . 2009-04-21 09:26 -------- d-----w- c:\documents and settings\Ivan Dulic\Application Data\DAEMON Tools Pro
2009-04-21 09:26 . 2009-04-21 09:26 -------- d-----w- c:\documents and settings\Ivan Dulic\Application Data\DAEMON Tools
2009-04-21 09:25 . 2009-04-21 09:25 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-04-21 09:25 . 2009-04-21 09:25 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-04-21 09:20 . 2009-04-21 09:20 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-04-21 08:02 . 2009-04-21 07:59 -------- d-----w- c:\program files\Yahoo!
2009-04-20 14:41 . 2009-04-20 14:42 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-20 14:41 . 2009-04-18 10:35 -------- d-----w- c:\program files\Java
2009-04-20 14:41 . 2009-04-20 14:41 152576 ----a-w- c:\documents and settings\Ivan Dulic\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-20 09:26 . 2009-04-20 09:26 -------- d-----w- c:\program files\7-Zip
2009-04-19 21:38 . 2009-04-19 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\GRETECH
2009-04-19 21:38 . 2009-04-19 21:38 -------- d-----w- c:\documents and settings\Ivan Dulic\Application Data\GRETECH
2009-04-19 20:04 . 2009-04-19 20:04 -------- d-----w- c:\program files\uTorrent
2009-04-19 18:38 . 2009-04-19 18:38 -------- d-----w- c:\program files\Bonjour
2009-04-19 18:34 . 2009-04-19 18:34 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-04-19 12:50 . 2009-04-19 12:50 -------- d-----w- c:\documents and settings\Ivan Dulic\Application Data\Media Player Classic
2009-04-19 12:49 . 2009-04-19 12:49 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-04-19 12:48 . 2009-04-19 12:48 -------- d-----w- c:\program files\GRETECH
2009-04-19 10:38 . 2009-04-19 10:38 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-04-19 10:34 . 2009-04-19 10:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-04-19 10:28 . 2009-04-19 10:28 -------- d-----w- c:\program files\NOS
2009-04-18 10:36 . 2009-04-18 10:36 -------- d-----w- c:\documents and settings\Ivan Dulic\Application Data\OpenOffice.org
2009-04-18 10:35 . 2009-04-18 10:35 -------- d-----w- c:\program files\JRE
2009-04-18 10:35 . 2009-04-18 10:35 -------- d-----w- c:\program files\OpenOffice.org 3
2009-04-18 10:35 . 2009-04-18 10:35 -------- d-----w- c:\program files\Common Files\Java
2009-04-17 14:37 . 2009-04-17 14:35 -------- d-----w- c:\documents and settings\Ivan Dulic\Application Data\Winamp
2009-04-17 14:36 . 2009-04-17 14:35 -------- d-----w- c:\program files\Winamp
2009-04-17 13:33 . 2009-04-17 13:33 -------- d-----w- c:\documents and settings\Ivan Dulic\Application Data\ACD Systems
2009-04-17 13:12 . 2009-04-17 13:02 144585 ----a-w- c:\windows\hpwins16.dat
2009-04-17 13:11 . 2009-04-17 13:11 -------- d-----w- c:\documents and settings\Ivan Dulic\Application Data\HP
2009-04-17 13:10 . 2009-04-17 13:10 -------- d-----w- c:\documents and settings\Ivan Dulic\Application Data\HPAppData
2009-04-17 13:10 . 2009-04-17 13:07 -------- d-----w- c:\program files\HP
2009-04-17 13:10 . 2009-04-17 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-04-17 13:10 . 2009-04-17 13:10 -------- d-----w- c:\program files\Common Files\HP
2009-04-17 13:10 . 2009-04-17 13:10 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-04-17 13:10 . 2009-04-17 13:10 -------- d-----w- c:\program files\Hewlett-Packard
2009-04-17 13:09 . 2009-04-17 13:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-04-17 13:05 . 2009-04-17 13:05 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-04-17 13:05 . 2009-04-17 13:05 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems
2009-04-17 13:05 . 2009-04-17 13:05 -------- d-----w- c:\program files\ACD Systems
2009-04-17 13:00 . 2009-04-17 13:00 -------- d-----w- c:\documents and settings\Ivan Dulic\Application Data\Thunderbird
2009-04-17 12:58 . 2009-04-17 12:58 0 ----a-w- c:\windows\nsreg.dat
2009-04-17 12:48 . 2009-04-17 12:48 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-04-17 12:48 . 2009-04-17 12:48 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-04-17 12:48 . 2009-04-17 12:48 -------- d-----w- c:\program files\SystemRequirementsLab
2009-04-17 12:47 . 2009-04-17 12:47 1915520 ----a-w- c:\documents and settings\Ivan Dulic\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-04-17 12:45 . 2009-04-17 12:45 -------- d-----w- c:\documents and settings\Ivan Dulic\Application Data\ESET
2009-04-17 12:44 . 2009-04-17 12:44 -------- d-----w- c:\program files\ESET
2009-04-17 12:44 . 2009-04-17 12:44 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-04-17 12:40 . 2009-04-17 12:40 60416 ----a-w- c:\windows\ALCFDRTM.EXE
2009-04-17 12:39 . 2009-04-17 12:38 -------- d-----w- c:\program files\Realtek AC97
2009-04-17 12:30 . 2009-04-17 12:15 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-17 12:15 . 2009-04-17 12:15 -------- d-----w- c:\program files\microsoft frontpage
2009-04-17 12:13 . 2009-04-17 12:13 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"TRUCK & CARGO Online"="c:\tccargo\tccargo.exe" [2009-06-02 1122816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 385024]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-27 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Ivan Dulic\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Documents and Settings\\Ivan Dulic\\Desktop\\pes2009.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [18.1.2008 1:37 24635]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [6.2.2009 14:23 727720]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [1.6.2009 10:40 603904]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [27.5.2009 21:18 33792]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [19.4.2009 12:28 33176]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - gupdate1c9dd26a6c3f288

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-25 10:49]

2009-06-03 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-25 10:50]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Ivan Dulic\Application Data\Mozilla\Firefox\Profiles\5ghoxkyu.default\
FF - plugin: c:\program files\Google\Google Updater\2.4.1591.6512\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-06-03 13:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-06-03 13:08
ComboFix-quarantined-files.txt 2009-06-03 11:08

Pre-Run: 12.462.342.144 bytes free
Post-Run: 12.989.493.248 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

318 --- E O F --- 2009-06-01 09:31

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...


Ovo izgleda ok. Čini se da nema aktivnog malware-a.

Ko je trenutno na forumu
 

Ukupno su 625 korisnika na forumu :: 8 registrovanih, 0 sakrivenih i 617 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: HrcAk47, ivica976, Mixelotti, nikoladim, suton, Toni, vlvl, Vule