Pomoć oko kompa

1

Pomoć oko kompa

offline
  • Pridružio: 30 Dec 2008
  • Poruke: 11

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:07:36, on 30.12.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AirLive\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\AirLive\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Documents and Settings\pc\Desktop\New Folder\TR3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = a2articles.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\urqNHYRl.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {904322CC-B97F-419C-B287-7395D0F52F31} - C:\WINDOWS\system32\nnnoOggG.dll
O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Program Files\Mjcore\Mjcore.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe
O4 - HKLM\..\Run: [50ac6653] rundll32.exe "C:\WINDOWS\system32\vxrjsphj.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\pc\Application Data\gadcom\gadcom.exe" 61A847B5BBF72810359A3E466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [33774561452557204126725848167801] C:\Program Files\A360\av360.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\AirLive\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\AirLive\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\AirLive\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F026372C-58E5-43BC-9767-3F9F7FFA3CE2}: NameServer = 87.250.98.250 208.67.222.222
O20 - Winlogon Notify: urqNHYRl - C:\WINDOWS\SYSTEM32\urqNHYRl.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\AirLive\Bluetooth Software\bin\btwdins.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 6874 bytes

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 30 Dec 2008
  • Poruke: 11

Ja ne znam je li ovo uredno zavrseno jer mi se komp restartovao tacno pred zavrsetak kreiranja log fajla.


ComboFix 08-12-29.02 - pc 2008-12-30 17:30:32.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.283 [GMT 1:00]
Running from: C:\Documents and Settings\pc\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Outdated)
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\pc\Application Data\.#
C:\Documents and Settings\pc\Application Data\gadcom
C:\Documents and Settings\pc\Local Settings\Temporary Internet Files\fbk.sts
C:\Program Files\Mjcore
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\system32\aqnvwlrb.ini
C:\WINDOWS\system32\arcijqal.ini
C:\WINDOWS\system32\byXOfcAP.dll
C:\WINDOWS\system32\byXQHwWM.dll
C:\WINDOWS\system32\dvlmpagy.ini
C:\WINDOWS\system32\ektubkjg.ini
C:\WINDOWS\system32\fobefaqi.ini
C:\WINDOWS\system32\GggOonnn.ini
C:\WINDOWS\system32\GggOonnn.ini2
C:\WINDOWS\system32\gjkbutke.dll
C:\WINDOWS\system32\hgGabCSi.dll
C:\WINDOWS\system32\jduaqmdr.dll
C:\WINDOWS\system32\jhpsjrxv.ini
C:\WINDOWS\system32\jkkHXOgg.dll
C:\WINDOWS\system32\jkkKcCrp.dll
C:\WINDOWS\system32\kbpqncwr.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nnnoOggG.dll
C:\WINDOWS\system32\nqqjpsxe.ini
C:\WINDOWS\system32\odrmleno.ini
C:\WINDOWS\system32\opnmNFUL.dll
C:\WINDOWS\system32\osveuwkv.ini
C:\WINDOWS\system32\rdmqaudj.ini
C:\WINDOWS\system32\tuvTmNDu.dll
C:\WINDOWS\system32\tuvUOHwX.dll
C:\WINDOWS\system32\urqPfFwV.dll
C:\WINDOWS\system32\vtUkiGXQ.dll
C:\WINDOWS\system32\vxrjsphj.dll
C:\WINDOWS\system32\xajjmgxn.ini
C:\WINDOWS\system32\xuuxtahg.ini
C:\WINDOWS\system32\ygapmlvd.dll
C:\WINDOWS\Tasks\babixfrx.job

----- BITS: Possible infected sites -----

hxxp://childhe.com
.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-30 )))))))))))))))))))))))))))))))
.

2008-12-23 15:56 . 2008-12-23 15:56 244 --ah----- C:\sqmnoopt01.sqm
2008-12-23 15:56 . 2008-12-23 15:56 232 --ah----- C:\sqmdata01.sqm
2008-12-11 16:33 . 2008-12-11 16:32 410,984 --a------ C:\WINDOWS\system32\deploytk.dll
2008-12-11 16:33 . 2008-12-11 16:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-12-08 18:21 . 2008-12-08 18:23 1,004 --ahs---- C:\WINDOWS\system32\sys_drv.dat
2008-12-08 18:12 . 2008-12-08 18:12 180,064 --a------ C:\WINDOWS\system32\WinVd32.sys
2008-12-08 18:12 . 2008-12-08 18:12 16,384 --a------ C:\WINDOWS\system32\WinFl32.sys
2008-12-08 18:11 . 2008-12-08 18:12 <DIR> d-------- C:\Program Files\Folder Lock 6
2008-12-08 16:26 . 2008-12-08 16:26 1,025 --a------ C:\wny.exe
2008-12-08 16:21 . 2008-12-08 16:21 29,703 --a------ C:\msv2008.exe
2008-12-07 17:00 . 2008-12-07 17:00 34,816 --a------ C:\WINDOWS\system32\urqNHYRl.dll
2008-12-07 15:42 . 2008-12-08 16:40 73,216 --a------ C:\osy.exe
2008-12-05 22:40 . 2008-12-05 22:40 <DIR> d-------- C:\Documents and Settings\pc\Application Data\CyberLink
2008-12-01 21:32 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-12-01 21:32 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-12-01 21:32 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-12-01 21:32 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-12-01 21:32 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-12-01 21:32 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-12-01 21:32 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-12-01 21:32 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-12-01 17:59 . 2008-12-01 17:59 <DIR> d-------- C:\Documents and Settings\pc\Bluetooth Software
2008-12-01 17:54 . 2008-12-01 17:54 <DIR> d-------- C:\Program Files\AirLive
2008-11-20 17:06 . 2008-11-20 17:06 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-11-20 16:52 . 2008-11-20 16:52 <DIR> d-------- C:\Program Files\Rockstar Games
2008-11-14 14:50 . 2008-11-14 14:50 <DIR> d-------- C:\Documents and Settings\pc\Application Data\AdobeUM
2008-11-10 18:05 . 2008-11-10 18:05 <DIR> d-------- C:\WINDOWS\Sun
2008-11-10 00:30 . 2008-11-10 00:31 <DIR> d-------- C:\Program Files\VirtualDJ
2008-11-09 16:36 . 2008-12-07 14:49 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-11-08 17:52 . 2008-11-08 17:52 <DIR> d-------- C:\Downloads
2008-11-08 16:14 . 2008-11-08 16:52 <DIR> d-------- C:\Program Files\Winamp
2008-11-08 16:14 . 2008-11-08 16:38 <DIR> d-------- C:\Documents and Settings\pc\Application Data\Winamp
2008-11-06 15:39 . 2008-12-30 17:44 <DIR> d-------- C:\Program Files\DNA
2008-11-06 15:39 . 2008-11-06 15:39 <DIR> d-------- C:\Program Files\BitTorrent
2008-11-06 15:39 . 2008-12-30 17:44 <DIR> d-------- C:\Documents and Settings\pc\Application Data\DNA
2008-11-06 15:39 . 2008-12-12 19:17 <DIR> d-------- C:\Documents and Settings\pc\Application Data\BitTorrent
2008-11-06 15:38 . 2008-11-06 15:38 <DIR> d-------- C:\Program Files\AskSearch
2008-11-06 15:38 . 2008-11-13 10:42 <DIR> d-------- C:\Program Files\AskBarDis
2008-11-06 14:24 . 2008-11-06 14:24 0 --a------ C:\WINDOWS\nsreg.dat
2008-11-06 14:11 . 2008-11-13 18:46 <DIR> d-------- C:\Documents and Settings\pc\Contacts
2008-11-04 14:40 . 2008-12-30 17:44 177 --a------ C:\ASWL2K.ini
2008-11-04 14:38 . 2008-11-04 14:38 <DIR> d-------- C:\Program Files\ASUS
2008-11-04 14:38 . 2006-02-21 17:23 525,824 --a------ C:\WINDOWS\system32\ASWL2K.exe
2008-11-04 14:38 . 2004-05-06 12:21 496,640 --a------ C:\WINDOWS\system32\ASWLSVC.exe
2008-11-04 14:38 . 2004-05-07 18:57 159,827 --a------ C:\WINDOWS\system32\RemSvc.exe
2008-11-04 14:38 . 2003-10-09 19:38 141,824 --a------ C:\WINDOWS\system32\ClientCpl.cpl
2008-11-04 14:38 . 2002-09-09 21:01 61,440 --a------ C:\WINDOWS\system32\ASUSW32N50.dll
2008-11-04 14:38 . 2008-11-04 14:38 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-11-04 14:38 . 2002-09-09 19:54 16,269 --a------ C:\WINDOWS\system32\ASNDIS5.sys
2008-11-04 14:38 . 2001-04-16 05:48 15,577 --a------ C:\WINDOWS\system32\ASNDIS3.vxd
2008-11-04 14:36 . 2005-02-11 21:46 371,712 --a------ C:\WINDOWS\system32\drivers\BCMWL5.SYS
2008-11-04 14:29 . 2008-11-04 14:30 <DIR> d-------- C:\WINDOWS\Modio
2008-11-04 14:17 . 2008-11-04 14:17 <DIR> d-------- C:\Program Files\C-Media 3D Audio
2008-11-04 14:17 . 2003-12-11 15:44 2,453,504 --a------ C:\WINDOWS\system\cmicnfg.cpl
2008-11-04 14:16 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-11-04 14:02 . 2008-11-04 14:02 <DIR> d-------- C:\Program Files\VIA
2008-11-04 13:53 . 2008-11-04 13:53 <DIR> d-------- C:\Program Files\ATI Technologies
2008-11-04 13:53 . 2006-02-21 21:05 520,192 --a------ C:\WINDOWS\system32\ati2sgag.exe
2008-11-04 13:53 . 2008-11-04 13:53 982 --a------ C:\WINDOWS\ATICIM.INI
2008-11-04 13:52 . 2008-11-04 13:52 <DIR> d-------- C:\Service
2008-11-04 12:19 . 2001-08-23 12:00 28,288 --a--c--- C:\WINDOWS\system32\dllcache\xjis.nls
2008-11-04 12:17 . 2001-08-23 12:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-11-04 12:16 . 2004-08-03 23:56 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\smtpsnap.dll
2008-11-04 12:15 . 2004-08-03 23:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-11-04 12:14 . 2008-11-04 12:14 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-11-04 12:14 . 2008-11-04 12:14 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-11-04 12:14 . 2008-11-04 12:14 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-11-04 12:14 . 2008-11-04 12:14 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-11-04 12:14 . 2008-11-04 12:14 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-11-04 12:14 . 2008-11-04 12:14 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-11-04 12:10 . 2006-02-22 05:30 2,636,672 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-11-04 12:10 . 2006-02-22 05:30 2,636,672 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-11-04 12:10 . 2006-02-22 05:46 1,505,792 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-11-04 12:10 . 2006-02-22 05:46 1,505,792 --a--c--- C:\WINDOWS\system32\dllcache\ati2mtag.sys
2008-11-04 12:10 . 2004-08-04 00:56 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll
2008-11-04 12:10 . 2006-02-22 05:24 860,480 --a--c--- C:\WINDOWS\system32\dllcache\ativvaxx.dll
2008-11-04 12:10 . 2006-02-22 05:24 860,480 --a------ C:\WINDOWS\system32\ativvaxx.dll
2008-11-04 12:10 . 2006-02-22 05:04 258,048 --a------ C:\WINDOWS\system32\ati2cqag.dll
2008-11-04 12:10 . 2006-02-22 05:46 256,512 --a------ C:\WINDOWS\system32\ati2dvag.dll
2008-11-04 12:10 . 2001-08-17 12:13 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
2008-11-04 12:06 . 2004-08-04 00:58 2,012,670 --a--c--- C:\WINDOWS\system32\dllcache\NT5.CAT
2008-11-04 12:06 . 2004-08-04 00:57 1,086,058 --a--c--- C:\WINDOWS\system32\dllcache\NTPRINT.CAT
2008-11-04 12:06 . 2004-08-04 00:57 1,086,058 -ra------ C:\WINDOWS\SET2E.tmp
2008-11-04 12:06 . 2004-08-04 01:03 1,042,903 --a--c--- C:\WINDOWS\system32\dllcache\SP2.CAT
2008-11-04 12:06 . 2004-08-04 01:03 1,042,903 -ra------ C:\WINDOWS\SET2B.tmp
2008-11-04 12:06 . 2001-08-23 12:00 797,189 --a--c--- C:\WINDOWS\system32\dllcache\NT5IIS.CAT
2008-11-04 12:06 . 2004-08-04 00:58 502,724 --a--c--- C:\WINDOWS\system32\dllcache\NT5INF.CAT
2008-11-04 12:06 . 2001-08-23 12:00 399,645 --a--c--- C:\WINDOWS\system32\dllcache\MAPIMIG.CAT
2008-11-04 12:06 . 2004-08-04 00:58 13,753 -ra------ C:\WINDOWS\SET3A.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-11 15:32 --------- d-----w C:\Program Files\Java
2008-12-08 22:51 --------- d-----w C:\Program Files\ESET
2008-11-20 16:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-11-04 13:37 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-12 09:09 299,392 ----a-w C:\WINDOWS\system32\imon.dll
2008-09-11 18:49 155,995 ----a-w C:\WINDOWS\java\Packages\VHFJDRPJ.ZIP
2002-01-25 14:57 3,544,576 ----a-w C:\Program Files\LIPSETUP.MSI
2001-11-23 11:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 17:24 325000 --a------ C:\Program Files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
2008-12-07 17:00 34816 --a------ C:\WINDOWS\system32\urqNHYRl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 17:24 325000]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 17:24 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-11-06 15:39 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 16:24 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 16:21 54832]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-12-11 16:32 136600]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-09-12 10:09 950664]
"Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [2006-03-02 21:10 1667584]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-04 00:02 36352]

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

* Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana).
* Izaberi AMON iz Threat Protection grupe opcija.
* Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled.
* Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.

===============================

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\wny.exe
C:\msv2008.exe
C:\WINDOWS\system32\urqNHYRl.dll
C:\osy.exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 30 Dec 2008
  • Poruke: 11

Evo ponovo sam skenirao sa ComboFix-om i evo i taj log fajl:

ComboFix 08-12-29.02 - pc 2008-12-30 18:22:47.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.388 [GMT 1:00]
Running from: c:\documents and settings\pc\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Outdated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\urqNHYRl.dll
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\pc\Application Data\.#
c:\documents and settings\pc\Application Data\gadcom
c:\documents and settings\pc\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\Mjcore
c:\windows\IE4 Error Log.txt
c:\windows\system32\aqnvwlrb.ini
c:\windows\system32\arcijqal.ini
c:\windows\system32\byXOfcAP.dll
c:\windows\system32\byXQHwWM.dll
c:\windows\system32\dvlmpagy.ini
c:\windows\system32\ektubkjg.ini
c:\windows\system32\fobefaqi.ini
c:\windows\system32\GggOonnn.ini
c:\windows\system32\GggOonnn.ini2
c:\windows\system32\gjkbutke.dll
c:\windows\system32\hgGabCSi.dll
c:\windows\system32\jduaqmdr.dll
c:\windows\system32\jhpsjrxv.ini
c:\windows\system32\jkkHXOgg.dll
c:\windows\system32\jkkKcCrp.dll
c:\windows\system32\kbpqncwr.ini
c:\windows\system32\mcrh.tmp
c:\windows\system32\nnnoOggG.dll
c:\windows\system32\nqqjpsxe.ini
c:\windows\system32\odrmleno.ini
c:\windows\system32\opnmNFUL.dll
c:\windows\system32\osveuwkv.ini
c:\windows\system32\rdmqaudj.ini
c:\windows\system32\tuvTmNDu.dll
c:\windows\system32\tuvUOHwX.dll
c:\windows\system32\urqPfFwV.dll
c:\windows\system32\vtUkiGXQ.dll
c:\windows\system32\vxrjsphj.dll
c:\windows\system32\xajjmgxn.ini
c:\windows\system32\xuuxtahg.ini
c:\windows\system32\ygapmlvd.dll
c:\windows\Tasks\babixfrx.job

.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-30 )))))))))))))))))))))))))))))))
.

2008-12-23 15:56 . 2008-12-23 15:56 244 --ah----- C:\sqmnoopt01.sqm
2008-12-23 15:56 . 2008-12-23 15:56 232 --ah----- C:\sqmdata01.sqm
2008-12-11 16:33 . 2008-12-11 16:32 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-11 16:33 . 2008-12-11 16:32 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-08 18:21 . 2008-12-08 18:23 1,004 --ahs---- c:\windows\system32\sys_drv.dat
2008-12-08 18:12 . 2008-12-08 18:12 180,064 --a------ c:\windows\system32\WinVd32.sys
2008-12-08 18:12 . 2008-12-08 18:12 16,384 --a------ c:\windows\system32\WinFl32.sys
2008-12-08 18:11 . 2008-12-08 18:12 <DIR> d-------- c:\program files\Folder Lock 6
2008-12-08 16:26 . 2008-12-08 16:26 1,025 --a------ C:\wny.exe
2008-12-08 16:21 . 2008-12-08 16:21 29,703 --a------ C:\msv2008.exe
2008-12-07 15:42 . 2008-12-08 16:40 73,216 --a------ C:\osy.exe
2008-12-05 22:40 . 2008-12-05 22:40 <DIR> d-------- c:\documents and settings\pc\Application Data\CyberLink
2008-12-01 21:32 . 2004-05-14 16:53 462,848 --a------ c:\windows\system32\ltkrn13n.dll
2008-12-01 21:32 . 2004-05-14 16:53 450,560 --a------ c:\windows\system32\ltimg13n.dll
2008-12-01 21:32 . 2004-05-14 16:53 401,408 --a------ c:\windows\system32\lfcmp13n.dll
2008-12-01 21:32 . 2004-05-14 16:53 299,008 --a------ c:\windows\system32\ltdis13n.dll
2008-12-01 21:32 . 2004-01-12 02:09 206,336 --a------ c:\windows\system32\ltefx13n.dll
2008-12-01 21:32 . 2004-05-14 16:53 163,840 --a------ c:\windows\system32\ltfil13n.dll
2008-12-01 21:32 . 2003-11-04 15:10 69,632 --a------ c:\windows\system32\lfgif13n.dll
2008-12-01 21:32 . 2004-05-14 16:53 57,344 --a------ c:\windows\system32\lfbmp13n.dll
2008-12-01 17:59 . 2008-12-01 17:59 <DIR> d-------- c:\documents and settings\pc\Bluetooth Software
2008-12-01 17:54 . 2008-12-01 17:54 <DIR> d-------- c:\program files\AirLive
2008-11-20 17:06 . 2008-11-20 17:06 98,304 --a------ c:\windows\system32\CmdLineExt.dll
2008-11-20 16:52 . 2008-11-20 16:52 <DIR> d-------- c:\program files\Rockstar Games
2008-11-14 14:50 . 2008-11-14 14:50 <DIR> d-------- c:\documents and settings\pc\Application Data\AdobeUM
2008-11-10 18:05 . 2008-11-10 18:05 <DIR> d-------- c:\windows\Sun
2008-11-10 00:30 . 2008-11-10 00:31 <DIR> d-------- c:\program files\VirtualDJ
2008-11-09 16:36 . 2008-12-07 14:49 69 --a------ c:\windows\NeroDigital.ini
2008-11-08 17:52 . 2008-11-08 17:52 <DIR> d-------- C:\Downloads
2008-11-08 16:14 . 2008-11-08 16:52 <DIR> d-------- c:\program files\Winamp
2008-11-08 16:14 . 2008-11-08 16:38 <DIR> d-------- c:\documents and settings\pc\Application Data\Winamp
2008-11-06 15:39 . 2008-12-30 18:26 <DIR> d-------- c:\program files\DNA
2008-11-06 15:39 . 2008-11-06 15:39 <DIR> d-------- c:\program files\BitTorrent
2008-11-06 15:39 . 2008-12-30 18:26 <DIR> d-------- c:\documents and settings\pc\Application Data\DNA
2008-11-06 15:39 . 2008-12-12 19:17 <DIR> d-------- c:\documents and settings\pc\Application Data\BitTorrent
2008-11-06 15:38 . 2008-11-06 15:38 <DIR> d-------- c:\program files\AskSearch
2008-11-06 15:38 . 2008-11-13 10:42 <DIR> d-------- c:\program files\AskBarDis
2008-11-06 14:24 . 2008-11-06 14:24 0 --a------ c:\windows\nsreg.dat
2008-11-06 14:11 . 2008-11-13 18:46 <DIR> d-------- c:\documents and settings\pc\Contacts
2008-11-04 14:40 . 2008-12-30 18:26 177 --a------ C:\ASWL2K.ini
2008-11-04 14:38 . 2008-11-04 14:38 <DIR> d-------- c:\program files\ASUS
2008-11-04 14:38 . 2006-02-21 17:23 525,824 --a------ c:\windows\system32\ASWL2K.exe
2008-11-04 14:38 . 2004-05-06 12:21 496,640 --a------ c:\windows\system32\ASWLSVC.exe
2008-11-04 14:38 . 2004-05-07 18:57 159,827 --a------ c:\windows\system32\RemSvc.exe
2008-11-04 14:38 . 2003-10-09 19:38 141,824 --a------ c:\windows\system32\ClientCpl.cpl
2008-11-04 14:38 . 2002-09-09 21:01 61,440 --a------ c:\windows\system32\ASUSW32N50.dll
2008-11-04 14:38 . 2008-11-04 14:38 20,747 --a------ c:\windows\system32\drivers\AegisP.sys
2008-11-04 14:38 . 2002-09-09 19:54 16,269 --a------ c:\windows\system32\ASNDIS5.sys
2008-11-04 14:38 . 2001-04-16 05:48 15,577 --a------ c:\windows\system32\ASNDIS3.vxd
2008-11-04 14:36 . 2005-02-11 21:46 371,712 --a------ c:\windows\system32\drivers\BCMWL5.SYS
2008-11-04 14:29 . 2008-11-04 14:30 <DIR> d-------- c:\windows\Modio
2008-11-04 14:17 . 2008-11-04 14:17 <DIR> d-------- c:\program files\C-Media 3D Audio
2008-11-04 14:17 . 2003-12-11 15:44 2,453,504 --a------ c:\windows\system\cmicnfg.cpl
2008-11-04 14:16 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2008-11-04 14:02 . 2008-11-04 14:02 <DIR> d-------- c:\program files\VIA
2008-11-04 13:53 . 2008-11-04 13:53 <DIR> d-------- c:\program files\ATI Technologies
2008-11-04 13:53 . 2006-02-21 21:05 520,192 --a------ c:\windows\system32\ati2sgag.exe
2008-11-04 13:53 . 2008-11-04 13:53 982 --a------ c:\windows\ATICIM.INI
2008-11-04 13:52 . 2008-11-04 13:52 <DIR> d-------- C:\Service
2008-11-04 12:19 . 2001-08-23 12:00 28,288 --a--c--- c:\windows\system32\dllcache\xjis.nls
2008-11-04 12:17 . 2001-08-23 12:00 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll
2008-11-04 12:16 . 2004-08-03 23:56 2,134,528 --a--c--- c:\windows\system32\dllcache\smtpsnap.dll
2008-11-04 12:15 . 2004-08-03 23:56 221,184 --a------ c:\windows\system32\wmpns.dll
2008-11-04 12:14 . 2008-11-04 12:14 749 -rah----- c:\windows\WindowsShell.Manifest
2008-11-04 12:14 . 2008-11-04 12:14 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2008-11-04 12:14 . 2008-11-04 12:14 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2008-11-04 12:14 . 2008-11-04 12:14 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2008-11-04 12:14 . 2008-11-04 12:14 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2008-11-04 12:14 . 2008-11-04 12:14 488 -rah----- c:\windows\system32\logonui.exe.manifest
2008-11-04 12:10 . 2006-02-22 05:30 2,636,672 --a--c--- c:\windows\system32\dllcache\ati3duag.dll
2008-11-04 12:10 . 2006-02-22 05:30 2,636,672 --a------ c:\windows\system32\ati3duag.dll
2008-11-04 12:10 . 2006-02-22 05:46 1,505,792 --a------ c:\windows\system32\drivers\ati2mtag.sys
2008-11-04 12:10 . 2006-02-22 05:46 1,505,792 --a--c--- c:\windows\system32\dllcache\ati2mtag.sys
2008-11-04 12:10 . 2004-08-04 00:56 870,784 --a------ c:\windows\system32\ati3d1ag.dll
2008-11-04 12:10 . 2006-02-22 05:24 860,480 --a--c--- c:\windows\system32\dllcache\ativvaxx.dll
2008-11-04 12:10 . 2006-02-22 05:24 860,480 --a------ c:\windows\system32\ativvaxx.dll
2008-11-04 12:10 . 2006-02-22 05:04 258,048 --a------ c:\windows\system32\ati2cqag.dll
2008-11-04 12:10 . 2006-02-22 05:46 256,512 --a------ c:\windows\system32\ati2dvag.dll
2008-11-04 12:10 . 2001-08-17 12:13 27,165 --a------ c:\windows\system32\drivers\fetnd5.sys
2008-11-04 12:06 . 2004-08-04 00:58 2,012,670 --a--c--- c:\windows\system32\dllcache\NT5.CAT
2008-11-04 12:06 . 2004-08-04 00:57 1,086,058 --a--c--- c:\windows\system32\dllcache\NTPRINT.CAT
2008-11-04 12:06 . 2004-08-04 00:57 1,086,058 -ra------ c:\windows\SET2E.tmp
2008-11-04 12:06 . 2004-08-04 01:03 1,042,903 --a--c--- c:\windows\system32\dllcache\SP2.CAT
2008-11-04 12:06 . 2004-08-04 01:03 1,042,903 -ra------ c:\windows\SET2B.tmp
2008-11-04 12:06 . 2001-08-23 12:00 797,189 --a--c--- c:\windows\system32\dllcache\NT5IIS.CAT
2008-11-04 12:06 . 2004-08-04 00:58 502,724 --a--c--- c:\windows\system32\dllcache\NT5INF.CAT
2008-11-04 12:06 . 2001-08-23 12:00 399,645 --a--c--- c:\windows\system32\dllcache\MAPIMIG.CAT
2008-11-04 12:06 . 2004-08-04 00:58 13,753 -ra------ c:\windows\SET3A.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-11 15:32 --------- d-----w c:\program files\Java
2008-12-08 22:51 --------- d-----w c:\program files\ESET
2008-11-20 16:11 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-04 13:37 --------- d-----w c:\program files\Common Files\InstallShield
2008-09-12 09:09 299,392 ----a-w c:\windows\system32\imon.dll
2008-09-11 18:49 155,995 ----a-w c:\windows\java\Packages\VHFJDRPJ.ZIP
2002-01-25 14:57 3,544,576 ----a-w c:\program files\LIPSETUP.MSI
2001-11-23 11:08 712,704 ----a-w c:\windows\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((( snapshot@2008-12-30_17.48.31.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-30 17:26:13 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_f4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 17:24 325000 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{904322CC-B97F-419C-B287-7395D0F52F31}]
c:\windows\system32\nnnoOggG.dll [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-11-06 342848]
"33774561452557204126725848167801"="c:\program files\A360\av360.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-11 136600]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-09-12 950664]
"Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2006-03-02 1667584]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"Cmaudio"="cmicnfg.cpl" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\AirLive\Bluetooth Software\BTTray.exe [2005-12-02 618557]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-09-12 15424]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51:58 13560]
R3 ASNDIS5;ASNDIS5 Protocol Driver;\??\c:\windows\system32\ASNDIS5.SYS [2008-11-04 16269]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"c:\program files\MSN Messenger\usnsvc.exe" [2007-01-19 97136]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d72cb42-d748-11dc-9d16-806d6172696f}]
\Shell\AutoRun\command - D:\INTRO.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a0ef581-aef8-11dd-995b-00e04cd0a424}]
\Shell\AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EED000E6-BD58-EAE9-C012-E0DF26905072}]
c:\windows\system32\Explorer.exe
.
- - - - ORPHANS REMOVED - - - -

Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.a2articles.com
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\AirLive\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\windows\system32\imon.dll
TCP: {F026372C-58E5-43BC-9767-3F9F7FFA3CE2} = 87.250.98.250 208.67.222.222

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\pc\Application Data\Mozilla\Firefox\Profiles\f7ug7hxp.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=101764&l=dis
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-12-30 18:26:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(820)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(876)
c:\windows\system32\imon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\AirLive\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\ESET\nod32krn.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\slserv.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-12-30 18:28:18 - machine was rebooted [pc]
ComboFix-quarantined-files.txt 2008-12-30 17:28:16

Pre-Run: 32,244,633,600 bytes free
Post-Run: 32,203,079,680 bytes free

270

Dopuna: 30 Dec 2008 18:35

Oprosti nisam ni vidio da si napisao nesto, pa sam postovao ovaj log posle tvog posta.

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Sacekaj sekund, moram da izmenim skript posto sada imam ceo log.

Dopuna: 30 Dec 2008 18:42

* Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana).
* Izaberi AMON iz Threat Protection grupe opcija.
* Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled.
* Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.

===============================

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\wny.exe
C:\msv2008.exe
C:\WINDOWS\system32\urqNHYRl.dll
C:\osy.exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a0ef581-aef8-11dd-995b-00e04cd0a424}]

DirLook::
c:\\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

==============================

offline
  • Pridružio: 30 Dec 2008
  • Poruke: 11

E ovako, posto sam ja bio uradio i prvi put ovu foru sa CFScript-om pa onda i sa izmjenjenim CFscriptom evo ti oba loga:
prvi log:

ComboFix 08-12-29.02 - pc 2008-12-30 18:33:48.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.328 [GMT 1:00]
Running from: c:\documents and settings\pc\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\pc\Desktop\CFScript.txt
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Outdated)
* Created a new restore point

FILE ::
C:\msv2008.exe
C:\osy.exe
c:\windows\system32\urqNHYRl.dll
C:\wny.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\msv2008.exe
C:\osy.exe
C:\wny.exe

.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-30 )))))))))))))))))))))))))))))))
.

2008-12-23 15:56 . 2008-12-23 15:56 244 --ah----- C:\sqmnoopt01.sqm
2008-12-23 15:56 . 2008-12-23 15:56 232 --ah----- C:\sqmdata01.sqm
2008-12-11 16:33 . 2008-12-11 16:32 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-11 16:33 . 2008-12-11 16:32 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-08 18:21 . 2008-12-08 18:23 1,004 --ahs---- c:\windows\system32\sys_drv.dat
2008-12-08 18:12 . 2008-12-08 18:12 180,064 --a------ c:\windows\system32\WinVd32.sys
2008-12-08 18:12 . 2008-12-08 18:12 16,384 --a------ c:\windows\system32\WinFl32.sys
2008-12-08 18:11 . 2008-12-08 18:12 <DIR> d-------- c:\program files\Folder Lock 6
2008-12-05 22:40 . 2008-12-05 22:40 <DIR> d-------- c:\documents and settings\pc\Application Data\CyberLink
2008-12-01 21:32 . 2004-05-14 16:53 462,848 --a------ c:\windows\system32\ltkrn13n.dll
2008-12-01 21:32 . 2004-05-14 16:53 450,560 --a------ c:\windows\system32\ltimg13n.dll
2008-12-01 21:32 . 2004-05-14 16:53 401,408 --a------ c:\windows\system32\lfcmp13n.dll
2008-12-01 21:32 . 2004-05-14 16:53 299,008 --a------ c:\windows\system32\ltdis13n.dll
2008-12-01 21:32 . 2004-01-12 02:09 206,336 --a------ c:\windows\system32\ltefx13n.dll
2008-12-01 21:32 . 2004-05-14 16:53 163,840 --a------ c:\windows\system32\ltfil13n.dll
2008-12-01 21:32 . 2003-11-04 15:10 69,632 --a------ c:\windows\system32\lfgif13n.dll
2008-12-01 21:32 . 2004-05-14 16:53 57,344 --a------ c:\windows\system32\lfbmp13n.dll
2008-12-01 17:59 . 2008-12-01 17:59 <DIR> d-------- c:\documents and settings\pc\Bluetooth Software
2008-12-01 17:54 . 2008-12-01 17:54 <DIR> d-------- c:\program files\AirLive
2008-11-20 17:06 . 2008-11-20 17:06 98,304 --a------ c:\windows\system32\CmdLineExt.dll
2008-11-20 16:52 . 2008-11-20 16:52 <DIR> d-------- c:\program files\Rockstar Games
2008-11-14 14:50 . 2008-11-14 14:50 <DIR> d-------- c:\documents and settings\pc\Application Data\AdobeUM
2008-11-10 18:05 . 2008-11-10 18:05 <DIR> d-------- c:\windows\Sun
2008-11-10 00:30 . 2008-11-10 00:31 <DIR> d-------- c:\program files\VirtualDJ
2008-11-09 16:36 . 2008-12-07 14:49 69 --a------ c:\windows\NeroDigital.ini
2008-11-08 17:52 . 2008-11-08 17:52 <DIR> d-------- C:\Downloads
2008-11-08 16:14 . 2008-11-08 16:52 <DIR> d-------- c:\program files\Winamp
2008-11-08 16:14 . 2008-11-08 16:38 <DIR> d-------- c:\documents and settings\pc\Application Data\Winamp
2008-11-06 15:39 . 2008-12-30 18:26 <DIR> d-------- c:\program files\DNA
2008-11-06 15:39 . 2008-11-06 15:39 <DIR> d-------- c:\program files\BitTorrent
2008-11-06 15:39 . 2008-12-30 18:26 <DIR> d-------- c:\documents and settings\pc\Application Data\DNA
2008-11-06 15:39 . 2008-12-12 19:17 <DIR> d-------- c:\documents and settings\pc\Application Data\BitTorrent
2008-11-06 15:38 . 2008-11-06 15:38 <DIR> d-------- c:\program files\AskSearch
2008-11-06 15:38 . 2008-11-13 10:42 <DIR> d-------- c:\program files\AskBarDis
2008-11-06 14:24 . 2008-11-06 14:24 0 --a------ c:\windows\nsreg.dat
2008-11-06 14:11 . 2008-11-13 18:46 <DIR> d-------- c:\documents and settings\pc\Contacts
2008-11-04 14:40 . 2008-12-30 18:26 177 --a------ C:\ASWL2K.ini
2008-11-04 14:38 . 2008-11-04 14:38 <DIR> d-------- c:\program files\ASUS
2008-11-04 14:38 . 2006-02-21 17:23 525,824 --a------ c:\windows\system32\ASWL2K.exe
2008-11-04 14:38 . 2004-05-06 12:21 496,640 --a------ c:\windows\system32\ASWLSVC.exe
2008-11-04 14:38 . 2004-05-07 18:57 159,827 --a------ c:\windows\system32\RemSvc.exe
2008-11-04 14:38 . 2003-10-09 19:38 141,824 --a------ c:\windows\system32\ClientCpl.cpl
2008-11-04 14:38 . 2002-09-09 21:01 61,440 --a------ c:\windows\system32\ASUSW32N50.dll
2008-11-04 14:38 . 2008-11-04 14:38 20,747 --a------ c:\windows\system32\drivers\AegisP.sys
2008-11-04 14:38 . 2002-09-09 19:54 16,269 --a------ c:\windows\system32\ASNDIS5.sys
2008-11-04 14:38 . 2001-04-16 05:48 15,577 --a------ c:\windows\system32\ASNDIS3.vxd
2008-11-04 14:36 . 2005-02-11 21:46 371,712 --a------ c:\windows\system32\drivers\BCMWL5.SYS
2008-11-04 14:29 . 2008-11-04 14:30 <DIR> d-------- c:\windows\Modio
2008-11-04 14:17 . 2008-11-04 14:17 <DIR> d-------- c:\program files\C-Media 3D Audio
2008-11-04 14:17 . 2003-12-11 15:44 2,453,504 --a------ c:\windows\system\cmicnfg.cpl
2008-11-04 14:16 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2008-11-04 14:02 . 2008-11-04 14:02 <DIR> d-------- c:\program files\VIA
2008-11-04 13:53 . 2008-11-04 13:53 <DIR> d-------- c:\program files\ATI Technologies
2008-11-04 13:53 . 2006-02-21 21:05 520,192 --a------ c:\windows\system32\ati2sgag.exe
2008-11-04 13:53 . 2008-11-04 13:53 982 --a------ c:\windows\ATICIM.INI
2008-11-04 13:52 . 2008-11-04 13:52 <DIR> d-------- C:\Service
2008-11-04 12:19 . 2001-08-23 12:00 28,288 --a--c--- c:\windows\system32\dllcache\xjis.nls
2008-11-04 12:17 . 2001-08-23 12:00 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll
2008-11-04 12:16 . 2004-08-03 23:56 2,134,528 --a--c--- c:\windows\system32\dllcache\smtpsnap.dll
2008-11-04 12:15 . 2004-08-03 23:56 221,184 --a------ c:\windows\system32\wmpns.dll
2008-11-04 12:14 . 2008-11-04 12:14 749 -rah----- c:\windows\WindowsShell.Manifest
2008-11-04 12:14 . 2008-11-04 12:14 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2008-11-04 12:14 . 2008-11-04 12:14 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2008-11-04 12:14 . 2008-11-04 12:14 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2008-11-04 12:14 . 2008-11-04 12:14 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2008-11-04 12:14 . 2008-11-04 12:14 488 -rah----- c:\windows\system32\logonui.exe.manifest
2008-11-04 12:10 . 2006-02-22 05:30 2,636,672 --a--c--- c:\windows\system32\dllcache\ati3duag.dll
2008-11-04 12:10 . 2006-02-22 05:30 2,636,672 --a------ c:\windows\system32\ati3duag.dll
2008-11-04 12:10 . 2006-02-22 05:46 1,505,792 --a------ c:\windows\system32\drivers\ati2mtag.sys
2008-11-04 12:10 . 2006-02-22 05:46 1,505,792 --a--c--- c:\windows\system32\dllcache\ati2mtag.sys
2008-11-04 12:10 . 2004-08-04 00:56 870,784 --a------ c:\windows\system32\ati3d1ag.dll
2008-11-04 12:10 . 2006-02-22 05:24 860,480 --a--c--- c:\windows\system32\dllcache\ativvaxx.dll
2008-11-04 12:10 . 2006-02-22 05:24 860,480 --a------ c:\windows\system32\ativvaxx.dll
2008-11-04 12:10 . 2006-02-22 05:04 258,048 --a------ c:\windows\system32\ati2cqag.dll
2008-11-04 12:10 . 2006-02-22 05:46 256,512 --a------ c:\windows\system32\ati2dvag.dll
2008-11-04 12:10 . 2001-08-17 12:13 27,165 --a------ c:\windows\system32\drivers\fetnd5.sys
2008-11-04 12:06 . 2004-08-04 00:58 2,012,670 --a--c--- c:\windows\system32\dllcache\NT5.CAT
2008-11-04 12:06 . 2004-08-04 00:57 1,086,058 --a--c--- c:\windows\system32\dllcache\NTPRINT.CAT
2008-11-04 12:06 . 2004-08-04 00:57 1,086,058 -ra------ c:\windows\SET2E.tmp
2008-11-04 12:06 . 2004-08-04 01:03 1,042,903 --a--c--- c:\windows\system32\dllcache\SP2.CAT
2008-11-04 12:06 . 2004-08-04 01:03 1,042,903 -ra------ c:\windows\SET2B.tmp
2008-11-04 12:06 . 2001-08-23 12:00 797,189 --a--c--- c:\windows\system32\dllcache\NT5IIS.CAT
2008-11-04 12:06 . 2004-08-04 00:58 502,724 --a--c--- c:\windows\system32\dllcache\NT5INF.CAT
2008-11-04 12:06 . 2001-08-23 12:00 399,645 --a--c--- c:\windows\system32\dllcache\MAPIMIG.CAT
2008-11-04 12:06 . 2004-08-04 00:58 13,753 -ra------ c:\windows\SET3A.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-11 15:32 --------- d-----w c:\program files\Java
2008-12-08 22:51 --------- d-----w c:\program files\ESET
2008-11-20 16:11 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-04 13:37 --------- d-----w c:\program files\Common Files\InstallShield
2008-09-12 09:09 299,392 ----a-w c:\windows\system32\imon.dll
2008-09-11 18:49 155,995 ----a-w c:\windows\java\Packages\VHFJDRPJ.ZIP
2002-01-25 14:57 3,544,576 ----a-w c:\program files\LIPSETUP.MSI
2001-11-23 11:08 712,704 ----a-w c:\windows\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((( snapshot@2008-12-30_17.48.31.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-30 17:26:13 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_f4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 17:24 325000 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{904322CC-B97F-419C-B287-7395D0F52F31}]
c:\windows\system32\nnnoOggG.dll [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-11-06 342848]
"33774561452557204126725848167801"="c:\program files\A360\av360.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-11 136600]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-09-12 950664]
"Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2006-03-02 1667584]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"Cmaudio"="cmicnfg.cpl" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\AirLive\Bluetooth Software\BTTray.exe [2005-12-02 618557]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-09-12 15424]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51:58 13560]
R3 ASNDIS5;ASNDIS5 Protocol Driver;\??\c:\windows\system32\ASNDIS5.SYS [2008-11-04 16269]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"c:\program files\MSN Messenger\usnsvc.exe" [2007-01-19 97136]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d72cb42-d748-11dc-9d16-806d6172696f}]
\Shell\AutoRun\command - D:\INTRO.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a0ef581-aef8-11dd-995b-00e04cd0a424}]
\Shell\AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EED000E6-BD58-EAE9-C012-E0DF26905072}]
c:\windows\system32\Explorer.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.a2articles.com
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\AirLive\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\windows\system32\imon.dll
TCP: {F026372C-58E5-43BC-9767-3F9F7FFA3CE2} = 87.250.98.250 208.67.222.222

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\pc\Application Data\Mozilla\Firefox\Profiles\f7ug7hxp.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=101764&l=dis
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-12-30 18:34:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(820)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(876)
c:\windows\system32\imon.dll
.
Completion time: 2008-12-30 18:35:56
ComboFix-quarantined-files.txt 2008-12-30 17:35:34
ComboFix2.txt 2008-12-30 17:28:21

Pre-Run: 32.223.567.872 bytes free
Post-Run: 32,213,270,528 bytes free

219


evo i drugi znaci posle drugog CFScripta:

ComboFix 08-12-29.02 - pc 2008-12-30 18:49:26.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.350 [GMT 1:00]
Running from: c:\documents and settings\pc\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\pc\Desktop\CFScript.txt
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Outdated)
* Created a new restore point

FILE ::
C:\msv2008.exe
C:\osy.exe
c:\windows\system32\urqNHYRl.dll
C:\wny.exe
.

((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-30 )))))))))))))))))))))))))))))))
.

2008-12-23 15:56 . 2008-12-23 15:56 244 --ah----- C:\sqmnoopt01.sqm
2008-12-23 15:56 . 2008-12-23 15:56 232 --ah----- C:\sqmdata01.sqm
2008-12-11 16:33 . 2008-12-11 16:32 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-11 16:33 . 2008-12-11 16:32 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-08 18:21 . 2008-12-08 18:23 1,004 --ahs---- c:\windows\system32\sys_drv.dat
2008-12-08 18:12 . 2008-12-08 18:12 180,064 --a------ c:\windows\system32\WinVd32.sys
2008-12-08 18:12 . 2008-12-08 18:12 16,384 --a------ c:\windows\system32\WinFl32.sys
2008-12-08 18:11 . 2008-12-08 18:12 <DIR> d-------- c:\program files\Folder Lock 6
2008-12-05 22:40 . 2008-12-05 22:40 <DIR> d-------- c:\documents and settings\pc\Application Data\CyberLink
2008-12-01 21:32 . 2004-05-14 16:53 462,848 --a------ c:\windows\system32\ltkrn13n.dll
2008-12-01 21:32 . 2004-05-14 16:53 450,560 --a------ c:\windows\system32\ltimg13n.dll
2008-12-01 21:32 . 2004-05-14 16:53 401,408 --a------ c:\windows\system32\lfcmp13n.dll
2008-12-01 21:32 . 2004-05-14 16:53 299,008 --a------ c:\windows\system32\ltdis13n.dll
2008-12-01 21:32 . 2004-01-12 02:09 206,336 --a------ c:\windows\system32\ltefx13n.dll
2008-12-01 21:32 . 2004-05-14 16:53 163,840 --a------ c:\windows\system32\ltfil13n.dll
2008-12-01 21:32 . 2003-11-04 15:10 69,632 --a------ c:\windows\system32\lfgif13n.dll
2008-12-01 21:32 . 2004-05-14 16:53 57,344 --a------ c:\windows\system32\lfbmp13n.dll
2008-12-01 17:59 . 2008-12-01 17:59 <DIR> d-------- c:\documents and settings\pc\Bluetooth Software
2008-12-01 17:54 . 2008-12-01 17:54 <DIR> d-------- c:\program files\AirLive
2008-11-20 17:06 . 2008-11-20 17:06 98,304 --a------ c:\windows\system32\CmdLineExt.dll
2008-11-20 16:52 . 2008-11-20 16:52 <DIR> d-------- c:\program files\Rockstar Games
2008-11-14 14:50 . 2008-11-14 14:50 <DIR> d-------- c:\documents and settings\pc\Application Data\AdobeUM
2008-11-10 18:05 . 2008-11-10 18:05 <DIR> d-------- c:\windows\Sun
2008-11-10 00:30 . 2008-11-10 00:31 <DIR> d-------- c:\program files\VirtualDJ
2008-11-09 16:36 . 2008-12-07 14:49 69 --a------ c:\windows\NeroDigital.ini
2008-11-08 17:52 . 2008-11-08 17:52 <DIR> d-------- C:\Downloads
2008-11-08 16:14 . 2008-11-08 16:52 <DIR> d-------- c:\program files\Winamp
2008-11-08 16:14 . 2008-11-08 16:38 <DIR> d-------- c:\documents and settings\pc\Application Data\Winamp
2008-11-06 15:39 . 2008-12-30 18:44 <DIR> d-------- c:\program files\DNA
2008-11-06 15:39 . 2008-11-06 15:39 <DIR> d-------- c:\program files\BitTorrent
2008-11-06 15:39 . 2008-12-30 18:44 <DIR> d-------- c:\documents and settings\pc\Application Data\DNA
2008-11-06 15:39 . 2008-12-12 19:17 <DIR> d-------- c:\documents and settings\pc\Application Data\BitTorrent
2008-11-06 15:38 . 2008-11-06 15:38 <DIR> d-------- c:\program files\AskSearch
2008-11-06 15:38 . 2008-11-13 10:42 <DIR> d-------- c:\program files\AskBarDis
2008-11-06 14:24 . 2008-11-06 14:24 0 --a------ c:\windows\nsreg.dat
2008-11-06 14:11 . 2008-11-13 18:46 <DIR> d-------- c:\documents and settings\pc\Contacts
2008-11-04 14:40 . 2008-12-30 18:44 177 --a------ C:\ASWL2K.ini
2008-11-04 14:38 . 2008-11-04 14:38 <DIR> d-------- c:\program files\ASUS
2008-11-04 14:38 . 2006-02-21 17:23 525,824 --a------ c:\windows\system32\ASWL2K.exe
2008-11-04 14:38 . 2004-05-06 12:21 496,640 --a------ c:\windows\system32\ASWLSVC.exe
2008-11-04 14:38 . 2004-05-07 18:57 159,827 --a------ c:\windows\system32\RemSvc.exe
2008-11-04 14:38 . 2003-10-09 19:38 141,824 --a------ c:\windows\system32\ClientCpl.cpl
2008-11-04 14:38 . 2002-09-09 21:01 61,440 --a------ c:\windows\system32\ASUSW32N50.dll
2008-11-04 14:38 . 2008-11-04 14:38 20,747 --a------ c:\windows\system32\drivers\AegisP.sys
2008-11-04 14:38 . 2002-09-09 19:54 16,269 --a------ c:\windows\system32\ASNDIS5.sys
2008-11-04 14:38 . 2001-04-16 05:48 15,577 --a------ c:\windows\system32\ASNDIS3.vxd
2008-11-04 14:36 . 2005-02-11 21:46 371,712 --a------ c:\windows\system32\drivers\BCMWL5.SYS
2008-11-04 14:29 . 2008-11-04 14:30 <DIR> d-------- c:\windows\Modio
2008-11-04 14:17 . 2008-11-04 14:17 <DIR> d-------- c:\program files\C-Media 3D Audio
2008-11-04 14:17 . 2003-12-11 15:44 2,453,504 --a------ c:\windows\system\cmicnfg.cpl
2008-11-04 14:16 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2008-11-04 14:02 . 2008-11-04 14:02 <DIR> d-------- c:\program files\VIA
2008-11-04 13:53 . 2008-11-04 13:53 <DIR> d-------- c:\program files\ATI Technologies
2008-11-04 13:53 . 2006-02-21 21:05 520,192 --a------ c:\windows\system32\ati2sgag.exe
2008-11-04 13:53 . 2008-11-04 13:53 982 --a------ c:\windows\ATICIM.INI
2008-11-04 13:52 . 2008-11-04 13:52 <DIR> d-------- C:\Service
2008-11-04 12:19 . 2001-08-23 12:00 28,288 --a--c--- c:\windows\system32\dllcache\xjis.nls
2008-11-04 12:17 . 2001-08-23 12:00 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll
2008-11-04 12:16 . 2004-08-03 23:56 2,134,528 --a--c--- c:\windows\system32\dllcache\smtpsnap.dll
2008-11-04 12:15 . 2004-08-03 23:56 221,184 --a------ c:\windows\system32\wmpns.dll
2008-11-04 12:14 . 2008-11-04 12:14 749 -rah----- c:\windows\WindowsShell.Manifest
2008-11-04 12:14 . 2008-11-04 12:14 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2008-11-04 12:14 . 2008-11-04 12:14 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2008-11-04 12:14 . 2008-11-04 12:14 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2008-11-04 12:14 . 2008-11-04 12:14 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2008-11-04 12:14 . 2008-11-04 12:14 488 -rah----- c:\windows\system32\logonui.exe.manifest
2008-11-04 12:10 . 2006-02-22 05:30 2,636,672 --a--c--- c:\windows\system32\dllcache\ati3duag.dll
2008-11-04 12:10 . 2006-02-22 05:30 2,636,672 --a------ c:\windows\system32\ati3duag.dll
2008-11-04 12:10 . 2006-02-22 05:46 1,505,792 --a------ c:\windows\system32\drivers\ati2mtag.sys
2008-11-04 12:10 . 2006-02-22 05:46 1,505,792 --a--c--- c:\windows\system32\dllcache\ati2mtag.sys
2008-11-04 12:10 . 2004-08-04 00:56 870,784 --a------ c:\windows\system32\ati3d1ag.dll
2008-11-04 12:10 . 2006-02-22 05:24 860,480 --a--c--- c:\windows\system32\dllcache\ativvaxx.dll
2008-11-04 12:10 . 2006-02-22 05:24 860,480 --a------ c:\windows\system32\ativvaxx.dll
2008-11-04 12:10 . 2006-02-22 05:04 258,048 --a------ c:\windows\system32\ati2cqag.dll
2008-11-04 12:10 . 2006-02-22 05:46 256,512 --a------ c:\windows\system32\ati2dvag.dll
2008-11-04 12:10 . 2001-08-17 12:13 27,165 --a------ c:\windows\system32\drivers\fetnd5.sys
2008-11-04 12:06 . 2004-08-04 00:58 2,012,670 --a--c--- c:\windows\system32\dllcache\NT5.CAT
2008-11-04 12:06 . 2004-08-04 00:57 1,086,058 --a--c--- c:\windows\system32\dllcache\NTPRINT.CAT
2008-11-04 12:06 . 2004-08-04 00:57 1,086,058 -ra------ c:\windows\SET2E.tmp
2008-11-04 12:06 . 2004-08-04 01:03 1,042,903 --a--c--- c:\windows\system32\dllcache\SP2.CAT
2008-11-04 12:06 . 2004-08-04 01:03 1,042,903 -ra------ c:\windows\SET2B.tmp
2008-11-04 12:06 . 2001-08-23 12:00 797,189 --a--c--- c:\windows\system32\dllcache\NT5IIS.CAT
2008-11-04 12:06 . 2004-08-04 00:58 502,724 --a--c--- c:\windows\system32\dllcache\NT5INF.CAT
2008-11-04 12:06 . 2001-08-23 12:00 399,645 --a--c--- c:\windows\system32\dllcache\MAPIMIG.CAT
2008-11-04 12:06 . 2004-08-04 00:58 13,753 -ra------ c:\windows\SET3A.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-11 15:32 --------- d-----w c:\program files\Java
2008-12-08 22:51 --------- d-----w c:\program files\ESET
2008-11-20 16:11 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-04 13:37 --------- d-----w c:\program files\Common Files\InstallShield
2008-09-12 09:09 299,392 ----a-w c:\windows\system32\imon.dll
2008-09-11 18:49 155,995 ----a-w c:\windows\java\Packages\VHFJDRPJ.ZIP
2002-01-25 14:57 3,544,576 ----a-w c:\program files\LIPSETUP.MSI
2001-11-23 11:08 712,704 ----a-w c:\windows\inf\OTHER\AUDIO3D.DLL
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\ ----

c:\\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\\


((((((((((((((((((((((((((((( snapshot@2008-12-30_17.48.31.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-30 17:43:54 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_94.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 17:24 325000 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{904322CC-B97F-419C-B287-7395D0F52F31}]
c:\windows\system32\nnnoOggG.dll [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-11-06 342848]
"33774561452557204126725848167801"="c:\program files\A360\av360.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-11 136600]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-09-12 950664]
"Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2006-03-02 1667584]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"Cmaudio"="cmicnfg.cpl" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\AirLive\Bluetooth Software\BTTray.exe [2005-12-02 618557]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-09-12 15424]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51:58 13560]
R3 ASNDIS5;ASNDIS5 Protocol Driver;\??\c:\windows\system32\ASNDIS5.SYS [2008-11-04 16269]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"c:\program files\MSN Messenger\usnsvc.exe" [2007-01-19 97136]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d72cb42-d748-11dc-9d16-806d6172696f}]
\Shell\AutoRun\command - D:\INTRO.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EED000E6-BD58-EAE9-C012-E0DF26905072}]
c:\windows\system32\Explorer.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.a2articles.com
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\AirLive\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\windows\system32\imon.dll
TCP: {F026372C-58E5-43BC-9767-3F9F7FFA3CE2} = 87.250.98.250 208.67.222.222

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\pc\Application Data\Mozilla\Firefox\Profiles\f7ug7hxp.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=101764&l=dis
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-12-30 18:50:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\pc\LOCALS~1\Temp\Perflib_Perfdata_1b8.dat 16384 bytes

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(872)
c:\windows\system32\imon.dll
.
Completion time: 2008-12-30 18:51:43
ComboFix-quarantined-files.txt 2008-12-30 17:51:25
ComboFix2.txt 2008-12-30 17:35:58
ComboFix3.txt 2008-12-30 17:28:21

Pre-Run: 32.203.247.616 bytes free
Post-Run: 32,193,003,520 bytes free

216

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\nnnoOggG.dll

Folder::
c:\program files\A360\

DirLook::
c:\MSOCache\

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{904322CC-B97F-419C-B287-7395D0F52F31}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"33774561452557204126725848167801"=-


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 30 Dec 2008
  • Poruke: 11

Svaki put posle zavrsenog skeniranja sa ComboFixom ne mogu pokrenem ni jedan browser na racunaru, ili ako ga pokrenem ne moze na internet dok ga ne restartujem. A evo i log fajl opet:

ComboFix 08-12-29.02 - pc 2008-12-30 19:24:23.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.439 [GMT 1:00]
Running from: c:\documents and settings\pc\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\pc\Desktop\CFScript.txt
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Outdated)
* Created a new restore point

FILE ::
c:\windows\system32\nnnoOggG.dll
.

((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-30 )))))))))))))))))))))))))))))))
.

2008-12-23 15:56 . 2008-12-23 15:56 244 --ah----- C:\sqmnoopt01.sqm
2008-12-23 15:56 . 2008-12-23 15:56 232 --ah----- C:\sqmdata01.sqm
2008-12-11 16:33 . 2008-12-11 16:32 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-11 16:33 . 2008-12-11 16:32 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-08 18:21 . 2008-12-08 18:23 1,004 --ahs---- c:\windows\system32\sys_drv.dat
2008-12-08 18:12 . 2008-12-08 18:12 180,064 --a------ c:\windows\system32\WinVd32.sys
2008-12-08 18:12 . 2008-12-08 18:12 16,384 --a------ c:\windows\system32\WinFl32.sys
2008-12-08 18:11 . 2008-12-08 18:12 <DIR> d-------- c:\program files\Folder Lock 6
2008-12-05 22:40 . 2008-12-05 22:40 <DIR> d-------- c:\documents and settings\pc\Application Data\CyberLink
2008-12-01 21:32 . 2004-05-14 16:53 462,848 --a------ c:\windows\system32\ltkrn13n.dll
2008-12-01 21:32 . 2004-05-14 16:53 450,560 --a------ c:\windows\system32\ltimg13n.dll
2008-12-01 21:32 . 2004-05-14 16:53 401,408 --a------ c:\windows\system32\lfcmp13n.dll
2008-12-01 21:32 . 2004-05-14 16:53 299,008 --a------ c:\windows\system32\ltdis13n.dll
2008-12-01 21:32 . 2004-01-12 02:09 206,336 --a------ c:\windows\system32\ltefx13n.dll
2008-12-01 21:32 . 2004-05-14 16:53 163,840 --a------ c:\windows\system32\ltfil13n.dll
2008-12-01 21:32 . 2003-11-04 15:10 69,632 --a------ c:\windows\system32\lfgif13n.dll
2008-12-01 21:32 . 2004-05-14 16:53 57,344 --a------ c:\windows\system32\lfbmp13n.dll
2008-12-01 17:59 . 2008-12-01 17:59 <DIR> d-------- c:\documents and settings\pc\Bluetooth Software
2008-12-01 17:54 . 2008-12-01 17:54 <DIR> d-------- c:\program files\AirLive
2008-11-20 17:06 . 2008-11-20 17:06 98,304 --a------ c:\windows\system32\CmdLineExt.dll
2008-11-20 16:52 . 2008-11-20 16:52 <DIR> d-------- c:\program files\Rockstar Games
2008-11-14 14:50 . 2008-11-14 14:50 <DIR> d-------- c:\documents and settings\pc\Application Data\AdobeUM
2008-11-10 18:05 . 2008-11-10 18:05 <DIR> d-------- c:\windows\Sun
2008-11-10 00:30 . 2008-11-10 00:31 <DIR> d-------- c:\program files\VirtualDJ
2008-11-09 16:36 . 2008-12-07 14:49 69 --a------ c:\windows\NeroDigital.ini
2008-11-08 17:52 . 2008-11-08 17:52 <DIR> d-------- C:\Downloads
2008-11-08 16:14 . 2008-11-08 16:52 <DIR> d-------- c:\program files\Winamp
2008-11-08 16:14 . 2008-11-08 16:38 <DIR> d-------- c:\documents and settings\pc\Application Data\Winamp
2008-11-06 15:39 . 2008-12-30 18:55 <DIR> d-------- c:\program files\DNA
2008-11-06 15:39 . 2008-11-06 15:39 <DIR> d-------- c:\program files\BitTorrent
2008-11-06 15:39 . 2008-12-30 19:15 <DIR> d-------- c:\documents and settings\pc\Application Data\DNA
2008-11-06 15:39 . 2008-12-12 19:17 <DIR> d-------- c:\documents and settings\pc\Application Data\BitTorrent
2008-11-06 15:38 . 2008-11-06 15:38 <DIR> d-------- c:\program files\AskSearch
2008-11-06 15:38 . 2008-11-13 10:42 <DIR> d-------- c:\program files\AskBarDis
2008-11-06 14:24 . 2008-11-06 14:24 0 --a------ c:\windows\nsreg.dat
2008-11-06 14:11 . 2008-11-13 18:46 <DIR> d-------- c:\documents and settings\pc\Contacts
2008-11-04 14:40 . 2008-12-30 18:56 177 --a------ C:\ASWL2K.ini
2008-11-04 14:38 . 2008-11-04 14:38 <DIR> d-------- c:\program files\ASUS
2008-11-04 14:38 . 2006-02-21 17:23 525,824 --a------ c:\windows\system32\ASWL2K.exe
2008-11-04 14:38 . 2004-05-06 12:21 496,640 --a------ c:\windows\system32\ASWLSVC.exe
2008-11-04 14:38 . 2004-05-07 18:57 159,827 --a------ c:\windows\system32\RemSvc.exe
2008-11-04 14:38 . 2003-10-09 19:38 141,824 --a------ c:\windows\system32\ClientCpl.cpl
2008-11-04 14:38 . 2002-09-09 21:01 61,440 --a------ c:\windows\system32\ASUSW32N50.dll
2008-11-04 14:38 . 2008-11-04 14:38 20,747 --a------ c:\windows\system32\drivers\AegisP.sys
2008-11-04 14:38 . 2002-09-09 19:54 16,269 --a------ c:\windows\system32\ASNDIS5.sys
2008-11-04 14:38 . 2001-04-16 05:48 15,577 --a------ c:\windows\system32\ASNDIS3.vxd
2008-11-04 14:36 . 2005-02-11 21:46 371,712 --a------ c:\windows\system32\drivers\BCMWL5.SYS
2008-11-04 14:29 . 2008-11-04 14:30 <DIR> d-------- c:\windows\Modio
2008-11-04 14:17 . 2008-11-04 14:17 <DIR> d-------- c:\program files\C-Media 3D Audio
2008-11-04 14:17 . 2003-12-11 15:44 2,453,504 --a------ c:\windows\system\cmicnfg.cpl
2008-11-04 14:16 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2008-11-04 14:02 . 2008-11-04 14:02 <DIR> d-------- c:\program files\VIA
2008-11-04 13:53 . 2008-11-04 13:53 <DIR> d-------- c:\program files\ATI Technologies
2008-11-04 13:53 . 2006-02-21 21:05 520,192 --a------ c:\windows\system32\ati2sgag.exe
2008-11-04 13:53 . 2008-11-04 13:53 982 --a------ c:\windows\ATICIM.INI
2008-11-04 13:52 . 2008-11-04 13:52 <DIR> d-------- C:\Service
2008-11-04 12:19 . 2001-08-23 12:00 28,288 --a--c--- c:\windows\system32\dllcache\xjis.nls
2008-11-04 12:17 . 2001-08-23 12:00 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll
2008-11-04 12:16 . 2004-08-03 23:56 2,134,528 --a--c--- c:\windows\system32\dllcache\smtpsnap.dll
2008-11-04 12:15 . 2004-08-03 23:56 221,184 --a------ c:\windows\system32\wmpns.dll
2008-11-04 12:14 . 2008-11-04 12:14 749 -rah----- c:\windows\WindowsShell.Manifest
2008-11-04 12:14 . 2008-11-04 12:14 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2008-11-04 12:14 . 2008-11-04 12:14 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2008-11-04 12:14 . 2008-11-04 12:14 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2008-11-04 12:14 . 2008-11-04 12:14 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2008-11-04 12:14 . 2008-11-04 12:14 488 -rah----- c:\windows\system32\logonui.exe.manifest
2008-11-04 12:10 . 2006-02-22 05:30 2,636,672 --a--c--- c:\windows\system32\dllcache\ati3duag.dll
2008-11-04 12:10 . 2006-02-22 05:30 2,636,672 --a------ c:\windows\system32\ati3duag.dll
2008-11-04 12:10 . 2006-02-22 05:46 1,505,792 --a------ c:\windows\system32\drivers\ati2mtag.sys
2008-11-04 12:10 . 2006-02-22 05:46 1,505,792 --a--c--- c:\windows\system32\dllcache\ati2mtag.sys
2008-11-04 12:10 . 2004-08-04 00:56 870,784 --a------ c:\windows\system32\ati3d1ag.dll
2008-11-04 12:10 . 2006-02-22 05:24 860,480 --a--c--- c:\windows\system32\dllcache\ativvaxx.dll
2008-11-04 12:10 . 2006-02-22 05:24 860,480 --a------ c:\windows\system32\ativvaxx.dll
2008-11-04 12:10 . 2006-02-22 05:04 258,048 --a------ c:\windows\system32\ati2cqag.dll
2008-11-04 12:10 . 2006-02-22 05:46 256,512 --a------ c:\windows\system32\ati2dvag.dll
2008-11-04 12:10 . 2001-08-17 12:13 27,165 --a------ c:\windows\system32\drivers\fetnd5.sys
2008-11-04 12:06 . 2004-08-04 00:58 2,012,670 --a--c--- c:\windows\system32\dllcache\NT5.CAT
2008-11-04 12:06 . 2004-08-04 00:57 1,086,058 --a--c--- c:\windows\system32\dllcache\NTPRINT.CAT
2008-11-04 12:06 . 2004-08-04 00:57 1,086,058 -ra------ c:\windows\SET2E.tmp
2008-11-04 12:06 . 2004-08-04 01:03 1,042,903 --a--c--- c:\windows\system32\dllcache\SP2.CAT
2008-11-04 12:06 . 2004-08-04 01:03 1,042,903 -ra------ c:\windows\SET2B.tmp
2008-11-04 12:06 . 2001-08-23 12:00 797,189 --a--c--- c:\windows\system32\dllcache\NT5IIS.CAT
2008-11-04 12:06 . 2004-08-04 00:58 502,724 --a--c--- c:\windows\system32\dllcache\NT5INF.CAT
2008-11-04 12:06 . 2001-08-23 12:00 399,645 --a--c--- c:\windows\system32\dllcache\MAPIMIG.CAT
2008-11-04 12:06 . 2004-08-04 00:58 13,753 -ra------ c:\windows\SET3A.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-11 15:32 --------- d-----w c:\program files\Java
2008-12-08 22:51 --------- d-----w c:\program files\ESET
2008-11-20 16:11 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-04 13:37 --------- d-----w c:\program files\Common Files\InstallShield
2008-09-12 09:09 299,392 ----a-w c:\windows\system32\imon.dll
2008-09-11 18:49 155,995 ----a-w c:\windows\java\Packages\VHFJDRPJ.ZIP
2002-01-25 14:57 3,544,576 ----a-w c:\program files\LIPSETUP.MSI
2001-11-23 11:08 712,704 ----a-w c:\windows\inf\OTHER\AUDIO3D.DLL
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\msocache\ ----

2008-09-11 19:48 89136 --a------ c:\msocache\\All Users\91FF141a-6000-11D3-8CFE-0150048383C9\FILES\SETUP\OSE.EXE
2008-09-11 19:48 804864 --a------ c:\msocache\\All Users\91FF141a-6000-11D3-8CFE-0150048383C9\LIP.MSI
2008-09-11 19:48 6297276 --a------ c:\msocache\\All Users\91FF141a-6000-11D3-8CFE-0150048383C9\LIP5146.CAB
2008-09-11 19:48 37054 --a------ c:\msocache\\All Users\91FF141a-6000-11D3-8CFE-0150048383C9\FILES\WINDOWS\INF\AER_5146.ADM
2008-09-11 19:48 13188 --a------ c:\msocache\\All Users\91FF141a-6000-11D3-8CFE-0150048383C9\FILES\PFILES\MSOFFICE\OFFICE11\SETUP.CHM
2008-09-11 19:48 111336 --a------ c:\msocache\\All Users\91FF141a-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\MSSHARED\DW\5146\DWINTL20.DLL
2008-09-11 19:35 89136 --a------ c:\msocache\\All Users\90850409-6000-11D3-8CFE-0150048383C9\FILES\SETUP\OSE.EXE
2008-09-11 19:35 886272 --a------ c:\msocache\\All Users\90850409-6000-11D3-8CFE-0150048383C9\WORDVIEW.MSI
2008-09-11 19:35 11761739 --a------ c:\msocache\\All Users\90850409-6000-11D3-8CFE-0150048383C9\WDVIEWER.CAB
2008-02-10 13:12 9298714 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\X2561401.CAB
2008-02-10 13:12 91858 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\ZV561401.CAB
2008-02-10 13:12 83634 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\ZI561402.CAB
2008-02-10 13:12 821637 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\YO561403.CAB
2008-02-10 13:12 8114251 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\YA561403.CAB
2008-02-10 13:12 8012757 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\YB561408.CAB
2008-02-10 13:12 763821 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\ZE561406.CAB
2008-02-10 13:12 668276 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\ZQ561401.CAB
2008-02-10 13:12 63208 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\YM561403.CAB
2008-02-10 13:12 6291 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\ZZ561401.CAB
2008-02-10 13:12 6270298 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\W2561405.CAB
2008-02-10 13:12 614643 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\YC561403.CAB
2008-02-10 13:12 47824 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\ZG561401.CAB
2008-02-10 13:12 47671800 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\YS561401.CAB
2008-02-10 13:12 456846 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\ZY561401.CAB
2008-02-10 13:12 4475718 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\YH561403.CAB
2008-02-10 13:12 441429 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\ZS561401.CAB
2008-02-10 13:12 353051 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\ZT561401.CAB
2008-02-10 13:12 310133 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\ZO561401.CAB
2008-02-10 13:12 2948275 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\WV561405.CAB
2008-02-10 13:12 27929 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\ZR561403.CAB
2008-02-10 13:12 274001 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\ZN561401.CAB
2008-02-10 13:12 2679261 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\ZC561402.CAB
2008-02-10 13:12 2642875 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\W3561405.CAB
2008-02-10 13:12 243555 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\ZH561403.CAB
2008-02-10 13:12 2248811 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\ZF561402.CAB
2008-02-10 13:12 2057146 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\V3561403.CAB
2008-02-10 13:12 2056750 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\TR308222.CAB
2008-02-10 13:12 192632 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\ZA561401.CAB
2008-02-10 13:12 17922 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\ZU561401.CAB
2008-02-10 13:12 1692636 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\ZD561402.CAB
2008-02-10 13:12 1539271 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\YL561402.CAB
2008-02-10 13:12 147457 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\ZK561401.CAB
2008-02-10 13:12 14446 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\YT561401.CAB
2008-02-10 13:12 1440029 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\YI561401.CAB
2008-02-10 13:12 107454 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\ZM561401.CAB
2008-02-10 13:12 1038975 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\W4561405.CAB
2008-02-10 13:12 103723 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\ZJ561401.CAB
2008-02-10 13:12 1013663 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\X3561401.CAB
2008-02-10 13:11 947433 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\LV561403.CAB
2008-02-10 13:11 915570 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\MG561403.CAB
2008-02-10 13:11 883593 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\MO561403.CAB
2008-02-10 13:11 7645762 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\PR308246.CAB
2008-02-10 13:11 720116 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\E4561410.CAB
2008-02-10 13:11 706243 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\CL561401.CAB
2008-02-10 13:11 6282476 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\SKU011.CAB
2008-02-10 13:11 611657 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\CS561401.CAB
2008-02-10 13:11 6108423 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\PR103368.CAB
2008-02-10 13:11 5675627 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\A3561405.CAB
2008-02-10 13:11 5671270 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\P3561401.CAB
2008-02-10 13:11 545200 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\Q4561405.CAB
2008-02-10 13:11 5331769 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\E2561410.CAB
2008-02-10 13:11 5279842 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\M3561404.CAB
2008-02-10 13:11 50808 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\M2561406.CAB
2008-02-10 13:11 473931 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\SKU011.XML
2008-02-10 13:11 471375 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\P4561402.CAB
2008-02-10 13:11 466445 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\GV561403.CAB
2008-02-10 13:11 38260 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\IS561401.CAB
2008-02-10 13:11 3580152 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\A2561405.CAB
2008-02-10 13:11 3563686 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\M9561403.CAB
2008-02-10 13:11 3540973 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\PR103678.CAB
2008-02-10 13:11 323898 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\CD561401.CAB
2008-02-10 13:11 313441 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\MA561403.CAB
2008-02-10 13:11 3053221 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\Q2561405.CAB
2008-02-10 13:11 3032343 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\A4561405.CAB
2008-02-10 13:11 30137 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\O0561401.CAB
2008-02-10 13:11 300700 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\L9561403.CAB
2008-02-10 13:11 2977781 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\E3561405.CAB
2008-02-10 13:11 29543747 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\P2561401.CAB
2008-02-10 13:11 2951706 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\PW561401.CAB
2008-02-10 13:11 2531817 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\MT561403.CAB
2008-02-10 13:11 2487448 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\CP561401.CAB
2008-02-10 13:11 2374394 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\MH561401.CAB
2008-02-10 13:11 2346637 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\Q3561405.CAB
2008-02-10 13:11 2306744 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\CR561401.CAB
2008-02-10 13:11 2277520 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\MC561403.CAB
2008-02-10 13:11 2164117 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\EV561405.CAB
2008-02-10 13:11 2084690 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\TR103621.CAB
2008-02-10 13:11 2071027 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\CF561401.CAB
2008-02-10 13:11 1952821 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\AV561403.CAB
2008-02-10 13:11 1867474 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\L3561403.CAB
2008-02-10 13:11 178500 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\O9561403.CAB
2008-02-10 13:11 1740699 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\PA561401.CAB
2008-02-10 13:11 1681457 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\CC561401.CAB
2008-02-10 13:11 1673946 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\G3561403.CAB
2008-02-10 13:11 13650283 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\IU561401.CAB
2008-02-10 13:11 1256026 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\QV561405.CAB
2008-02-10 13:11 1255537 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\PV561401.CAB
2008-02-10 13:11 12391934 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\O1561403.CAB
2008-02-10 13:11 1232028 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\CM561401.CAB
2008-02-10 13:11 12037546 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\M4561403.CAB
2008-02-10 13:11 107046 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\IJ561401.CAB
2008-02-10 13:11 10629703 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\L2561403.CAB
2008-02-10 13:11 1054743 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\L4561403.CAB
2008-02-10 13:10 89136 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\SETUP\OSE.EXE
2008-02-10 13:10 620088 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\MSSHARED\DW\DW20.EXE
2008-02-10 13:10 5922816 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\PRO11.MSI
2008-02-10 13:10 57400 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\PFILES\MSOFFICE\OFFICE11\OFFCLN.EXE
2008-02-10 13:10 494120 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\PFILES\MSOFFICE\OFFICE11\OCLNCORE.OPC
2008-02-10 13:10 39992 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\MSSHARED\DW\DWDCW20.DLL
2008-02-10 13:10 34880 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\MSSHARED\DW\DWTRIG20.EXE
2008-02-10 13:10 34066 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\WINDOWS\INF\AER_1033.ADM
2008-02-10 13:10 272824 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\PFILES\MSOFFICE\OFFICE11\1033\SETUP.CHM
2008-02-10 13:10 223288 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\PFILES\MSOFFICE\OFFICE11\OCLEAN.DLL
2008-02-10 13:10 135 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\PFILES\MSOFFICE\OFFICE11\1033\OCLNINTL.OPC
2008-02-10 13:10 13275 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\PFILES\MSOFFICE\OFFICE11\OCLNCUST.OPC
2008-02-10 13:10 11378 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\PFILES\MSOFFICE\OFFICE11\1033\PSS10R.CHM
2008-02-10 13:10 11142 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\PFILES\MSOFFICE\OFFICE11\1033\PSS10O.CHM
2008-02-10 13:10 109120 --a------ c:\msocache\\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\MSSHARED\DW\1033\DWINTL20.DLL


((((((((((((((((((((((((((((( snapshot@2008-12-30_17.48.31.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-30 17:55:47 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_e0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 17:24 325000 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-11-06 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-11 136600]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-09-12 950664]
"Control Center"="c:\program files\ASUS\WLAN Card Utilities\Center.exe" [2006-03-02 1667584]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"Cmaudio"="cmicnfg.cpl" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\AirLive\Bluetooth Software\BTTray.exe [2005-12-02 618557]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-09-12 15424]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51:58 13560]
R3 ASNDIS5;ASNDIS5 Protocol Driver;\??\c:\windows\system32\ASNDIS5.SYS [2008-11-04 16269]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"c:\program files\MSN Messenger\usnsvc.exe" [2007-01-19 97136]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d72cb42-d748-11dc-9d16-806d6172696f}]
\Shell\AutoRun\command - D:\INTRO.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EED000E6-BD58-EAE9-C012-E0DF26905072}]
c:\windows\system32\Explorer.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.a2articles.com
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\AirLive\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\windows\system32\imon.dll
TCP: {F026372C-58E5-43BC-9767-3F9F7FFA3CE2} = 87.250.98.250 208.67.222.222

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\pc\Application Data\Mozilla\Firefox\Profiles\f7ug7hxp.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=101764&l=dis
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-12-30 19:25:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(872)
c:\windows\system32\imon.dll
.
Completion time: 2008-12-30 19:26:43
ComboFix-quarantined-files.txt 2008-12-30 18:26:24
ComboFix2.txt 2008-12-30 17:51:46
ComboFix3.txt 2008-12-30 17:35:58
ComboFix4.txt 2008-12-30 17:28:21

Pre-Run: 32.176.300.032 bytes free
Post-Run: 32,166,440,960 bytes free

327

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Jos jedan skript:

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\Explorer.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d72cb42-d748-11dc-9d16-806d6172696f}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EED000E6-BD58-EAE9-C012-E0DF26905072}]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

=====================================

Sta ti je drajv D: ?
Je li to CD-ROM ili particija na hard disku?
=====================================

Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati to u Clipboard.
U polju za pisanje poruke na forumu klikni desno dugme misa i odaberi opciju Paste.

Ko je trenutno na forumu
 

Ukupno su 650 korisnika na forumu :: 12 registrovanih, 1 sakriven i 637 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: -[CoA]-, _Rade, Battlehammer, bojank, cikadeda, dragoljub11987, gorantrojka, hyla, Krvava Devetka, Lord Nem, opt1, sovanova95