Poslao: 09 Mar 2009 21:01
|
offline
- gorance
- Građanin
- Pridružio: 10 Maj 2005
- Poruke: 273
- Gde živiš: Beograd
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:47:00, on 3/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\GORANCE\Desktop\guty\tr3.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mozzart.rs/index.jsp
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL (file missing)
O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL (file missing)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [IE Privacy Keeper] "C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" -startup
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{05090535-139C-492D-8339-C438BE9B03A5}: NameServer = 212.124.160.1,82.117.194.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C324343-A816-476C-ADED-701895CD52AA}: NameServer = 212.124.160.1,212.124.160.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{05090535-139C-492D-8339-C438BE9B03A5}: NameServer = 212.124.160.1,82.117.194.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{05090535-139C-492D-8339-C438BE9B03A5}: NameServer = 212.124.160.1,82.117.194.2
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 4848 bytes
u fajlu C:\WINDOWS\system32\csrcs.exe kaze da ima
win32/Packed.Autoin.Gen aplication
i jos jedan
C:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsg.vmx
win32/Conficker.AL.worm
NOD ga vidi ali kad ga obrisem pokaze mi na ekranu da windowsu hvali csrcs.exe
Hvala unapred
|
|
|
|
|
Poslao: 09 Mar 2009 21:56
|
offline
- gorance
- Građanin
- Pridružio: 10 Maj 2005
- Poruke: 273
- Gde živiš: Beograd
|
ComboFix 09-03-06.02 - GORANCE 2009-03-09 21:43:09.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.587 [GMT 1:00]
Running from: c:\documents and settings\GORANCE\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\IE4 Error Log.txt
c:\windows\system32\azip32.dll
.
((((((((((((((((((((((((( Files Created from 2009-02-09 to 2009-03-09 )))))))))))))))))))))))))))))))
.
2009-03-08 20:00 . 2009-03-08 20:00 0 -rahs---- C:\kht
2009-03-08 19:58 . 2009-03-08 19:58 1,191 -rahs---- c:\windows\system32\autorun.in
2009-03-08 19:58 . 2009-03-08 19:58 1,178 -rahs---- c:\windows\system32\autorun.i
2009-03-07 00:00 . 2009-03-07 00:00 <DIR> d-------- C:\Programas
2009-03-06 23:59 . 2009-03-06 23:59 <DIR> d-------- c:\documents and settings\GORANCE\Application Data\ESET
2009-03-06 23:58 . 2009-03-07 00:28 <DIR> d-------- c:\program files\ESET
2009-03-06 21:58 . 2009-03-06 23:39 <DIR> d-------- c:\program files\COMODO
2009-03-06 21:58 . 2009-03-06 23:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Comodo
2009-03-06 21:42 . 2009-03-06 21:43 <DIR> d-------- c:\windows\Internet Logs
2009-03-06 20:56 . 2003-03-18 21:20 1,060,864 --a------ c:\windows\system32\MFC71.dll
2009-02-28 01:00 . 2009-03-05 19:55 <DIR> d-------- c:\program files\Winamp
2009-02-20 03:24 . 2009-02-20 03:24 <DIR> d-------- c:\program files\Readon Technology
2009-02-14 00:04 . 2009-02-14 00:04 <DIR> d-------- c:\documents and settings\GORANCE\Application Data\Participatory Culture Foundation
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-09 01:24 --------- d-----w c:\documents and settings\GORANCE\Application Data\AIMP
2009-03-06 22:58 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-03-06 19:46 --------- d-----w c:\documents and settings\GORANCE\Application Data\Lavasoft
2009-02-10 18:48 --------- d-----w c:\program files\AIMP2
2009-02-02 22:06 --------- d-----w c:\documents and settings\GORANCE\Application Data\Free Download Manager
2009-02-02 20:32 --------- d-----w c:\program files\Ahead
2009-02-02 20:31 --------- d-----w c:\program files\Common Files\Ahead
2009-01-30 01:18 737,280 ----a-w c:\windows\iun6002.exe
2009-01-23 19:23 --------- d-----w c:\program files\GonVisor
2002-12-31 12:00 167,403 --sha-r c:\windows\system32\xxykeecp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]
"Free Uploader Oe Integration"="c:\program files\Free Download Manager\FUM\fumoei.exe" [2007-06-10 40960]
"IE Privacy Keeper"="c:\program files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" [2005-04-30 962560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-06-06 657168]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2003-05-29 10:00 8704 c:\windows\system32\PCANotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.GEOX"= GeoCodec.dll
"msacm.l3fhg"= mp3fhg.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4612:TCP"= 4612:TCP:WWW
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
R3 netModUSBService;Service for netMod USB CAPI Driver;c:\windows\system32\drivers\nMUSB.sys [2008-12-28 62824]
S2 dzgprm;dzgprm;c:\windows\system32\svchost.exe -k netsvcs [2002-12-31 14336]
S2 enxdt;Helper Boot;c:\windows\system32\svchost.exe -k netsvcs [2002-12-31 14336]
S2 trezifvna;Support Monitor;c:\windows\system32\svchost.exe -k netsvcs [2002-12-31 14336]
S3 acfva;acfva;c:\windows\system32\drivers\acfva.sys [2007-05-30 86144]
S3 hewtr;hewtr;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-12-05 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-12-05 8320]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
dzgprm
trezifvna
enxdt
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{259a9265-c7b6-11dc-9a98-0011679a5baa}]
\Shell\AutoRun\command - F:\yew.bat
\Shell\explore\Command - F:\yew.bat
\Shell\open\Command - F:\yew.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f140e04-bf2b-11dc-9a92-0011679a5baa}]
\Shell\AutoRun\command - F:\krg62.cmd
\Shell\explore\Command - F:\krg62.cmd
\Shell\open\Command - F:\krg62.cmd
.
- - - - ORPHANS REMOVED - - - -
BHO-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - c:\progra~1\MEGAUP~2\MEGAUP~1.DLL
Toolbar-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - c:\progra~1\MEGAUP~2\MEGAUP~1.DLL
WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - c:\progra~1\MEGAUP~2\MEGAUP~1.DLL
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-BSplayer_WhenUSave_Installer - c:\program files\BSplayer_WhenUSave_Installer\BSplayer_WhenUSave_Installer.exe
MSConfigStartUp-slide - c:\program files\Slide\Slide.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mozzart.rs/index.jsp
uInternet Settings,ProxyOverride = <local>
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - c:\program files\Free Download Manager\FUM\fumiebtn.dll
TCP: {05090535-139C-492D-8339-C438BE9B03A5} = 212.124.160.1,82.117.194.2
TCP: {1C324343-A816-476C-ADED-701895CD52AA} = 212.124.160.1,212.124.160.2
FF - ProfilePath - c:\documents and settings\GORANCE\Application Data\Mozilla\Firefox\Profiles\dxwpyqaj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.xscores.com/
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-09 21:44:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hewtr]
"ImagePath"="\??\c:\windows\system32\01.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\enxdt]
"ServiceDll"="c:\windows\system32\xxykeecp.dll"
--
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\trezifvna]
"ServiceDll"="c:\windows\system32\xxykeecp.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-117609710-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
Completion time: 2009-03-09 21:46:09
ComboFix-quarantined-files.txt 2009-03-09 20:45:58
Pre-Run: 31,219,974,144 bytes free
Post-Run: 31,209,508,864 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
159
|
|
|
|
|
Poslao: 09 Mar 2009 22:37
|
offline
- gorance
- Građanin
- Pridružio: 10 Maj 2005
- Poruke: 273
- Gde živiš: Beograd
|
Pa otprilike znam kako ali ne znam sta :-) gledao sam malo po ovoj temi pa zapazio da prvo mora sve ovo.
Nece izbaci ovo
Were you trying run CFScript?
The name,CFScript appears to be incorect spelt
|
|
|
|
Poslao: 09 Mar 2009 22:44
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
Kao što piše: ime nije dobro napisano. File treba da se zove CFScript (ili, ako ti je aktiviran prikaz ekstenzija, CFScript.txt).
Probaj ponovo...
|
|
|
|
Poslao: 09 Mar 2009 22:48
|
offline
- gorance
- Građanin
- Pridružio: 10 Maj 2005
- Poruke: 273
- Gde živiš: Beograd
|
ComboFix 09-03-06.02 - GORANCE 2009-03-09 22:35:38.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.601 [GMT 1:00]
Running from: c:\documents and settings\GORANCE\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\GORANCE\Desktop\CFScript.txt.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Created a new restore point
FILE ::
C:\kht
c:\windows\system32\autorun.i
c:\windows\system32\autorun.in
c:\windows\system32\xxykeecp.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\kht
c:\windows\system32\autorun.i
c:\windows\system32\autorun.in
c:\windows\system32\xxykeecp.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DZGPRM
-------\Legacy_ENXDT
-------\Legacy_HEWTR
-------\Legacy_TREZIFVNA
-------\Service_dzgprm
-------\Service_enxdt
-------\Service_hewtr
-------\Service_trezifvna
((((((((((((((((((((((((( Files Created from 2009-02-09 to 2009-03-09 )))))))))))))))))))))))))))))))
.
2009-03-07 00:00 . 2009-03-07 00:00 <DIR> d-------- C:\Programas
2009-03-06 23:59 . 2009-03-06 23:59 <DIR> d-------- c:\documents and settings\GORANCE\Application Data\ESET
2009-03-06 23:58 . 2009-03-07 00:28 <DIR> d-------- c:\program files\ESET
2009-03-06 21:58 . 2009-03-06 23:39 <DIR> d-------- c:\program files\COMODO
2009-03-06 21:58 . 2009-03-06 23:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Comodo
2009-03-06 21:42 . 2009-03-06 21:43 <DIR> d-------- c:\windows\Internet Logs
2009-03-06 20:56 . 2003-03-18 21:20 1,060,864 --a------ c:\windows\system32\MFC71.dll
2009-02-28 01:00 . 2009-03-05 19:55 <DIR> d-------- c:\program files\Winamp
2009-02-20 03:24 . 2009-02-20 03:24 <DIR> d-------- c:\program files\Readon Technology
2009-02-14 00:04 . 2009-02-14 00:04 <DIR> d-------- c:\documents and settings\GORANCE\Application Data\Participatory Culture Foundation
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-09 01:24 --------- d-----w c:\documents and settings\GORANCE\Application Data\AIMP
2009-03-06 22:58 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2009-03-06 19:46 --------- d-----w c:\documents and settings\GORANCE\Application Data\Lavasoft
2009-02-10 18:48 --------- d-----w c:\program files\AIMP2
2009-02-02 22:06 --------- d-----w c:\documents and settings\GORANCE\Application Data\Free Download Manager
2009-02-02 20:32 --------- d-----w c:\program files\Ahead
2009-02-02 20:31 --------- d-----w c:\program files\Common Files\Ahead
2009-01-30 01:18 737,280 ----a-w c:\windows\iun6002.exe
2009-01-23 19:23 --------- d-----w c:\program files\GonVisor
.
((((((((((((((((((((((((((((( SnapShot@2009-03-09_21.44.37.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]
"Free Uploader Oe Integration"="c:\program files\Free Download Manager\FUM\fumoei.exe" [2007-06-10 40960]
"IE Privacy Keeper"="c:\program files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" [2005-04-30 962560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-06-06 657168]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2003-05-29 10:00 8704 c:\windows\system32\PCANotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.GEOX"= GeoCodec.dll
"msacm.l3fhg"= mp3fhg.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4612:TCP"= 4612:TCP:WWW
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
R3 netModUSBService;Service for netMod USB CAPI Driver;c:\windows\system32\drivers\nMUSB.sys [2008-12-28 62824]
S3 acfva;acfva;c:\windows\system32\drivers\acfva.sys [2007-05-30 86144]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-12-05 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-12-05 8320]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mozzart.rs/index.jsp
uInternet Settings,ProxyOverride = <local>
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - c:\program files\Free Download Manager\FUM\fumiebtn.dll
TCP: {05090535-139C-492D-8339-C438BE9B03A5} = 212.124.160.1,82.117.194.2
TCP: {1C324343-A816-476C-ADED-701895CD52AA} = 212.124.160.1,212.124.160.2
FF - ProfilePath - c:\documents and settings\GORANCE\Application Data\Mozilla\Firefox\Profiles\dxwpyqaj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.xscores.com/
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-09 22:40:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-117609710-1060284298-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-03-09 22:42:38 - machine was rebooted [GORANCE]
ComboFix-quarantined-files.txt 2009-03-09 21:42:34
ComboFix2.txt 2009-03-09 20:46:11
Pre-Run: 31,197,831,168 bytes free
Post-Run: 31,151,435,776 bytes free
149
Video sam ali kasno kad sam se iznervirao sto sam seronja :-)
|
|
|
|
Poslao: 09 Mar 2009 22:56
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
Odradi skeniranje diska antivirusom. Da li sada detektuje nešto što ne može da obriše?
Imaš li neki USB flash drive?
|
|
|
|
|
|