MyCity » Ambulanta -> Arhiva Ambulante » Problem sa malware-om "Spyware Guard 2008"

Problem sa malware-om "Spyware Guard 2008"

Napisano na dan: 22.12.2008
2

Problem sa malware-om "Spyware Guard 2008"
Pagination Prethodna strana

Idi na vrh

Poslao: 25 Dec 2008 13:47
Idi na vrh
offline
  • BIO  Male
  • Super građanin
  • Pridružio: 12 Jun 2005
  • Poruke: 1056
  • Gde živiš: Beograd

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Genuine Intel(R) CPU 2160 @ 1.80GHz )
BIOS : BIOS Date: 03/27/07 20:20:38 Ver: 08.00.12
USER : b ( Administrator )
BOOT : Normal boot
Antivirus : ESET NOD32 antivirus system 2.70 2.70 (Activated)
C:\ (Local Disk) - NTFS - Total:298 Go (Free:32 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (USB) - FAT32 - Total:3926 Mo (Free:1 Go)
G:\ (CD or DVD)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( cet 25.12.2008|13:40 )

--------------------\\ Listing folders in APPLIC~1

[29.12.2007|20:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[22.12.2008|12:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\Opera

[17.12.2008|17:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[05.12.2008|21:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[18.03.2008|20:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ALM
[30.11.2008|18:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[14.11.2008|19:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI
[16.11.2007|21:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bluetooth
[16.11.2008|22:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fallout3
[05.12.2008|21:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
[25.12.2008|02:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[17.03.2008|21:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GRETECH
[09.08.2007|07:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\heart nurb web part
[09.12.2007|12:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InterVideo
[22.12.2008|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[18.09.2007|12:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\part dead amok eggs
[05.08.2007|08:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[30.10.2007|10:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
[30.10.2007|10:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
[05.12.2008|14:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[01.12.2007|21:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[18.04.2008|11:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Winferno
[04.10.2007|23:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\X10 Settings

[05.12.2008|21:13] C:\DOCUME~1\b\APPLIC~1\Adobe
[11.08.2007|17:11] C:\DOCUME~1\b\APPLIC~1\AdobeUM
[21.08.2007|12:42] C:\DOCUME~1\b\APPLIC~1\Ahead
[14.11.2008|19:31] C:\DOCUME~1\b\APPLIC~1\ATI
[16.11.2008|22:26] C:\DOCUME~1\b\APPLIC~1\DAEMON Tools
[27.04.2008|17:03] C:\DOCUME~1\b\APPLIC~1\DeskCallNG
[13.11.2007|19:50] C:\DOCUME~1\b\APPLIC~1\Google
[17.03.2008|21:56] C:\DOCUME~1\b\APPLIC~1\GRETECH
[04.02.2008|22:29] C:\DOCUME~1\b\APPLIC~1\Hamachi
[07.08.2007|12:07] C:\DOCUME~1\b\APPLIC~1\Help
[21.07.2007|22:40] C:\DOCUME~1\b\APPLIC~1\Identities
[09.12.2007|12:17] C:\DOCUME~1\b\APPLIC~1\Intervideo
[16.08.2007|12:00] C:\DOCUME~1\b\APPLIC~1\LimeWire
[22.07.2007|00:12] C:\DOCUME~1\b\APPLIC~1\Macromedia
[20.02.2008|21:18] C:\DOCUME~1\b\APPLIC~1\Microsoft
[08.12.2008|12:19] C:\DOCUME~1\b\APPLIC~1\Mozilla
[04.01.2008|00:01] C:\DOCUME~1\b\APPLIC~1\MSNInstaller
[01.04.2008|22:59] C:\DOCUME~1\b\APPLIC~1\MySpace
[22.07.2007|01:43] C:\DOCUME~1\b\APPLIC~1\Opera
[09.12.2007|13:22] C:\DOCUME~1\b\APPLIC~1\SecondLife
[17.12.2008|17:57] C:\DOCUME~1\b\APPLIC~1\SecuROM
[05.02.2008|17:19] C:\DOCUME~1\b\APPLIC~1\Skype
[30.10.2007|10:59] C:\DOCUME~1\b\APPLIC~1\Sony Ericsson
[19.11.2007|15:59] C:\DOCUME~1\b\APPLIC~1\Spam proxy settings
[30.10.2007|10:59] C:\DOCUME~1\b\APPLIC~1\Teleca
[21.01.2008|12:52] C:\DOCUME~1\b\APPLIC~1\Trillian
[25.12.2008|11:13] C:\DOCUME~1\b\APPLIC~1\WTablet

[25.07.2008|16:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[21.07.2007|22:33] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[21.07.2007|22:33] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[26.01.2008|12:39] C:\DOCUME~1\LOCALS~1\APPLIC~1\WTablet

[21.07.2007|22:33] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[25.12.2008 11:13][--ah-----] C:\WINDOWS\tasks\SA.DAT
[23.08.2001 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[04.03.2008|18:04] C:\Program Files\3wPlayer
[18.04.2008|11:29] C:\Program Files\abcAVI
[04.03.2008|22:57] C:\Program Files\AC3Filter
[05.12.2008|21:06] C:\Program Files\Adobe
[05.12.2008|20:26] C:\Program Files\Adobe Media Player
[30.07.2007|08:45] C:\Program Files\Alcohol Soft
[21.07.2007|22:51] C:\Program Files\Analog Devices
[04.03.2008|22:52] C:\Program Files\AngelPotion Video Codec V1
[05.12.2008|18:25] C:\Program Files\ApexDC++_Gusari_XY6
[08.08.2007|14:24] C:\Program Files\ASC Games
[14.11.2008|18:15] C:\Program Files\ATI Multimedia
[14.11.2008|19:27] C:\Program Files\ATI Technologies
[18.03.2008|14:10] C:\Program Files\Autodesk
[16.11.2008|22:53] C:\Program Files\Bethesda Softworks
[25.11.2008|23:38] C:\Program Files\BitComet
[06.04.2008|17:11] C:\Program Files\BlackIsle
[25.12.2007|01:57] C:\Program Files\Bonjour
[17.03.2008|21:36] C:\Program Files\CDex_150
[25.07.2007|12:08] C:\Program Files\Codec
[25.12.2008|02:44] C:\Program Files\Common Files
[11.02.2008|10:48] C:\Program Files\CSS
[16.11.2008|22:29] C:\Program Files\DAEMON Tools Lite
[30.11.2008|10:32] C:\Program Files\DeskCall NG
[04.03.2008|23:23] C:\Program Files\DivX
[30.11.2008|10:32] C:\Program Files\Dofus
[17.12.2008|17:44] C:\Program Files\Electronic Arts
[07.02.2008|23:25] C:\Program Files\ESET
[25.07.2007|12:08] C:\Program Files\ffdshow
[18.03.2008|12:21] C:\Program Files\Fusion
[18.03.2008|14:12] C:\Program Files\GLOBEtrotter Software Inc
[25.07.2008|16:04] C:\Program Files\Google
[17.03.2008|21:56] C:\Program Files\GRETECH
[25.01.2008|13:25] C:\Program Files\Guitar Pro 5
[16.10.2007|20:33] C:\Program Files\Half Life 2
[14.12.2007|01:25] C:\Program Files\id Software
[20.10.2007|13:21] C:\Program Files\Image-Line
[14.12.2008|22:13] C:\Program Files\Imagenomic
[17.12.2008|17:43] C:\Program Files\InstallShield Installation Information
[21.07.2007|22:47] C:\Program Files\Intel
[24.11.2007|09:05] C:\Program Files\Internet Explorer
[17.10.2007|09:14] C:\Program Files\Java
[25.07.2007|12:08] C:\Program Files\JockerSoft
[18.08.2007|15:23] C:\Program Files\Lavalys
[28.08.2007|08:52] C:\Program Files\Logitech
[15.12.2007|14:49] C:\Program Files\MagicTune Premium
[25.07.2007|12:09] C:\Program Files\MediaCoder
[21.07.2007|22:30] C:\Program Files\Messenger
[17.12.2008|18:59] C:\Program Files\Microsoft ActiveSync
[21.07.2007|22:35] C:\Program Files\microsoft frontpage
[15.12.2007|19:05] C:\Program Files\Microsoft Games
[17.12.2008|18:59] C:\Program Files\Microsoft Office
[17.12.2008|18:59] C:\Program Files\Microsoft.NET
[24.04.2008|11:22] C:\Program Files\MIKSOFT
[21.07.2007|22:31] C:\Program Files\Movie Maker
[25.12.2008|00:56] C:\Program Files\Mozilla Firefox
[16.11.2008|22:52] C:\Program Files\MSBuild
[04.01.2008|00:00] C:\Program Files\MSN
[21.07.2007|22:30] C:\Program Files\MSN Gaming Zone
[20.02.2008|21:32] C:\Program Files\MSN Messenger
[12.10.2007|14:40] C:\Program Files\Multimedia Card Reader
[11.08.2007|17:13] C:\Program Files\Mv2Player
[01.04.2008|22:59] C:\Program Files\MySpace
[03.12.2008|22:36] C:\Program Files\Nero
[25.04.2008|12:16] C:\Program Files\NetMeeting
[21.07.2007|23:11] C:\Program Files\Online Services
[07.12.2008|18:27] C:\Program Files\Opera
[21.07.2007|22:31] C:\Program Files\Outlook Express
[02.01.2008|20:32] C:\Program Files\Pocket Tanks
[30.11.2008|18:00] C:\Program Files\QT Lite
[18.03.2008|20:30] C:\Program Files\QuickTime
[24.12.2008|13:22] C:\Program Files\RapidTyping
[12.10.2007|20:54] C:\Program Files\Razer
[21.07.2007|22:53] C:\Program Files\Realtek
[16.11.2008|22:50] C:\Program Files\Reference Assemblies
[17.08.2007|11:06] C:\Program Files\Samsung ML-2010 Series
[26.07.2007|21:44] C:\Program Files\SEC
[05.08.2007|08:42] C:\Program Files\Skype
[30.10.2007|10:56] C:\Program Files\Sony Ericsson
[20.10.2007|13:48] C:\Program Files\Sony Setup
[30.11.2008|10:34] C:\Program Files\Soulseek
[14.09.2007|01:24] C:\Program Files\Spam proxy settings
[09.04.2008|20:25] C:\Program Files\Steam
[26.12.2007|19:45] C:\Program Files\Tablet
[05.12.2008|18:48] C:\Program Files\The Witcher
[05.12.2008|18:52] C:\Program Files\THQ
[05.12.2008|14:32] C:\Program Files\Topaz Labs
[27.05.2008|22:06] C:\Program Files\Trillian
[22.01.2008|00:17] C:\Program Files\TrillianAstra
[04.03.2008|22:58] C:\Program Files\Tsunami-Filter-Pack
[21.07.2007|23:25] C:\Program Files\Uninstall Information
[23.11.2008|00:01] C:\Program Files\Valve
[31.07.2007|15:56] C:\Program Files\Vimicro
[16.11.2007|21:37] C:\Program Files\Vodei
[20.10.2007|13:20] C:\Program Files\VstPlugins
[30.11.2008|10:32] C:\Program Files\Winamp
[21.07.2007|23:25] C:\Program Files\Windows Media Components
[19.05.2008|14:44] C:\Program Files\Windows Media Player
[21.07.2007|22:30] C:\Program Files\Windows NT
[21.07.2007|22:32] C:\Program Files\WindowsUpdate
[08.12.2007|17:02] C:\Program Files\WinFast
[07.08.2007|12:07] C:\Program Files\WinRAR
[04.03.2008|18:06] C:\Program Files\WinSpyKiller
[21.07.2007|22:35] C:\Program Files\xerox
[04.03.2008|23:02] C:\Program Files\XviD

--------------------\\ Listing Folders in C:\Program Files\Common Files

[05.12.2008|20:41] C:\Program Files\Common Files\Adobe
[05.12.2008|20:25] C:\Program Files\Common Files\Adobe AIR
[03.12.2008|22:36] C:\Program Files\Common Files\Ahead
[14.11.2008|19:24] C:\Program Files\Common Files\ATI Technologies
[18.03.2008|20:44] C:\Program Files\Common Files\Control Panels
[17.12.2008|18:59] C:\Program Files\Common Files\DESIGNER
[31.07.2007|15:56] C:\Program Files\Common Files\InstallShield
[16.08.2007|08:19] C:\Program Files\Common Files\Java
[28.08.2007|08:52] C:\Program Files\Common Files\Logitech
[25.12.2007|01:49] C:\Program Files\Common Files\Macrovision Shared
[17.12.2008|18:59] C:\Program Files\Common Files\Microsoft Shared
[21.07.2007|22:31] C:\Program Files\Common Files\MSSoap
[21.07.2007|06:24] C:\Program Files\Common Files\ODBC
[21.07.2007|22:31] C:\Program Files\Common Files\Services
[05.08.2007|08:42] C:\Program Files\Common Files\Skype
[21.07.2007|06:24] C:\Program Files\Common Files\SpeechEngines
[17.12.2008|18:59] C:\Program Files\Common Files\System
[30.10.2007|10:56] C:\Program Files\Common Files\Teleca Shared
[22.11.2007|08:38] C:\Program Files\Common Files\Ulead Systems

--------------------\\ Process

( 33 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\ALLUSE~1\APPLIC~1\part dead amok eggs
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\3wPlayer
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\3wPlayer\3wPlayer.lnk
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\3wPlayer\Uninstall 3wPlayer.lnk
C:\Program Files\3wPlayer
C:\Program Files\3wPlayer\3wPlayer.exe
C:\Program Files\3wPlayer\settings.ini
C:\Program Files\3wPlayer\settings.stp
C:\Program Files\3wPlayer\SkinCrafterDll.dll
C:\Program Files\3wPlayer\skins
C:\Program Files\3wPlayer\test.gif
C:\Program Files\3wPlayer\unins000.dat
C:\Program Files\3wPlayer\unins000.exe
C:\DOCUME~1\b\Cookies\b@inside.3wplayer[2].txt
C:\DOCUME~1\b\Cookies\b@www.lop[1].txt
C:\DOCUME~1\b\Cookies\b@888[2].txt
C:\DOCUME~1\b\Cookies\b@888[3].txt

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Checking the Hosts file

Hosts file MODIFIED

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

-> 77 [ 70 ## added by CiD ]

/!\ 4 Not 127.0.0.1 !!

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-25 13:40:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 22

--------------------\\ Searching for other infections

--------------------\\ ROGUES ..

C:\DOCUME~1\b\STARTM~1\Programs\Spyware Guard 2008

--------------------\\ (zabranjeno)s & Keygens ..

C:\DOCUME~1\b\Application Data\LimeWire\.AppSpecialShare\Lavalys.EVEREST.Ultimate.Edition.v4.00.976.incl.Keygen.rar.torrent
C:\DOCUME~1\b\Desktop\Slike sa neta\Ass_(zabranjeno)_Bottoms.jpg
C:\DOCUME~1\b\Desktop\Slike sa neta\(zabranjeno)_Is_Funny.jpg
C:\DOCUME~1\b\Local Settings\Application Data\Opera\Opera\profile\images\www.(zabranjeno).ms.ico
C:\DOCUME~1\b\Recent\Crysis.Warhead.(zabranjeno)-TDM_[www.NewTorrents.info].lnk
C:\DOCUME~1\b\Recent\Total_Commander_7.04_FIXED_incl_Keygen_[RSiP].4327344.TPB.lnk
C:\DOCUME~1\b\Recent\WinAmp_Pro_v5.541.2189_Keygen[h33t]MasterUploader.4526614.TPB.lnk


[F:7][D:3]-> C:\DOCUME~1\b\LOCALS~1\Temp
[F:115][D:0]-> C:\DOCUME~1\b\Cookies
[F:8][D:3]-> C:\DOCUME~1\b\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - cet 25.12.2008|13:42 - Option : [1]

--------------------\\ Scan completed at 13:42:15

Poslao: 25 Dec 2008 14:58
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\DOCUME~1\b\Cookies\b@inside.3wplayer[2].txt
C:\DOCUME~1\b\Cookies\b@www.lop[1].txt
C:\DOCUME~1\b\Cookies\b@888[2].txt
C:\DOCUME~1\b\Cookies\b@888[3].txt

Folder::
C:\Documents and Settings\All Users\Application Data\heart nurb web part
C:\Documents and Settings\All Users\Application Data\part dead amok eggs
C:\Documents and Settings\All Users\Application Data\Winferno
C:\Documents and Settings\b\Application Data\Spam proxy settings
C:\Program Files\3wPlayer
C:\Program Files\Spam proxy settings
C:\Program Files\WinSpyKiller
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\3wPlayer
C:\DOCUME~1\b\STARTM~1\Programs\Spyware Guard 2008


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 25 Dec 2008 18:16
Idi na vrh
offline
  • BIO  Male
  • Super građanin
  • Pridružio: 12 Jun 2005
  • Poruke: 1056
  • Gde živiš: Beograd

ComboFix 08-12-21.04 - b 2008-12-25 18:08:19.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1583 [GMT 1:00]
Running from: c:\documents and settings\b\Desktop\123.exe
Command switches used :: c:\documents and settings\b\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
c:\docume~1\b\Cookies\b@888[2].txt
c:\docume~1\b\Cookies\b@888[3].txt
c:\docume~1\b\Cookies\b@inside.3wplayer[2].txt
c:\docume~1\b\Cookies\b@www.lop[1].txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ALLUSE~1\STARTM~1\Programs\3wPlayer
c:\docume~1\ALLUSE~1\STARTM~1\Programs\3wPlayer\3wPlayer.lnk
c:\docume~1\ALLUSE~1\STARTM~1\Programs\3wPlayer\Uninstall 3wPlayer.lnk
c:\docume~1\b\Cookies\b@888[2].txt
c:\docume~1\b\Cookies\b@888[3].txt
c:\docume~1\b\Cookies\b@inside.3wplayer[2].txt
c:\docume~1\b\Cookies\b@www.lop[1].txt
c:\docume~1\b\STARTM~1\Programs\Spyware Guard 2008
c:\docume~1\b\STARTM~1\Programs\Spyware Guard 2008\Spyware Guard 2008.lnk
c:\docume~1\b\STARTM~1\Programs\Spyware Guard 2008\Uninstall.lnk
c:\documents and settings\All Users\Application Data\heart nurb web part
c:\documents and settings\All Users\Application Data\part dead amok eggs
c:\documents and settings\All Users\Application Data\Winferno
c:\documents and settings\b\Application Data\Spam proxy settings
c:\documents and settings\b\Application Data\Spam proxy settings\0
c:\documents and settings\b\Application Data\Spam proxy settings\fiterfif.exe
c:\documents and settings\b\Application Data\Spam proxy settings\mgyfithi.exe
c:\documents and settings\b\Application Data\Spam proxy settings\Savepolltick.exe
c:\documents and settings\b\Application Data\Spam proxy settings\wcipksik.exe
c:\program files\3wPlayer
c:\program files\3wPlayer\3wPlayer.exe
c:\program files\3wPlayer\settings.ini
c:\program files\3wPlayer\settings.stp
c:\program files\3wPlayer\SkinCrafterDll.dll
c:\program files\3wPlayer\skins\Stylish.skf
c:\program files\3wPlayer\test.gif
c:\program files\3wPlayer\Thumbs.db
c:\program files\3wPlayer\unins000.dat
c:\program files\3wPlayer\unins000.exe
c:\program files\Spam proxy settings
c:\program files\WinSpyKiller
c:\program files\WinSpyKiller\WinSpyKiller.lic
c:\program files\WinSpyKiller\WinSpyKiller0.wk
c:\program files\WinSpyKiller\WinSpyKiller1.wk
c:\windows\system32\Dvbpws.dll

.
((((((((((((((((((((((((( Files Created from 2008-11-25 to 2008-12-25 )))))))))))))))))))))))))))))))
.

2008-12-25 13:39 . 2008-12-25 13:42 <DIR> d-------- C:\Lop SD
2008-12-17 21:46 . 2008-12-19 13:27 <DIR> d-------- C:\flashhh
2008-12-17 18:59 . 2008-12-17 18:59 <DIR> d-------- c:\windows\SHELLNEW
2008-12-17 18:59 . 2008-12-17 18:59 <DIR> d-------- c:\program files\Microsoft.NET
2008-12-17 18:59 . 2008-12-17 18:59 <DIR> d-------- c:\program files\Microsoft ActiveSync
2008-12-17 17:57 . 2008-12-17 17:57 <DIR> dr-h----- c:\documents and settings\b\Application Data\SecuROM
2008-12-17 17:56 . 2008-12-17 17:56 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2008-12-17 17:43 . 2008-12-17 17:43 <DIR> d-------- C:\ProgramData
2008-12-17 17:43 . 2008-12-17 17:43 5,346 --a------ c:\windows\system32\ealregsnapshot1.reg
2008-12-14 22:13 . 2008-12-14 22:13 <DIR> d-------- c:\program files\Imagenomic
2008-12-07 12:47 . 2008-12-11 18:54 <DIR> d-------- C:\100CANON
2008-12-05 20:26 . 2008-12-05 20:26 <DIR> d-------- c:\program files\Adobe Media Player
2008-12-05 20:25 . 2008-12-05 20:25 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-12-05 19:28 . 2008-12-05 22:40 <DIR> d-------- C:\WinFast WorkArea
2008-12-05 18:56 . 2008-12-05 19:46 <DIR> d-------- C:\Adobe CS4
2008-12-05 14:34 . 2008-12-05 14:59 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-05 14:32 . 2008-12-05 14:32 <DIR> d-------- c:\program files\Topaz Labs
2008-12-03 22:35 . 2005-10-17 17:15 2,605,056 --a------ c:\windows\system32\BCGCBPRO800u.dll
2008-12-03 22:35 . 2005-10-17 17:07 2,600,960 --a------ c:\windows\system32\BCGCBPRO800.dll
2008-12-03 22:35 . 2004-07-26 17:16 1,568,768 --a------ c:\windows\system32\imagX7.dll
2008-12-03 22:35 . 2004-07-26 17:16 476,320 --a------ c:\windows\system32\imagXpr7.dll
2008-12-03 22:35 . 2004-07-26 17:16 471,040 --a------ c:\windows\system32\imagXRA7.dll
2008-12-03 22:35 . 2004-07-09 09:43 364,544 --a------ c:\windows\system32\TwnLib4.dll
2008-12-03 22:35 . 2004-07-26 17:16 262,144 --a------ c:\windows\system32\imagXR7.dll
2008-12-03 22:35 . 2005-12-23 17:50 32,768 --a------ c:\windows\system32\BCGPOleAcc.dll
2008-12-02 18:06 . 2008-12-13 23:07 <DIR> d-------- C:\srdjannnnnnnnnnnnnnnnnnnnnnnnnnnnnn
2008-11-30 18:00 . 2008-11-30 18:00 <DIR> d-------- c:\program files\QT Lite
2008-11-30 18:00 . 2008-11-30 18:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-30 18:00 . 2008-09-06 15:09 90,112 --a------ c:\windows\system32\QuickTimeVR.qtx
2008-11-30 18:00 . 2008-09-06 15:09 57,344 --a------ c:\windows\system32\QuickTime.qts
2008-11-25 15:36 . 2008-12-05 21:15 <DIR> d-------- C:\z

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-25 16:25 --------- d-----w c:\documents and settings\b\Application Data\WTablet
2008-12-25 01:46 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-24 12:22 --------- d-----w c:\program files\RapidTyping
2008-12-17 16:57 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-12-17 16:44 --------- d-----w c:\program files\Electronic Arts
2008-12-17 16:43 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-07 17:27 --------- d-----w c:\program files\Opera
2008-12-05 20:55 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-12-05 19:41 --------- d-----w c:\program files\Common Files\Adobe
2008-12-05 17:52 --------- d-----w c:\program files\THQ
2008-12-05 17:48 --------- d-----w c:\program files\The Witcher
2008-12-05 17:25 --------- d-----w c:\program files\ApexDC++_Gusari_XY6
2008-12-03 21:36 --------- d-----w c:\program files\Nero
2008-12-03 21:36 --------- d-----w c:\program files\Common Files\Ahead
2008-11-30 09:34 --------- d-----w c:\program files\Soulseek
2008-11-30 09:32 --------- d-----w c:\program files\Winamp
2008-11-30 09:32 --------- d-----w c:\program files\Dofus
2008-11-30 09:32 --------- d-----w c:\program files\DeskCall NG
2008-11-25 22:38 --------- d-----w c:\program files\BitComet
2008-11-22 23:01 --------- d-----w c:\program files\Valve
2008-11-22 17:43 102,400 ----a-w c:\windows\DUMP86d3.tmp
2008-11-16 21:53 --------- d-----w c:\program files\Bethesda Softworks
2008-11-16 21:53 --------- d-----w c:\documents and settings\All Users\Application Data\Fallout3
2008-11-16 21:52 --------- d-----w c:\program files\MSBuild
2008-11-16 21:50 --------- d-----w c:\program files\Reference Assemblies
2008-11-16 21:29 --------- d-----w c:\program files\DAEMON Tools Lite
2008-11-16 21:27 716,272 ----a-w c:\windows\system32\drivers\sptd.sys
2008-11-16 21:26 --------- d-----w c:\documents and settings\b\Application Data\DAEMON Tools
2008-11-14 18:31 --------- d-----w c:\documents and settings\b\Application Data\ATI
2008-11-14 18:31 --------- d-----w c:\documents and settings\All Users\Application Data\ATI
2008-11-14 18:27 --------- d-----w c:\program files\ATI Technologies
2008-11-14 18:24 --------- d-----w c:\program files\Common Files\ATI Technologies
2008-11-14 17:15 --------- d-----w c:\program files\ATI Multimedia
2008-03-24 09:25 18,424 ----a-w c:\documents and settings\b\Application Data\GDIPFONTCACHEV1.DAT
2008-02-03 19:13 22,328 ----a-w c:\documents and settings\b\Application Data\PnkBstrK.sys
2006-06-23 06:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe
2008-03-04 22:22 56 --sh--r c:\windows\system32\11709D372B.sys
2008-03-04 22:22 1,682 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-02-14 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-08-08 949376]
"BigDog303"="c:\windows\VM303_STI.EXE" [2005-10-25 61440]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe_ID0ENQBO"="c:\progra~1\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE" [2008-08-15 378224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-02-01 8699904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.AP41"= APmpg4v1.dll
"vidc.DIV3"= divxc32.dll
"VIDC.DIV4"= divxc32f.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.MJPG"= pvmjpg21.dll
"vidc.DIV2"= divxc32.dll
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GammaTray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GammaTray.lnk
backup=c:\windows\pss\GammaTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NCProTray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NCProTray.lnk
backup=c:\windows\pss\NCProTray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2007-05-10 22:46 624248 c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-02-28 23:06 2321600 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
--a------ 2007-03-20 16:40 1884160 c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeathAdder]
--a------ 2006-12-06 21:30 159744 c:\program files\Razer\DeathAdder\razerhid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 00:06 1667584 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung Common SM]
--------- 2005-07-03 08:20 372736 c:\windows\Samsung\ComSMMgr\SSMMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-07-02 16:10 23237416 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 16:17 159744 c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--------- 2006-07-13 06:12 729088 c:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
-ra------ 2006-12-18 20:34 868352 c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-07-16 16:57 61440 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-02-11 12:11 1266936 c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 00:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
--a------ 2005-05-18 14:29 131072 c:\program files\Multimedia Card Reader\shwicon2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tarantula]
--a------ 2006-09-30 14:48 176128 c:\program files\Razer\Tarantula\razerhid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
--a------ 2007-02-12 16:22 397312 c:\program files\WinFast\WFDTV\WFWIZ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
--a------ 2007-02-12 18:16 69632 c:\program files\WinFast\WFDTV\DTVSchdl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Half Life 2\\root\\hl2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\Games\\GamerX\\HL2\\hl2.exe"=
"c:\\Program Files\\TrillianAstra\\trillian.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Fusion\\eyeonScript.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Valve\\hlds.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23388:TCP"= 23388:TCP:BitCometBeta 23388 TCP
"23388:UDP"= 23388:UDP:BitCometBeta 23388 UDP
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R1 BIOS;BIOS;\??\c:\windows\system32\drivers\BIOS.sys [2008-02-29 13696]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-08-08 15424]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-11-14 93696]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"c:\program files\MSN Messenger\usnsvc.exe" [2007-01-19 97136]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;"c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" -win32service [2008-08-15 284016]
S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-10-12 22144]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);c:\windows\system32\DRIVERS\SE2Ebus.sys [2007-10-30 61600]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;c:\windows\system32\DRIVERS\SE2Emdfl.sys [2007-10-30 9360]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;c:\windows\system32\DRIVERS\SE2Emdm.sys [2007-10-30 97184]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\SE2Emgmt.sys [2007-10-30 88688]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);c:\windows\system32\DRIVERS\se2End5.sys [2007-10-30 18704]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\SE2Eobex.sys [2007-10-30 86560]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);c:\windows\system32\DRIVERS\se2Eunic.sys [2007-10-30 90800]
S3 TarFltr;Razer Tarantula USB Keyboard;c:\windows\system32\Drivers\UsbFltr.sys [2007-10-12 44800]
S3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys []
S3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFDTV\WFIOCTL.SYS [2007-11-22 9446]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{091fa559-ae08-11dc-8d84-001bfc6f11b8}]
\Shell\AutoRun\command - L:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dfcc45cc-133b-11dd-8e6b-ad26502480a4}]
\Shell\Auto\command - Autorun.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\b\Application Data\Mozilla\Firefox\Profiles\aqmzz32l.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.dizajnzona.com/forums/index.php?s=f9a25e7700c540583fd62500f34bc49a&showforum=32
FF - plugin: c:\program files\Google\Google Updater\2.4.1399.3742\npCIDetect13.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-25 18:09:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(756)
c:\windows\system32\imon.dll
.
Completion time: 2008-12-25 18:10:28
ComboFix-quarantined-files.txt 2008-12-25 17:09:50
ComboFix2.txt 2008-12-25 01:52:26
ComboFix3.txt 2008-12-23 14:00:31

Pre-Run: 34.934.071.296 bytes free
Post-Run: 34,916,343,808 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

316

Poslao: 25 Dec 2008 22:40
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ovo sada izgleda ok.

Obriši folder: C:\Lop SD


Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore


Sve ostale korišćene programe možeš obrisati.

I to je sve...

Poslao: 26 Dec 2008 11:05
Idi na vrh
offline
  • BIO  Male
  • Super građanin
  • Pridružio: 12 Jun 2005
  • Poruke: 1056
  • Gde živiš: Beograd

Veliko hvala na pomoci.

Pozdrav

MyCity » Ambulanta -> Arhiva Ambulante » Problem sa malware-om "Spyware Guard 2008"

Ko je trenutno na forumu
 

Ukupno su 1079 korisnika na forumu :: 54 registrovanih, 10 sakrivenih i 1015 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Atomski čoban, babaroga, Bobrock1, bojank, cavatina, croato, Denaya, Dimitrije Paunovic, Dimitrise93, doklevise, DonRumataEstorski, Dorcolac, dragoljub11987, FOX, Frunze, Gargantua, goxin, Grah0, ivica976, jaeger, Karla, kikisp, Koridor, kunktator, Leonov, MaksicZoran, mercedesamg, Metanoja, MikeHammer, milenko crazy north, Milometer, mkukoleca, mrav pesadinac, MrNo, naki011, nuke92, Panter, Parker, pein, procesor, RJ, ruger357, S2M, sasa76, slonic_tonic, Smiljke, Srle993, stegonosa, Tvrtko I, vathra, VP6919, YugoSlav, zodiac94