Gomila virusa, msile.exe i slicno...

2

Gomila virusa, msile.exe i slicno...

offline
  • Pridružio: 16 Apr 2009
  • Poruke: 7

ComboFix 09-04-27.05 - xxx 28.04.2009 19:50.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.511.69 [GMT 2:00]
Running from: d:\program files\Programi\ComboFix.exe
Command switches used :: d:\program files\Programi\CFScript.txt
AV: Webroot Internet Security Essentials *On-access scanning disabled* (Updated)
FW: Webroot Internet Security Essentials *disabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\xxx\LOCALS~1\Temp\WgaLogon.dll
c:\documents and settings\xxx\Local Settings\temp\WgaLogon.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SETUP_7.0.0.180_30.04.2008_14-26
-------\Service_setup_7.0.0.180_30.04.2008_14-26


((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-28 )))))))))))))))))))))))))))))))
.

2009-04-28 12:32 . 2009-04-28 14:50 -------- d-----w c:\windows\BDOSCAN8
2009-04-22 07:06 . 2009-04-22 07:06 -------- d-----w c:\program files\Common Files\SWF Studio
2009-04-22 06:59 . 2009-04-22 06:59 -------- d-----w c:\program files\The Weather Channel FW
2009-04-22 06:59 . 2009-04-22 06:59 -------- d-----w c:\documents and settings\xxx\Local Settings\Application Data\The Weather Channel
2009-04-21 14:08 . 2009-04-28 17:31 -------- d-----w c:\program files\Windows Media Connect 2
2009-04-21 13:07 . 2009-04-21 13:07 -------- d-----w c:\program files\Java
2009-04-20 16:39 . 2009-04-20 16:39 -------- d-----w c:\documents and settings\xxx\Application Data\Malwarebytes
2009-04-20 16:39 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-20 16:39 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-20 16:39 . 2009-04-20 16:39 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-20 16:39 . 2009-04-20 16:39 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-10 17:06 . 2009-04-10 17:06 -------- d-----w c:\program files\MSSOAP
2009-04-09 09:14 . 2008-04-14 03:42 9728 ------w c:\windows\system32\rwnh.dll
2009-04-09 09:14 . 2008-04-14 03:42 10752 ------w c:\windows\system32\smtpapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-28 17:41 . 2009-03-07 17:55 -------- d-----w c:\program files\Flock
2009-04-28 17:05 . 2006-11-16 16:29 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-21 13:07 . 2008-10-13 18:36 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-20 23:36 . 2006-11-16 17:00 -------- d-----w c:\program files\Winamp
2009-04-11 13:09 . 2009-03-04 19:42 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-09 12:11 . 2007-11-29 19:01 -------- d-----w c:\program files\Windows Vista Icons
2009-03-08 23:04 . 2007-06-20 20:59 -------- d-----w c:\program files\MSN Messenger
2009-03-07 18:45 . 2009-03-07 18:45 -------- d-----w c:\program files\GRETECH
2009-03-05 12:28 . 2009-03-05 12:28 102411 ----a-w c:\windows\system32\msvcrt2.dll
2009-03-04 10:46 . 2009-03-04 10:46 -------- d-----w c:\program files\Common Files\iS3
2009-03-04 09:59 . 2009-03-04 09:59 1152 ----a-w c:\windows\system32\windrv.sys
2009-03-02 18:20 . 2006-11-16 16:24 108744 ----a-w c:\documents and settings\xxx\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-02 18:12 . 2006-11-16 16:17 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-02-08 22:09 . 2009-02-08 22:09 318904 ----a-w c:\program files\wmpfirefoxplugin.exe
2008-06-02 17:22 . 2007-07-24 23:07 654 ----a-w c:\program files\u Torrent.lnk
.

((((((((((((((((((((((((((((( SnapShot_2009-04-28_12.13.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-28 17:53 . 2009-04-28 17:53 16384 c:\windows\Temp\Perflib_Perfdata_55c.dat
+ 2006-10-18 19:47 . 2006-10-18 19:47 38400 c:\windows\system32\wpdshextres.dll
+ 2006-10-18 18:00 . 2006-10-18 18:00 17408 c:\windows\system32\wpdshextautoplay.exe
+ 2006-10-18 19:47 . 2006-10-18 19:47 63488 c:\windows\system32\wpdmtpus.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 35840 c:\windows\system32\wpdconns.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 99840 c:\windows\system32\wmpshell.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 37376 c:\windows\system32\wmdmps.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 33792 c:\windows\system32\wmdmlog.dll
- 2009-04-21 14:09 . 2006-09-25 15:58 14640 c:\windows\system32\spmsg.dll
+ 2009-04-28 17:32 . 2006-09-25 15:58 14640 c:\windows\system32\spmsg.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 27136 c:\windows\system32\mspmsnsv.dll
+ 2006-11-16 16:14 . 2001-08-23 10:00 19429 c:\windows\system32\MsDtc\Trace\msdtcvtr.bat
+ 2009-04-09 12:53 . 2009-04-28 16:51 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2004-08-03 22:56 . 2006-10-18 19:47 11264 c:\windows\system32\LAPRXY.dll
+ 2006-10-18 18:00 . 2006-10-18 18:00 38528 c:\windows\system32\drivers\wpdusb.sys
+ 2004-08-03 22:56 . 2006-10-18 19:47 99840 c:\windows\system32\dllcache\wmpshell.dll
+ 2006-11-16 16:16 . 2006-10-18 19:46 64000 c:\windows\system32\dllcache\wmplayer.exe
+ 2006-11-16 16:16 . 2006-10-18 19:47 96256 c:\windows\system32\dllcache\wmpband.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 37376 c:\windows\system32\dllcache\wmdmps.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 33792 c:\windows\system32\dllcache\wmdmlog.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 27136 c:\windows\system32\dllcache\mspmsnsv.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 11264 c:\windows\system32\dllcache\LAPRXY.dll
+ 2005-03-01 12:08 . 2005-03-01 12:08 53248 c:\windows\Downloaded Program Files\ipsupd.dll
+ 2006-05-24 23:22 . 2006-05-24 23:22 53248 c:\windows\bdoscandel.exe
+ 2009-04-28 12:34 . 2009-04-28 12:34 86016 c:\windows\BDOSCAN8\librtvr.dll
+ 2005-03-01 12:08 . 2005-03-01 12:08 53248 c:\windows\BDOSCAN8\ipsupd.dll
+ 2009-04-28 12:34 . 2009-04-28 12:34 27136 c:\windows\BDOSCAN8\avxt.dll
+ 2009-04-28 12:34 . 2009-04-28 12:34 10240 c:\windows\BDOSCAN8\avxs.dll
+ 2009-04-28 12:34 . 2009-04-28 12:34 45056 c:\windows\BDOSCAN8\avxdisk.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 4096 c:\windows\system32\wmvdmoe2.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 4096 c:\windows\system32\wmvdmod.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 4096 c:\windows\system32\WMVADVE.DLL
+ 2006-10-18 19:47 . 2006-10-18 19:47 4096 c:\windows\system32\WMVADVD.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 4096 c:\windows\system32\wmsdmoe2.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 4096 c:\windows\system32\wmsdmod.dll
+ 2006-10-18 19:58 . 2006-10-18 19:58 8704 c:\windows\system32\wdfmgr.exe
+ 2006-10-18 19:47 . 2006-10-18 19:47 4096 c:\windows\system32\wdfapi.dll
+ 2006-10-18 19:58 . 2006-10-18 19:58 8704 c:\windows\system32\uwdf.exe
+ 2004-08-03 22:56 . 2006-10-18 19:47 4096 c:\windows\system32\MPG4DMOD.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 4096 c:\windows\system32\MP4SDMOD.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 4096 c:\windows\system32\MP43DMOD.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 4096 c:\windows\system32\dllcache\wmvdmoe2.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 4096 c:\windows\system32\dllcache\wmvdmod.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 4096 c:\windows\system32\dllcache\wmsdmoe2.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 4096 c:\windows\system32\dllcache\wmsdmod.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 4096 c:\windows\system32\dllcache\MPG4DMOD.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 4096 c:\windows\system32\dllcache\MP4SDMOD.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 4096 c:\windows\system32\dllcache\MP43DMOD.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 7168 c:\windows\system32\dllcache\asferror.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 7168 c:\windows\system32\asferror.dll
+ 2009-03-02 18:07 . 2008-01-18 19:43 2247 c:\windows\ServicePackFiles\i386\tscdsbl.bat
+ 2009-03-02 18:09 . 2008-01-18 19:43 2247 c:\windows\Installer\tsclientmsitrans\tscdsbl.bat
+ 2006-10-18 19:47 . 2006-10-18 19:47 356352 c:\windows\system32\wpdsp.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 133632 c:\windows\system32\WPDShServiceObj.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 154624 c:\windows\system32\wpdmtp.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 629760 c:\windows\system32\wpd_ci.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 656896 c:\windows\system32\WMVXENCD.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 767488 c:\windows\system32\WMVSENCD.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 603648 c:\windows\system32\WMSPDMOD.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 204288 c:\windows\system32\wmpsrcwp.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 130048 c:\windows\system32\wmpps.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 613376 c:\windows\system32\wmpmde.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 295936 c:\windows\system32\wmpeffects.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 314880 c:\windows\system32\wmpdxm.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 242688 c:\windows\system32\wmpasf.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 937984 c:\windows\system32\WMNetMgr.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 157184 c:\windows\system32\wmidx.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 227328 c:\windows\system32\wmerror.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 535040 c:\windows\system32\wmdrmsdk.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 348672 c:\windows\system32\wmdrmnet.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 429056 c:\windows\system32\wmdrmdev.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 222208 c:\windows\system32\wmasf.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 757248 c:\windows\system32\wmadmod.dll
+ 2009-04-28 17:21 . 2009-03-10 20:18 323072 c:\windows\system32\WgaTray.exe
+ 2009-04-28 17:21 . 2009-03-10 20:18 190464 c:\windows\system32\WgaLogon.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 211456 c:\windows\system32\qasf.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 199168 c:\windows\system32\PortableDeviceWMDRM.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 132096 c:\windows\system32\PortableDeviceWiaCompat.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 166912 c:\windows\system32\PortableDeviceTypes.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 101888 c:\windows\system32\PortableDeviceClassExtension.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 284160 c:\windows\system32\PortableDeviceApi.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 321536 c:\windows\system32\mswmdm.dll
+ 2004-08-03 22:57 . 2006-10-18 20:47 414208 c:\windows\system32\msscp.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 175616 c:\windows\system32\mspmsp.dll
+ 2004-08-03 22:57 . 2006-10-18 19:47 179712 c:\windows\system32\msnetobj.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 259072 c:\windows\system32\MPG4DECD.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 317440 c:\windows\system32\MP4SDECD.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 259072 c:\windows\system32\MP43DECD.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 212992 c:\windows\system32\MFPLAT.dll
+ 2009-02-03 02:15 . 2009-02-03 02:15 240544 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2004-08-03 22:56 . 2006-10-18 18:03 100864 c:\windows\system32\logagent.exe
+ 2004-08-03 22:57 . 2006-10-18 19:47 991744 c:\windows\system32\drmv2clt.dll
+ 2006-10-18 18:00 . 2006-10-18 18:00 249856 c:\windows\system32\drmupgds.exe
+ 2006-10-18 19:47 . 2006-10-18 19:47 671232 c:\windows\system32\drivers\UMDF\wpdmtpdr.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 603648 c:\windows\system32\dllcache\WMSPDMOD.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 314880 c:\windows\system32\dllcache\wmpdxm.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 242688 c:\windows\system32\dllcache\wmpasf.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 937984 c:\windows\system32\dllcache\WMNetMgr.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 157184 c:\windows\system32\dllcache\wmidx.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 227328 c:\windows\system32\dllcache\wmerror.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 222208 c:\windows\system32\dllcache\WMASF.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 757248 c:\windows\system32\dllcache\WMADMOD.dll
+ 2004-08-03 22:56 . 2006-11-01 16:31 315904 c:\windows\system32\dllcache\unregmp2.exe
+ 2004-08-03 22:56 . 2006-10-18 19:47 211456 c:\windows\system32\dllcache\qasf.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 321536 c:\windows\system32\dllcache\mswmdm.dll
+ 2004-08-03 22:57 . 2006-10-18 20:47 414208 c:\windows\system32\dllcache\msscp.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 175616 c:\windows\system32\dllcache\mspmsp.dll
+ 2004-08-03 22:57 . 2006-10-18 19:47 179712 c:\windows\system32\dllcache\msnetobj.dll
+ 2006-11-16 16:16 . 2006-10-18 19:47 243712 c:\windows\system32\dllcache\mpvis.dll
+ 2004-08-03 22:56 . 2006-10-18 18:03 100864 c:\windows\system32\dllcache\logagent.exe
+ 2004-08-03 22:57 . 2006-10-18 19:47 991744 c:\windows\system32\dllcache\drmv2clt.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 229376 c:\windows\system32\dllcache\cewmdm.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 542720 c:\windows\system32\dllcache\blackbox.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 229376 c:\windows\system32\cewmdm.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 542720 c:\windows\system32\blackbox.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 276992 c:\windows\system32\audiodev.dll
+ 2004-08-03 22:56 . 2006-11-01 16:31 315904 c:\windows\inf\unregmp2.exe
+ 2005-03-01 12:08 . 2005-03-01 12:08 118784 c:\windows\Downloaded Program Files\bdupd.dll
+ 2004-12-07 14:07 . 2009-04-28 12:35 142848 c:\windows\BDOSCAN8\libfn.dll
+ 2005-03-01 12:08 . 2005-03-01 12:08 118784 c:\windows\BDOSCAN8\bdupd.dll
+ 2004-12-07 14:07 . 2009-04-28 12:34 102400 c:\windows\BDOSCAN8\bdcore.dll
+ 2007-04-13 00:29 . 2005-06-28 08:23 371424 c:\windows\$NtUninstallKB929399$\spuninst\_000003_.tmp.dll
+ 2007-04-13 00:29 . 2005-06-28 08:23 213216 c:\windows\$NtUninstallKB929399$\spuninst\_000000_.tmp.dll
+ 2006-12-06 11:00 . 2005-06-28 09:23 371424 c:\windows\$NtUninstallKB917734_WMP9$\spuninst\_000003_.tmp.dll
+ 2006-12-06 11:00 . 2005-06-28 09:23 213216 c:\windows\$NtUninstallKB917734_WMP9$\spuninst\_000000_.tmp.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 2603008 c:\windows\system32\WpdShext.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 1382912 c:\windows\system32\WMVSDECD.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 1574912 c:\windows\system32\WMVENCOD.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 1543680 c:\windows\system32\WMVDECOD.dll
+ 2004-08-03 22:57 . 2006-10-18 19:47 2450944 c:\windows\system32\wmvcore.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 1329152 c:\windows\system32\WMSPDMOE.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 8231936 c:\windows\system32\wmploc.dll
+ 2006-10-18 19:47 . 2006-10-18 19:47 1661440 c:\windows\system32\wmpencen.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 1117696 c:\windows\system32\WMADMOE.dll
+ 2009-04-28 17:21 . 2009-03-10 20:18 1481728 c:\windows\system32\LegitCheckControl.dll
+ 2004-08-03 22:57 . 2006-10-18 19:47 2450944 c:\windows\system32\dllcache\wmvcore.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 1329152 c:\windows\system32\dllcache\WMSPDMOE.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 8231936 c:\windows\system32\dllcache\wmploc.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 1117696 c:\windows\system32\dllcache\WMADMOE.dll
+ 2006-11-16 16:16 . 2006-11-01 16:31 1669120 c:\windows\system32\dllcache\setup_wm.exe
+ 2004-08-03 22:56 . 2006-10-18 19:47 10834432 c:\windows\system32\wmp.dll
+ 2004-08-03 22:56 . 2006-10-18 19:47 10834432 c:\windows\system32\dllcache\wmp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-03-19 801904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-09 7311360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-09 86016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-19 185896]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-04-06 401040]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-21 148888]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-01-11 577536]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-12-09 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\xxx\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
GN-WP01GS Utility.lnk - c:\program files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe [2007-6-1 720896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroCheck"=c:\windows\system32\NeroCheck.exe
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"WinampAgent"=c:\program files\Winamp\winampa.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_09\bin\jusched.exe"
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"TWCU"="c:\program files\TP-LINK\TWCU\TWCU.exe" -nogui
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\Program Files\\Programi\\uTorrent.exe"=
"c:\\Documents and Settings\\xxx\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Flock\\flock.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R2 WRConsumerService;Webroot Client Service; [x]
R3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-04-06 179856]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-04-06 15504]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-04-24 c:\windows\Tasks\Malwarebytes' Scheduled Scan for xxx.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-04-20 13:32]

2009-04-24 c:\windows\Tasks\Malwarebytes' Scheduled Update for xxx.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-04-20 13:32]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
IE: {{ECC5777A-6E88-BFCE-13CE-81F134789E7B} - c:\program files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe
TCP: {332F18D5-1A81-48F3-9570-CBCEC72E7980} = 195.252.122.154
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-04-28 19:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-117609710-562591055-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:01,d7,9d,16,d1,ed,9d,a9,ab,00,d0,51,f7,2a,44,df,fb,39,a5,ee,29,
cd,49,15,d5,8d,0b,c6,d8,08,f7,a6,5b,a3,56,7e,9a,52,54,19,dc,28,ee,e3,81,91,\
"rkeysecu"=hex:87,dd,bc,25,c7,7c,00,40,07,4a,2b,38,f2,54,ed,91

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):ff,b7,d0,40,c1,3c,33,74,7d,79,2d,9e,74,cb,41,d6,70,fe,75,10,e4,
46,c9,8e,5f,64,74,99,b6,75,e8,e5,29,b2,4d,cc,1d,8a,33,f3,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):9f,e5,68,a8,99,c4,fc,97,2b,b5,31,c6,59,f4,42,0c,ff,62,6f,cb,a2,
29,f7,dd,8d,66,42,77,21,53,8e,77,4e,23,5c,8c,b2,72,5e,28,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{89d8de28-60b7-4d33-9965-269e32426821}]
@Denied: (Full) (Everyone)
"Model"=dword:000000b1
"Therad"=dword:00000020
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,30,e2,5c,65,1b,80,a4,1f,d1,e5,bd,4d,4b,50,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{eed6e8dd-528e-4142-9f0d-b7f2d6e075fc}]
@Denied: (Full) (Everyone)
"Model"=dword:00000127
"Therad"=dword:00000015
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3480)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\ATKKBService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-28 19:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-28 17:58
ComboFix2.txt 2009-04-28 12:16
ComboFix3.txt 2009-04-21 09:38
ComboFix4.txt 2009-04-16 21:19

Pre-Run: 4.027.736.064 bytes free
Post-Run: 4.026.007.552 bytes free

342 --- E O F --- 2007-08-11 01:12

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ovo bi sada trebalo biti čisto.


Deinstalacija ComboFix-a:
Klikni START a zatim RUN.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

Combofix /u



a zatim klikni OK.

Sačekaj da se proces deinstalacije završi.



To je sve.

offline
  • Pridružio: 16 Apr 2009
  • Poruke: 7

OK, uradicu i to, nadam se da ce biti sve u redu! Hvala ti puno Wink

Ko je trenutno na forumu
 

Ukupno su 822 korisnika na forumu :: 40 registrovanih, 5 sakrivenih i 777 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 8u47, A.R.Chafee.Jr., Andrija357, Apok, babaroga, Bane san, Bobrock1, Dannyboy, Denaya, FileFinder, FOX, Georgius, hologram, ILGromovnik, Karla, Kubovac, kybonacci, Leonov, ljubacv, Lošmi, M1los, maiden6657, Mihajlo, Milometer, Mlav, mocnijogurt, Mravce, nemkea71, nick79, pein, rodoljub, sap, Sirius, slonic_tonic, Steeeefan, theNedjeljko, Trpe Grozni, VJ, VP6919, zillbg