offline
- TheMeet
- Novi MyCity građanin
- Pridružio: 03 Dec 2007
- Poruke: 26
|
ComboFix 07-12-21.4 - dmitko 2007-12-22 2:17:16.1 - NTFSx86
Running from: D:\Documents and Settings\dmitko\My Documents\Programi\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Documents and Settings\dmitko\ravmonlog
D:\WINDOWS\cookies.ini
D:\WINDOWS\system32\9_exception.nls
D:\WINDOWS\system32\awtrqom.dll
D:\WINDOWS\system32\byxyyvt.dll
D:\WINDOWS\system32\cbxwxyx.dll
D:\WINDOWS\system32\drivers\ip6fw.sys
D:\WINDOWS\system32\drivers\Qxe85.sys
D:\WINDOWS\system32\drivers\sfsync02.sys
D:\WINDOWS\system32\fjtncady.exe
D:\WINDOWS\system32\gebabay.dll
D:\WINDOWS\system32\hvdbuhal.dll
D:\WINDOWS\system32\iifdbxw.dll
D:\WINDOWS\system32\intbddun.ini
D:\WINDOWS\system32\jilnn.bak1
D:\WINDOWS\system32\jilnn.bak2
D:\WINDOWS\system32\jilnn.ini
D:\WINDOWS\system32\jilnn.tmp
D:\WINDOWS\system32\lktcftvf.exe
D:\WINDOWS\system32\lmmoq.bak1
D:\WINDOWS\system32\lmmoq.bak2
D:\WINDOWS\system32\lmmoq.ini
D:\WINDOWS\system32\mljgfde.dll
D:\WINDOWS\system32\nnnollj.dll
D:\WINDOWS\system32\nuddbtni.dll
D:\WINDOWS\system32\odkwgrmy.dll
D:\WINDOWS\system32\opnkihe.dll
D:\WINDOWS\system32\pkycukwd.exe
D:\WINDOWS\system32\qomml.dll
D:\WINDOWS\system32\qqtrmrxv.exe
D:\WINDOWS\system32\qymeapii.dll
D:\WINDOWS\system32\rqrrqol.dll
D:\WINDOWS\system32\ssqropn.dll
D:\WINDOWS\system32\ubvkadux.dll
D:\WINDOWS\system32\vturssq.dll
D:\WINDOWS\system32\wvuustr.dll
D:\WINDOWS\system32\xnyonwxd.dllbox
D:\WINDOWS\system32\xudakvbu.ini
D:\WINDOWS\system32\xxyyxyw.dll
D:\WINDOWS\system32\yayxxvu.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_POWERMANAGER
-------\LEGACY_QXE85
-------\LEGACY_RUNTIME
-------\LEGACY_SFSYNC02
-------\DomainService
-------\Qxe85
-------\runtime
-------\sfsync02
((((((((((((((((((((((((( Files Created from 2007-11-22 to 2007-12-22 )))))))))))))))))))))))))))))))
.
2007-12-22 02:04 . 2007-12-22 02:04 7,168 --a------ D:\WINDOWS\system32\windows
2007-12-20 23:18 . 2007-12-20 23:18 165,472 --a------ D:\WINDOWS\system32\xnyonwxd.dll
2007-12-20 23:18 . 2007-12-20 23:18 165,472 --a------ D:\WINDOWS\system32\rjnnwcen.dll
2007-12-20 03:50 . 2007-12-22 02:39 21,760 --a------ D:\WINDOWS\Qxe85.sys
2007-12-19 16:31 . 2007-12-20 23:17 987,881 --ahs---- D:\WINDOWS\system32\jqsiaarq.ini
2007-12-18 22:41 . 2007-12-18 22:41 54,156 --ah----- D:\WINDOWS\QTFont.qfn
2007-12-18 22:41 . 2007-12-18 22:41 1,409 --a------ D:\WINDOWS\QTFont.for
2007-12-18 18:05 . 2007-12-18 18:05 39,936 --a------ D:\WINDOWS\system32\yaywwwv.dll
2007-12-18 00:37 . 1999-11-12 21:49 294,912 --a------ D:\WINDOWS\system32\iviaudio.ax
2007-12-18 00:37 . 2000-05-07 22:08 34,816 --a------ D:\WINDOWS\system32\mpgaudio.ax
2007-12-18 00:37 . 2002-05-21 17:14 4,286 --a------ D:\WINDOWS\system32\divx.ico
2007-12-18 00:33 . 2007-12-18 00:33 <DIR> d-------- D:\Program Files\The Playa
2007-12-18 00:33 . 2007-12-18 00:33 <DIR> d-------- D:\Program Files\DivXCodec
2007-12-18 00:10 . 2007-12-18 00:15 <DIR> d-------- D:\Program Files\ACE Mega CoDecS Pack
2007-12-17 14:37 . 2007-12-17 15:02 <DIR> d-------- D:\VundoFix Backups
2007-12-17 13:46 . 2007-12-17 13:53 89,608 --ahs---- D:\WINDOWS\system32\jilnn.tmp2
2007-12-17 12:09 . 2007-12-17 12:09 <DIR> d-------- D:\Program Files\Trend Micro
2007-12-17 08:28 . 2007-12-17 10:56 970,374 --ahs---- D:\WINDOWS\system32\dlduusrn.ini
2007-12-16 20:08 . 2007-12-17 08:24 970,374 --ahs---- D:\WINDOWS\system32\ymkegvty.ini
2007-12-16 19:48 . 2007-12-18 22:40 <DIR> d-------- D:\Program Files\MicroDVD
2007-12-16 19:47 . 2001-01-24 03:28 412,160 -ra------ D:\WINDOWS\system32\DivXc32.dll
2007-12-16 19:47 . 2000-12-21 15:40 300,544 -ra------ D:\WINDOWS\system32\l3codeca.acm
2007-12-16 19:47 . 2000-12-29 13:58 287,744 -ra------ D:\WINDOWS\system32\DivXa32.acm
2007-12-16 19:47 . 2000-12-21 15:34 239,616 -ra------ D:\WINDOWS\system32\DivX_c32.ax
2007-12-16 19:47 . 2001-01-24 03:05 121,856 -ra------ D:\WINDOWS\system32\Mp3cnfg.cpl
2007-12-16 19:47 . 2001-01-24 03:12 19,456 -ra------ D:\WINDOWS\system32\Mp3cnfg.exe
2007-12-16 19:40 . 2007-12-16 19:57 970,374 --ahs---- D:\WINDOWS\system32\hnrtbtsr.ini
2007-12-16 12:37 . 2007-12-16 15:39 970,494 --ahs---- D:\WINDOWS\system32\inuafavy.ini
2007-12-16 01:31 . 2007-12-16 12:27 354 --ahs---- D:\WINDOWS\system32\wihstsha.ini
2007-12-16 01:10 . 2007-12-16 01:10 970,494 --ahs---- D:\WINDOWS\system32\hcjfuqwn.ini
2007-12-16 00:09 . 2007-12-16 01:11 970,434 --ahs---- D:\WINDOWS\system32\saehnvgj.ini
2007-12-15 21:54 . 2007-12-16 00:00 970,434 --ahs---- D:\WINDOWS\system32\abmorgku.ini
2007-12-15 21:46 . 2007-12-15 21:46 294 --ahs---- D:\WINDOWS\system32\tixvkalc.ini
2007-12-15 20:49 . 2007-12-15 20:49 970,314 --ahs---- D:\WINDOWS\system32\xeymlsou.ini
2007-12-15 18:25 . 2007-12-15 20:38 970,374 --ahs---- D:\WINDOWS\system32\ylwhnivo.ini
2007-12-15 18:16 . 2007-12-15 18:16 294 --ahs---- D:\WINDOWS\system32\csbhbimu.ini
2007-12-15 16:55 . 2007-12-15 18:04 959,812 --ahs---- D:\WINDOWS\system32\cbwnquxx.ini
2007-12-15 02:17 . 2007-12-15 16:42 952,503 --ahs---- D:\WINDOWS\system32\gbrkghjy.ini
2007-12-15 01:56 . 2007-12-15 02:12 952,383 --ahs---- D:\WINDOWS\system32\nuynrsnd.ini
2007-12-15 01:35 . 2007-12-15 01:47 952,263 --ahs---- D:\WINDOWS\system32\vbwbrohq.ini
2007-12-15 01:30 . 2007-12-14 17:12 57,662 --a------ D:\WINDOWS\system32\fx.exe
2007-12-15 01:30 . 2004-03-05 07:01 31,232 --a------ D:\WINDOWS\system32\pv.exe
2007-12-15 01:19 . 2007-12-15 01:19 23,392 --a------ D:\WINDOWS\system32\nscompat.tlb
2007-12-15 01:19 . 2007-12-15 01:19 16,832 --a------ D:\WINDOWS\system32\amcompat.tlb
2007-12-14 02:00 . 2007-12-14 20:24 952,443 --ahs---- D:\WINDOWS\system32\odecsmfb.ini
2007-12-13 21:59 . 2007-12-13 21:59 934,158 --ahs---- D:\WINDOWS\system32\ljwqgubq.ini
2007-12-13 21:43 . 2007-12-13 21:43 934,158 --ahs---- D:\WINDOWS\system32\fkgwiixu.ini
2007-12-13 21:15 . 2007-12-14 20:31 <DIR> d-------- D:\Program Files\eMule
2007-12-13 21:02 . 2007-12-13 21:02 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Avira
2007-12-13 18:25 . 2007-12-18 22:21 <DIR> d-------- D:\Program Files\SuperCleaner
2007-12-13 15:39 . 2007-12-13 15:39 932,547 --ahs---- D:\WINDOWS\system32\nuvbicak.ini
2007-12-13 13:49 . 2007-12-13 15:39 933,602 --ahs---- D:\WINDOWS\system32\jfrscxqi.ini
2007-12-13 00:41 . 2007-03-08 00:51 9,336 --------- D:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-13 00:40 . 2007-03-08 00:51 129,784 --a------ D:\WINDOWS\system32\pxafs.dll
2007-12-13 00:40 . 2007-03-08 00:51 9,464 --------- D:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-12 23:46 . 2007-12-13 13:43 917,073 --ahs---- D:\WINDOWS\system32\eagxbwne.ini
2007-12-12 20:35 . 2007-12-12 23:40 916,953 --ahs---- D:\WINDOWS\system32\ybpktavb.ini
2007-12-12 19:08 . 2007-12-12 19:08 922,721 --ahs---- D:\WINDOWS\system32\eoslriix.ini
2007-12-12 15:45 . 2007-12-12 19:08 917,073 --ahs---- D:\WINDOWS\system32\sakmbjhk.ini
2007-12-12 01:18 . 2007-12-12 01:18 <DIR> d-------- D:\Program Files\Windows Live
2007-12-12 01:18 . 2007-12-12 20:33 <DIR> d-------- D:\Program Files\MessengerDiscovery
2007-12-12 01:18 . 2004-03-09 00:00 212,240 --a------ D:\WINDOWS\system32\richtx32.OCX
2007-12-12 01:18 . 2004-03-09 00:00 124,688 --a------ D:\WINDOWS\system32\MSWINSCK.ocx
2007-12-11 18:06 . 2007-12-12 15:39 913,022 --ahs---- D:\WINDOWS\system32\gbghqqcb.ini
2007-12-11 00:08 . 2007-12-13 18:34 <DIR> d-------- D:\Program Files\Engineering Power Tools - v1.9.6
2007-12-11 00:08 . 1997-01-16 00:00 958,224 --a------ D:\WINDOWS\system32\MSCHART.OCX
2007-12-11 00:08 . 2004-03-09 00:00 609,824 --a------ D:\WINDOWS\system32\COMCTL32.ocx
2007-12-11 00:08 . 1997-01-14 00:00 519,680 --a------ D:\WINDOWS\system32\DBGRID32.OCX
2007-12-11 00:08 . 1998-06-24 00:00 164,144 --a------ D:\WINDOWS\system32\COMCT232.OCX
2007-12-11 00:08 . 1997-01-16 00:00 71,680 --a------ D:\WINDOWS\ST5UNST.EXE
2007-12-11 00:08 . 1997-01-16 00:00 29,696 --a------ D:\WINDOWS\system32\VB5StKit.dll
2007-12-10 12:54 . 2007-12-10 19:46 858,884 --ahs---- D:\WINDOWS\system32\nfenxfdj.ini
2007-12-06 18:39 . 2007-12-21 21:37 <DIR> d-------- D:\Documents and Settings\dmitko\Application Data\U3
2007-12-05 00:08 . 2007-12-04 23:06 46,592 -rahs---- D:\WINDOWS\system32\wnpmcs.exe
2007-12-03 16:19 . 2007-12-14 20:28 <DIR> d-------- D:\Program Files\Windows Media Connect 2
2007-12-03 16:16 . 2007-12-03 16:16 <DIR> d-------- D:\WINDOWS\system32\LogFiles
2007-12-03 16:16 . 2007-12-03 16:18 <DIR> d-------- D:\WINDOWS\system32\drivers\UMDF
2007-12-02 23:42 . 2007-12-07 11:26 <DIR> d-------- D:\Program Files\Macrogaming
2007-12-02 20:36 . 2001-11-30 19:05 131,072 --a------ D:\WINDOWS\system32\dzip32.dll
2007-12-02 20:36 . 2001-11-30 19:05 110,592 --a------ D:\WINDOWS\system32\dunzip32.dll
2007-12-02 20:35 . 2007-12-02 20:36 <DIR> d-------- D:\Program Files\Windows Media Bonus Pack for Windows XP
2007-11-24 20:48 . 2007-12-05 00:16 <DIR> d-------- D:\Program Files\MySpace
2007-11-24 20:48 . 2007-11-24 20:48 <DIR> d-------- D:\Documents and Settings\dmitko\Application Data\MySpace
Dopuna: 22 Dec 2007 2:56
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-17 23:20 98,304 ----a-w D:\WINDOWS\system32\qttask.exe
2007-12-17 23:19 --------- d-----w D:\Program Files\QuickTime
2007-12-17 22:58 --------- d-----w D:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-12-16 18:42 91,136 ----a-w D:\WINDOWS\system32\mp4fil32.dll
2007-12-16 18:42 --------- d-----w D:\Program Files\DivX
2007-12-13 17:34 --------- d-----w D:\Documents and Settings\dmitko\Application Data\Azureus
2007-12-13 16:51 --------- d-----w D:\Program Files\MSN Messenger
2007-12-13 14:47 --------- d-----w D:\Program Files\Windows Live Toolbar
2007-12-13 14:46 --------- d-----w D:\Program Files\Winamp
2007-12-02 22:37 --------- d-----w D:\Program Files\Opera
2007-11-19 13:50 --------- d-----w D:\Program Files\Common Files\Adobe
2007-11-18 19:53 --------- d-----w D:\Documents and Settings\All Users\Application Data\Barbie Fashion Show
2007-11-14 23:28 --------- d-----w D:\Documents and Settings\dmitko\Application Data\Apple Computer
2007-11-14 17:22 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-14 17:21 --------- d-----w D:\Program Files\Apple Software Update
2007-11-14 17:21 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple
2007-11-13 10:25 20,480 ----a-w D:\WINDOWS\system32\drivers\secdrv.sys
2007-11-09 00:37 --------- d-----w D:\Documents and Settings\All Users\Application Data\ESET
2007-11-08 19:57 --------- d-----w D:\Program Files\MT882
2007-11-08 19:51 155,995 ----a-w D:\WINDOWS\java\Packages\KFLNLFDR.ZIP
2007-11-08 19:31 --------- d-----w D:\Program Files\Kaspersky Lab
2007-11-08 18:20 --------- d-----w D:\Program Files\CCleaner
2007-11-05 11:06 30,728 ----a-w D:\WINDOWS\system32\drivers\epfwtdir.sys
2007-11-05 11:04 33,800 ----a-w D:\WINDOWS\system32\drivers\eamon.sys
2007-11-05 11:04 27,656 ----a-w D:\WINDOWS\system32\drivers\easdrv.sys
2007-10-31 18:03 --------- d-----w D:\Program Files\MSXML 4.0
2007-10-31 15:52 45,056 ----a-w D:\WINDOWS\NCUNINST.EXE
2007-10-30 19:36 --------- d-----w D:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-10-30 18:03 --------- d-----w D:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-10-30 15:18 --------- d-----w D:\Documents and Settings\dmitko\Application Data\SumatraPDF
2007-10-29 22:43 1,287,680 ----a-w D:\WINDOWS\system32\quartz.dll
2007-10-27 16:40 222,720 ----a-w D:\WINDOWS\system32\wmasf.dll
2001-11-23 04:08 712,704 ----a-w D:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A68D6C76-7CD8-4D95-97F5-9705223560A2}]
D:\WINDOWS\system32\nnlij.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-12-20 23:18 165472 --a------ D:\WINDOWS\system32\xnyonwxd.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"swg"="D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-04 00:54]
"MsnMsgr"="D:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="D:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"Sony Ericsson PC Suite"="D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"Windows Remote Launcher"="wnpmcs.exe" [2007-12-04 23:06 D:\WINDOWS\system32\wnpmcs.exe]
"egui"="D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-05 12:05]
"QuickTime Task"="D:\WINDOWS\system32\qttask.exe" [2007-12-18 00:20]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xnyonwxd]
xnyonwxd.dll 2007-12-20 23:18 165472 D:\WINDOWS\system32\xnyonwxd.dll
R1 easdrv;easdrv;D:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-11-05 12:04]
R1 epfwtdir;epfwtdir;D:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-11-05 12:06]
R2 eamon;EAMON;D:\WINDOWS\system32\DRIVERS\eamon.sys [2007-11-05 12:04]
R2 ekrn;Eset Service;"D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2007-11-05 12:05]
R3 iadusb;MT882;D:\WINDOWS\system32\DRIVERS\glauiad.sys [2006-03-20 08:32]
S3 EhttpSrv;Eset HTTP Server;"D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe" [2007-11-05 12:07]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);D:\WINDOWS\system32\DRIVERS\k510bus.sys [2006-02-17 20:34]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;D:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2006-11-25 12:29]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;D:\WINDOWS\system32\DRIVERS\k510mdm.sys [2006-11-25 12:29]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);D:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2006-11-25 12:29]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;D:\WINDOWS\system32\DRIVERS\k510obex.sys [2006-11-25 12:29]
S3 NtApm;NT Apm/Legacy Interface Driver;D:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-08-17 14:47]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"D:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 12:54]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2007-12-07 16:46:05 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- D:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2007-12-22 02:42:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: D:\WINDOWS\system32\winlogon.exe
-> D:\WINDOWS\system32\xnyonwxd.dll
PROCESS: D:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> D:\WINDOWS\system32\xnyonwxd.dll
.
Completion time: 2007-12-22 2:46:06 - machine was rebooted
.
2007-12-20 02:07:06 --- E O F ---
|
