Split iz druge teme...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 08-11-12.01 - dEAN 2008-11-13 15:50:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2023 [GMT 1:00]
Running from: c:\documents and settings\dEAN\Desktop\COmboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\resycled
H:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-10-13 to 2008-11-13 )))))))))))))))))))))))))))))))
.

2008-11-13 10:53 . 2008-11-13 10:53 118 --a------ c:\windows\system32\MRT.INI
2008-11-13 09:11 . 2008-09-04 18:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-13 09:11 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 19:24 . 2008-11-11 19:24 <DIR> d-------- C:\fsaua.data
2008-11-11 18:00 . 2008-11-11 18:00 <DIR> d-------- c:\program files\IObit
2008-11-11 17:50 . 2008-11-11 17:50 27,904 --a------ c:\windows\system32\drivers\ndisprot.sys
2008-11-06 19:57 . 2008-11-06 19:57 8 --a------ c:\windows\schedule.dat
2008-11-06 19:53 . 2008-11-06 19:53 103 --a------ c:\windows\pro.INI
2008-11-06 19:49 . 2008-11-06 19:49 <DIR> d-------- c:\program files\MSECache
2008-10-25 09:54 . 2008-10-15 17:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-17 13:48 . 2008-10-17 13:48 <DIR> d-------- c:\program files\PhotoRazor
2008-10-17 13:48 . 2008-10-17 13:48 <DIR> d-------- c:\documents and settings\dEAN\Application Data\Stormdance
2008-10-15 17:40 . 2008-08-14 11:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 17:40 . 2008-08-14 11:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 17:40 . 2008-08-14 10:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 17:40 . 2008-08-14 10:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-15 17:40 . 2008-09-15 13:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-15 17:40 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-13 21:17 . 2008-11-13 15:16 54,156 --ah----- c:\windows\QTFont.qfn
2008-10-13 21:17 . 2008-10-13 21:17 1,409 --a------ c:\windows\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-13 14:39 --------- d-----w c:\documents and settings\dEAN\Application Data\Skype
2008-11-13 13:48 --------- d-----w c:\documents and settings\dEAN\Application Data\ZoomBrowser EX
2008-11-13 13:47 --------- d-----w c:\documents and settings\dEAN\Application Data\skypePM
2008-11-11 18:46 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-11-11 17:34 --------- d-----w c:\program files\Google
2008-11-07 09:09 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-06 18:53 --------- d-----w c:\program files\Teleport Pro
2008-11-06 15:29 --------- d-----w c:\program files\Common Files\ACD Systems
2008-11-03 11:11 --------- d-----w c:\documents and settings\All Users\Application Data\ZoomBrowser
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-07 21:00 --------- d-----w c:\program files\ESET
2008-09-30 17:24 --------- d-----w c:\program files\ACD Systems
2008-09-26 19:18 --------- d-----w c:\program files\Common Files\DVDVideoSoft
2008-09-26 19:17 --------- d-----w c:\program files\DVDVideoSoft
2008-09-20 19:54 --------- d-----w c:\program files\Apple Software Update
2008-09-20 14:48 --------- d-----w c:\documents and settings\dEAN\Application Data\FDRLab
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-13 10:46 --------- d-----w c:\program files\AVS4YOU
2008-09-13 10:46 --------- d-----w c:\documents and settings\dEAN\Application Data\AVS4YOU
2008-09-13 10:46 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2008-09-13 10:45 --------- d-----w c:\program files\Common Files\AVSMedia
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-03 22:12 499,712 ----a-w c:\windows\system32\msvcp71.dll
2008-09-03 22:12 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-09-03 00:00 298,104 ----a-w c:\windows\system32\imon.dll
2008-09-02 22:52 558,142 ----a-w c:\windows\java\Packages\1NVXVJHR.ZIP
2008-09-02 22:52 155,995 ----a-w c:\windows\java\Packages\9BX7FRDZ.ZIP
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-14 10:11 2,189,184 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:33 2,066,048 ----a-w c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-03 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-04-23 22058792]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-09-03 949376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-03 185896]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 c:\windows\AGRSMMSG.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2008-09-03 49254]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
--a------ 2004-12-16 16:49 49152 c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus G]
--a------ 2005-07-22 09:42 1519616 c:\program files\D-Link\AirPlus G\AirGCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2004-06-29 08:06 88363 c:\windows\AGRSMMSG.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\Ndisprot.sys [2008-11-11 27904]

*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\dEAN\Application Data\Mozilla\Firefox\Profiles\4d20qvdw.default\
FF -: plugin - c:\program files\Adobe\Acrobat 5.0\Acrobat\browser\nppdf32.dll
FF -: plugin - c:\program files\Google\Google Updater\2.3.1334.1308\npCIDetect13.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-11-13 15:51:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-13 15:52:30
ComboFix-quarantined-files.txt 2008-11-13 14:52:26

Pre-Run: 71.263.584.256 bytes free
Post-Run: 71,480,590,336 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

143 --- E O F --- 2008-11-13 09:54:05

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Šta će tvoja poruka u tuđoj temi: http://www.mycity.rs/Ambulanta/win32-autorun-ABH-worm.html


I gde piše da postaviš ComboFix logfile?