MyCity » Ambulanta -> Arhiva Ambulante » Virtumonde :(

Virtumonde :(

Napisano na dan: 17.4.2008

Virtumonde :(

Sledeća strana

Pagination

Odgovori

KPCTA Poslao: 17 Apr 2008 11:50 Idi na vrh
offline KPCTA Novi MyCity građanin Pridružio: 17 Apr 2008 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Imam problem sa virtumonde-om, pa sam preko HijackThis i imam log fajl: Logfile of HijackThis v1.99.1 Scan saved at 11:23:00, on 17.4.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\FlashGet\flashget.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\explorer.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\PROGRA~1\MOZILL~2\FIREFOX.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\Shadow Hunter\Desktop\New Folder\TR3.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5436856A-8D5A-4EC4-BAEE-16CA1ACF1634} - C:\WINDOWS\system32\ddcyy.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: (no name) - {B1DEEA6A-74DA-44F9-82A9-6BF7B1211D5D} - C:\WINDOWS\system32\wvussqn.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [BM47868ee6] Rundll32.exe "C:\WINDOWS\system32\sicwwbnj.dll",s O4 - HKLM\..\Run: [44b5bd7a] rundll32.exe "C:\WINDOWS\system32\ehwcqqsk.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe O4 - Global Startup: FlashGet.lnk = C:\Program Files\FlashGet\flashget.exe O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O11 - Options group: [INTERNATIONAL] International O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{D596BA87-1A40-4ED2-838A-059E3CE84F6C}: NameServer = 192.168.1.1 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: wvussqn - C:\WINDOWS\SYSTEM32\wvussqn.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing) O23 - Service: avast! Mail Scanner - Unknown owner - (no file) O23 - Service: avast! Web Scanner - Unknown owner - (no file) O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Droppix Service - Droppix - C:\Program Files\Common Files\Droppix\DxService.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Nero AG - (no file) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe unapred hvala

Profil

helen1 Poslao: 17 Apr 2008 11:56 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovo je CF log koji mi je KRSTA prvo poslao na PM ComboFix 08-04-16.5 - Shadow Hunter 2008-04-17 8:35:33.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1506 [GMT 2:00] Running from: C:\Documents and Settings\Shadow Hunter\Desktop\Download\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Shadow Hunter\Application Data\ShoppingReport C:\Documents and Settings\Shadow Hunter\Application Data\ShoppingReport\cs\Config.xml C:\Documents and Settings\Shadow Hunter\Application Data\ShoppingReport\cs\db\Aliases.dbs C:\Documents and Settings\Shadow Hunter\Application Data\ShoppingReport\cs\report\aggr_storage.xml C:\Documents and Settings\Shadow Hunter\Application Data\ShoppingReport\cs\report\send_storage.xml C:\Documents and Settings\Shadow Hunter\Desktop\Download\Movie\T.O.B.G www.divxm.com\Yeni Klas�r\Desktop_.ini C:\Program Files\Helper C:\WINDOWS\pskt.ini C:\WINDOWS\system32\aaaomfqc.dll C:\WINDOWS\system32\ayjkuirq.dll C:\WINDOWS\system32\ctincynt.ini C:\WINDOWS\system32\duwsfgyp.ini C:\WINDOWS\system32\etbobugy.ini C:\WINDOWS\system32\fexhbwah.dll C:\WINDOWS\system32\hqvxoxnj.dll C:\WINDOWS\system32\hydjatbe.dll C:\WINDOWS\system32\jbyasmxw.ini C:\WINDOWS\system32\lmllm.ini C:\WINDOWS\system32\lmllm.ini2 C:\WINDOWS\system32\lyjjqjob.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mjhmkcis.dll C:\WINDOWS\system32\mwaoyegp.ini C:\WINDOWS\system32\occcwxfc.dll C:\WINDOWS\system32\ojkenwto.ini C:\WINDOWS\system32\pwycymaq.dll C:\WINDOWS\system32\rrqss.ini C:\WINDOWS\system32\rrqss.ini2 C:\WINDOWS\system32\rukflcvl.ini C:\WINDOWS\system32\ssqrr.dll C:\WINDOWS\system32\tsdfbnpg.ini C:\WINDOWS\system32\vdeyqxtk.ini C:\WINDOWS\system32\vqxwguhm.ini C:\WINDOWS\system32\vrtvlled.dll C:\WINDOWS\system32\wsnpoem C:\WINDOWS\system32\wsnpoem\audio.dll.vir C:\WINDOWS\system32\wsnpoem\video.dll C:\WINDOWS\system32\xfayxkql.ini C:\WINDOWS\system32\xmoqbgpn.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SERVICE.SYS -------\Service_service.sys ((((((((((((((((((((((((( Files Created from 2008-03-17 to 2008-04-17 ))))))))))))))))))))))))))))))) . 2008-04-16 12:10 . 2008-04-16 12:15 1,569,982 --a------ C:\WINDOWS\system32\gembljjk.ini.ren 2008-04-16 12:10 . 2008-04-16 12:10 83,008 --a------ C:\WINDOWS\system32\kjjlbmeg.dll.ren 2008-04-16 10:06 . 2008-04-16 10:08 <DIR> d-------- C:\Documents and Settings\Administrator 2008-04-16 08:50 . 2008-04-17 07:48 214,591 --a------ C:\WINDOWS\system32\rrqss.ini2.ren 2008-04-16 08:50 . 2008-04-17 07:49 214,591 --a------ C:\WINDOWS\system32\rrqss.ini.ren 2008-04-16 08:40 . 2008-04-16 09:57 1,602,641 --a------ C:\WINDOWS\system32\srngstku.ini.ren 2008-04-16 08:39 . 2008-04-16 08:40 86,080 --a------ C:\WINDOWS\system32\uktsgnrs.dll.ren 2008-04-16 08:33 . 2008-04-16 08:33 1,602,579 ---hs---- C:\WINDOWS\system32\ukpuvvpf.ini 2008-04-16 08:33 . 2008-04-16 08:33 86,080 --a------ C:\WINDOWS\system32\fpvvupku.dll.ren 2008-04-15 23:56 . 2008-04-16 08:20 778,398 --a------ C:\WINDOWS\system32\gytgxvnx.ini.ren 2008-04-15 23:56 . 2008-04-15 23:56 86,080 --a------ C:\WINDOWS\system32\xnvxgtyg.dll.ren 2008-04-14 20:52 . 2008-04-14 20:52 708,505 --a------ C:\WINDOWS\system32\mtvmynkd.ini.ren 2008-04-14 20:52 . 2008-04-14 20:52 85,056 --a------ C:\WINDOWS\system32\dknymvtm.dll.ren 2008-04-14 15:15 . 2008-04-14 15:15 85,056 --a------ C:\WINDOWS\system32\pgeyoawm.dll.ren 2008-04-13 15:06 . 2008-04-16 08:35 168,141 --ahs---- C:\WINDOWS\system32\ststv.ini.ren 2008-04-13 15:06 . 2008-04-16 08:33 168,026 --a------ C:\WINDOWS\system32\ststv.ini2.ren 2008-04-13 14:30 . 2008-04-13 14:30 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-13 14:12 . 2008-04-13 14:36 708,603 --a------ C:\WINDOWS\system32\mejdmjxc.ini.ren 2008-04-13 13:42 . 2008-04-16 08:44 <DIR> d-------- C:\VundoFix Backups 2008-04-13 10:23 . 2008-04-13 10:23 708,374 --a------ C:\WINDOWS\system32\psqawxgr.ini.ren 2008-04-12 22:07 . 2008-04-12 23:19 845,875 --a------ C:\WINDOWS\system32\fbakuhpa.ini.ren 2008-04-12 22:07 . 2008-04-12 22:07 86,592 --a------ C:\WINDOWS\system32\aphukabf.dll.ren 2008-04-12 09:58 . 2008-04-12 09:58 54,882 --a------ C:\WINDOWS\kjo23bk.dll.vir 2008-04-04 20:43 . 2008-04-05 20:15 414 ---hs---- C:\WINDOWS\system32\lokelibo.ini 2008-04-03 20:44 . 2008-04-04 19:13 2,916,326 ---hs---- C:\WINDOWS\system32\hwbmerxw.ini 2008-04-03 16:19 . 2008-04-03 19:38 2,927,688 ---hs---- C:\WINDOWS\system32\debolwpl.ini 2008-04-02 16:18 . 2008-04-03 14:34 3,016,887 ---hs---- C:\WINDOWS\system32\vfxwqpjr.ini 2008-04-01 16:18 . 2008-04-02 07:48 1,419,930 ---hs---- C:\WINDOWS\system32\vfstodtr.ini 2008-03-31 16:17 . 2008-04-01 13:48 1,419,750 ---hs---- C:\WINDOWS\system32\iyfctevv.ini 2008-03-31 14:16 . 2008-03-31 15:12 1,419,608 ---hs---- C:\WINDOWS\system32\drgymhey.ini 2008-03-31 10:07 . 2008-03-31 10:07 <DIR> d-------- C:\Program Files\Water Desktop 2008-03-31 10:07 . 2005-08-26 22:03 32,768 --a------ C:\WINDOWS\system32\Menu.dll 2008-03-31 10:07 . 2008-03-31 10:12 67 --a------ C:\WINDOWS\Water Desktop.INI 2008-03-30 14:15 . 2008-03-31 14:16 1,421,090 ---hs---- C:\WINDOWS\system32\varqtqgp.ini 2008-03-30 13:14 . 2008-03-30 14:09 1,408,723 ---hs---- C:\WINDOWS\system32\vteocdeu.ini 2008-03-29 13:13 . 2008-03-30 13:14 1,408,601 ---hs---- C:\WINDOWS\system32\fwfwmwvo.ini 2008-03-28 13:09 . 2008-03-29 13:09 1,423,527 ---hs---- C:\WINDOWS\system32\uaotucis.ini 2008-03-27 22:17 . 2008-03-27 22:17 <DIR> d-------- C:\Documents and Settings\Shadow Hunter\Application Data\dvdcss 2008-03-27 20:15 . 2008-03-27 20:15 <DIR> d-------- C:\Program Files\ImTOO 2008-03-27 20:15 . 2005-11-21 07:48 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL 2008-03-27 20:15 . 2005-11-21 07:48 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS 2008-03-27 13:07 . 2008-03-28 13:08 1,513,803 ---hs---- C:\WINDOWS\system32\mpfcxtag.ini 2008-03-25 12:05 . 2008-03-27 12:07 1,583,379 ---hs---- C:\WINDOWS\system32\doehuetl.ini 2008-03-24 13:36 . 2008-04-05 10:43 <DIR> d-------- C:\Program Files\Electronic Arts 2008-03-24 10:48 . 2008-03-25 00:36 1,472,785 ---hs---- C:\WINDOWS\system32\doqvxdav.ini 2008-03-23 20:46 . 2008-03-23 20:46 <DIR> d-------- C:\WINDOWS\speech 2008-03-23 20:46 . 2008-03-23 20:46 <DIR> d-------- C:\Program Files\Mini recnik 2008-03-23 10:50 . 2008-03-24 05:58 1,471,662 ---hs---- C:\WINDOWS\system32\ugdjwait.ini 2008-03-22 16:48 . 2008-03-23 08:38 1,471,062 ---hs---- C:\WINDOWS\system32\hksesxqv.ini 2008-03-20 11:21 . 2008-03-20 11:21 <DIR> d-------- C:\Program Files\JoWood 2008-03-20 02:24 . 2008-03-22 16:47 1,542,779 ---hs---- C:\WINDOWS\system32\moykpspo.ini 2008-03-19 01:22 . 2008-03-20 01:31 1,544,371 ---hs---- C:\WINDOWS\system32\nxhomtst.ini 2008-03-19 01:19 . 2008-04-13 10:54 176,140 --a------ C:\WINDOWS\system32\vvvwa.ini.ren 2008-03-19 01:19 . 2008-04-13 10:52 174,158 --a------ C:\WINDOWS\system32\vvvwa.ini2.ren 2008-03-19 01:19 . 2008-04-17 08:29 101,155 --a------ C:\WINDOWS\BM47868ee6.xml 2008-03-18 22:23 . 2008-03-18 12:02 2,359,350 --a------ C:\WINDOWS\FrameShow Wallpaper.BMP 2008-03-18 21:53 . 2008-03-18 21:53 <DIR> d-------- C:\Program Files\ESET 2008-03-18 17:59 . 2008-03-18 17:59 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment 2008-03-18 17:56 . 2008-03-18 17:56 74,334 --a------ C:\WINDOWS\system32\akqbodvo.dll 2008-03-18 17:55 . 2008-03-31 14:11 <DIR> d-------- C:\Program Files\World of Warcraft 2008-03-18 17:53 . 2008-03-18 17:53 92,736 --a------ C:\WINDOWS\system32\pfjolbta.dll.vir 2008-03-18 17:50 . 2008-03-18 17:50 1,354,920 --ahs---- C:\WINDOWS\system32\sfnrmhrj.ini 2008-03-18 11:56 . 2008-03-18 11:56 <DIR> d-------- C:\Program Files\Common Files\Bcgsoft 2008-03-17 17:49 . 2008-03-18 17:50 1,522,193 --ahs---- C:\WINDOWS\system32\vjrkfaaj.ini 2008-03-17 15:56 . 2008-03-17 15:56 <DIR> d-------- C:\Program Files\DVD Shrink 2008-03-17 15:56 . 2008-03-17 15:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-17 06:44 --------- d-----w C:\Program Files\FlashGet 2008-04-17 06:20 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-16 08:07 --------- d-----w C:\Program Files\Trojan Remover 2008-04-14 22:09 --------- d-----w C:\Program Files\Fraps 2008-04-13 13:25 --------- d-----w C:\Program Files\Atomic Alarm Clock 2008-04-13 12:03 --------- d-----w C:\Program Files\PowerISO 2008-04-05 18:00 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-05 09:13 --------- d-----w C:\Program Files\Sega 2008-03-31 06:44 --------- d-----w C:\Documents and Settings\Shadow Hunter\Application Data\Vso 2008-03-20 16:54 --------- d-----w C:\Program Files\Bit Che 2008-03-20 16:53 --------- d-----w C:\Program Files\Master of Defense 2008-03-20 16:44 --------- d-----w C:\Program Files\ArtMoney 2008-03-18 20:28 --------- d-----w C:\Program Files\YouTube Downloader 2008-03-16 15:40 54,882 ----a-w C:\WINDOWS\kjo23bk.dll 2008-03-16 15:40 42,496 ----a-w C:\WINDOWS\system32\wvussqn.dll 2008-03-16 15:39 58,368 ----a-w C:\axmfr.exe.vir 2008-03-16 12:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Simply Super Software 2008-03-16 09:08 --------- d-----w C:\Documents and Settings\Shadow Hunter\Application Data\Simply Super Software 2008-03-12 22:23 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-12 22:23 --------- d-----w C:\Program Files\Bonjour 2008-03-12 22:15 --------- d-----w C:\Program Files\Common Files\Macrovision Shared 2008-03-12 18:46 --------- d-----w C:\Program Files\AmitySource 2008-03-11 13:06 --------- d-----w C:\Program Files\Azgard Defence 2008-03-06 13:11 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-03-02 15:01 4,608 ----a-w C:\WINDOWS\system32\BReWErS.dll 2008-03-01 21:56 --------- d-----w C:\Program Files\Windows Live 2008-02-29 18:29 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-02-29 18:25 --------- d-----w C:\Program Files\MSN Messenger 2008-02-29 18:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-02-29 13:32 --------- d-----w C:\Program Files\AGEIA Technologies 2008-02-28 12:35 --------- d-----w C:\Documents and Settings\Shadow Hunter\Application Data\Skype 2008-02-28 12:30 --------- d-----w C:\Documents and Settings\Shadow Hunter\Application Data\skypePM 2008-02-27 20:52 --------- d-----w C:\Program Files\TrojanHunter 5.0 2008-02-26 21:14 --------- d-----w C:\Documents and Settings\Shadow Hunter\Application Data\Imperium Romanum 2008-02-26 21:11 --------- d-----w C:\Program Files\Kalypso 2008-02-20 10:11 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys 2008-02-20 10:02 29,704 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys 2008-02-20 10:01 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys 2008-02-13 17:24 418,480 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2008-02-13 17:24 115,432 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2008-02-07 18:12 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-02-04 16:34 5,642 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-02-02 18:07 457 ----a-w C:\d_v_t.reg 2008-02-02 18:07 3,584 ----a-w C:\dvt.exe 2008-02-01 17:26 274,432 ----a-w C:\WINDOWS\system32\imon.dll 2008-01-29 08:03 87,608 ----a-w C:\Documents and Settings\Shadow Hunter\Application Data\inst.exe 2008-01-29 08:03 47,360 ----a-w C:\Documents and Settings\Shadow Hunter\Application Data\pcouffin.sys 2008-01-16 17:00 22,328 ----a-w C:\Documents and Settings\Shadow Hunter\Application Data\PnkBstrK.sys 2008-01-08 16:10 151,552 ----a-w C:\WINDOWS\Media\csrss.exe 2007-11-15 13:00 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007111520071116\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B1DEEA6A-74DA-44F9-82A9-6BF7B1211D5D}] 2008-03-16 17:40 42496 --a------ C:\WINDOWS\system32\wvussqn.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 12:06 1443072] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:56 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="regsvr32 /s /n /i:u shell32" [] "IE7-11"="advpack.dll" [2007-03-21 12:11 124928 C:\WINDOWS\system32\advpack.dll] C:\Documents and Settings\Shadow Hunter\Start Menu\Programs\Startup\ Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 19:57:16 2913584] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ FlashGet.lnk - C:\Program Files\FlashGet\flashget.exe [2007-12-08 03:05:29 1318912] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{B1DEEA6A-74DA-44F9-82A9-6BF7B1211D5D}"= C:\WINDOWS\system32\wvussqn.dll [2008-03-16 17:40 42496] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvussqn] wvussqn.dll 2008-03-16 17:40 42496 C:\WINDOWS\system32\wvussqn.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM47868ee6] C:\WINDOWS\system32\xmoqbgpn.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] --a------ 2007-02-07 17:21 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2006-10-22 13:22 7700480 C:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner] --a------ 2007-11-02 15:18 524368 C:\Program Files\Trojan Remover\Trjscan.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R1 cdawdm;CDAWDM;C:\WINDOWS\system32\DRIVERS\CDAWDM.sys [2003-02-25 11:38] R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 12:11] R1 kjo23bk;kjo23bk;C:\WINDOWS\kjo23bk.dll [2008-03-16 17:40] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 17:51] R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 01:56] R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 12:31] S3 Droppix Service;Droppix Service;"C:\Program Files\Common Files\Droppix\DxService.exe" [2007-09-28 16:31] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\O] \Shell\AutoRun\command - O:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{caa65853-c1cf-11dc-bcfd-0019dbd04196}] \Shell\AutoRun\command - F:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder "2008-04-11 15:17:42 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe . ************************************************************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-17 08:44:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl" . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\wvussqn.dll PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\system32\ddcyy.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\verclsid.exe . ************************************************************************ . Completion time: 2008-04-17 8:50:07 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-17 06:49:21 Pre-Run: 50,573,672,448 bytes free Post-Run: 52,082,614,272 bytes free Dopuna: 17 Apr 2008 11:56 Skini VundoFix: http://www.atribune.org/ccount/click.php?id=4 * Dvoklikom se startuje fajl VundoFix.exe. * Izabere opcija Scan for Vundo. * Posle završenog skeniranja i pojave poruke Done Searching for files klikne se na OK. * Sada, kada je skeniranje obavljeno potrebno je kliknuti na opciju Fix Vundo. * Po pojavljivanju upita o uklanjaju Vundo fajlova klikne se na Yes. * Pokretanje ove opcije učiniće Desktop privremeno praznim u cilju pripreme sistema za uklanjanje Vundo-a. * Po završetku, pojaviće se obaveštenje o gašnjenju računara, klikne se OK. * Uključi se računar i podigne sistem iznova. * Iskopira se sadržaj loga sa putanje C:\vundofix.txt i novi HiJackThis log u poruku na forumu.

Profil

KPCTA Poslao: 17 Apr 2008 16:35 Idi na vrh
offline KPCTA Novi MyCity građanin Pridružio: 17 Apr 2008 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! VundoFix V7.0.3 Scan started at 13:42:31 13.4.2008 Listing files found while scanning.... C:\Program Files\PowerISO\PWRISOSH.DLL C:\WINDOWS\system32\afbiasjm.dll C:\windows\system32\awvvv.dll C:\WINDOWS\system32\fdqorxlu.dll C:\WINDOWS\system32\kicmtdxt.dll C:\WINDOWS\system32\ulxroqdf.ini C:\windows\system32\vvvwa.ini C:\windows\system32\vvvwa.ini2 Beginning removal... Attempting to delete C:\Program Files\PowerISO\PWRISOSH.DLL C:\Program Files\PowerISO\PWRISOSH.DLL Has been deleted! Attempting to delete C:\WINDOWS\system32\afbiasjm.dll C:\WINDOWS\system32\afbiasjm.dll Has been deleted! Attempting to delete C:\windows\system32\awvvv.dll C:\windows\system32\awvvv.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\fdqorxlu.dll C:\WINDOWS\system32\fdqorxlu.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\kicmtdxt.dll C:\WINDOWS\system32\kicmtdxt.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ulxroqdf.ini C:\WINDOWS\system32\ulxroqdf.ini Has been deleted! Attempting to delete C:\windows\system32\vvvwa.ini C:\windows\system32\vvvwa.ini Has been deleted! Attempting to delete C:\windows\system32\vvvwa.ini2 C:\windows\system32\vvvwa.ini2 Has been deleted! Performing Repairs to the registry. Done! VundoFix V7.0.3 Scan started at 14:15:13 13.4.2008 Listing files found while scanning.... C:\windows\system32\geebx.dll C:\windows\system32\xbeeg.ini C:\windows\system32\xbeeg.ini2 Beginning removal... Attempting to delete C:\windows\system32\geebx.dll C:\windows\system32\geebx.dll Has been deleted! Attempting to delete C:\windows\system32\xbeeg.ini C:\windows\system32\xbeeg.ini Has been deleted! Attempting to delete C:\windows\system32\xbeeg.ini2 C:\windows\system32\xbeeg.ini2 Has been deleted! Performing Repairs to the registry. Done! VundoFix V7.0.3 Scan started at 15:18:17 13.4.2008 Listing files found while scanning.... C:\windows\system32\ststv.ini C:\windows\system32\ststv.ini2 C:\windows\system32\vtsts.dll VundoFix V7.0.3 Scan started at 8:10:15 15.4.2008 Listing files found while scanning.... C:\windows\system32\ststv.ini C:\windows\system32\ststv.ini2 C:\windows\system32\vtsts.dll VundoFix V7.0.3 Scan started at 8:39:39 16.4.2008 Listing files found while scanning.... C:\windows\system32\ststv.ini C:\windows\system32\ststv.ini2 C:\windows\system32\vtsts.dll Beginning removal... Attempting to delete C:\windows\system32\ststv.ini C:\windows\system32\ststv.ini Has been deleted! Attempting to delete C:\windows\system32\ststv.ini2 C:\windows\system32\ststv.ini2 Has been deleted! Attempting to delete C:\windows\system32\vtsts.dll C:\windows\system32\vtsts.dll Has been deleted! Performing Repairs to the registry. Done!

Profil

DEMIAN Poslao: 17 Apr 2008 18:53 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! helen1 zbog obaveza nije u mogućnosti da nastavi. Ja ću da preuzmem odavde. Vidim da je dosta toga brisano.. Nisam siguran da li je eventualno još nešto zaostalo. Postavićeš u sledećoj poruci sveže logove programa ComboFix i HijackThis pa ću ti reći tačno šta dalje.

Profil

KPCTA Poslao: 18 Apr 2008 09:23 Idi na vrh
offline KPCTA Novi MyCity građanin Pridružio: 17 Apr 2008 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-04-16.5 - Shadow Hunter 2008-04-18 9:00:47.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1537 [GMT 2:00] Running from: C:\Documents and Settings\Shadow Hunter\Desktop\Download\ComboFix.exe * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\pskt.ini C:\WINDOWS\system32\ddcyy.dll C:\WINDOWS\system32\ehwcqqsk.dll C:\WINDOWS\system32\httfbson.dll C:\WINDOWS\system32\ksqqcwhe.ini C:\WINDOWS\system32\nosbftth.ini C:\WINDOWS\system32\sicwwbnj.dll C:\WINDOWS\system32\yycdd.ini C:\WINDOWS\system32\yycdd.ini2 . ((((((((((((((((((((((((( Files Created from 2008-03-18 to 2008-04-18 ))))))))))))))))))))))))))))))) . 2008-04-16 12:10 . 2008-04-16 12:15 1,569,982 --a------ C:\WINDOWS\system32\gembljjk.ini.ren 2008-04-16 12:10 . 2008-04-16 12:10 83,008 --a------ C:\WINDOWS\system32\kjjlbmeg.dll.ren 2008-04-16 10:06 . 2008-04-16 10:08 <DIR> d-------- C:\Documents and Settings\Administrator 2008-04-16 08:50 . 2008-04-17 07:48 214,591 --a------ C:\WINDOWS\system32\rrqss.ini2.ren 2008-04-16 08:50 . 2008-04-17 07:49 214,591 --a------ C:\WINDOWS\system32\rrqss.ini.ren 2008-04-16 08:40 . 2008-04-16 09:57 1,602,641 --a------ C:\WINDOWS\system32\srngstku.ini.ren 2008-04-16 08:39 . 2008-04-16 08:40 86,080 --a------ C:\WINDOWS\system32\uktsgnrs.dll.ren 2008-04-16 08:33 . 2008-04-16 08:33 1,602,579 ---hs---- C:\WINDOWS\system32\ukpuvvpf.ini 2008-04-16 08:33 . 2008-04-16 08:33 86,080 --a------ C:\WINDOWS\system32\fpvvupku.dll.ren 2008-04-15 23:56 . 2008-04-16 08:20 778,398 --a------ C:\WINDOWS\system32\gytgxvnx.ini.ren 2008-04-15 23:56 . 2008-04-15 23:56 86,080 --a------ C:\WINDOWS\system32\xnvxgtyg.dll.ren 2008-04-14 20:52 . 2008-04-14 20:52 708,505 --a------ C:\WINDOWS\system32\mtvmynkd.ini.ren 2008-04-14 20:52 . 2008-04-14 20:52 85,056 --a------ C:\WINDOWS\system32\dknymvtm.dll.ren 2008-04-14 15:15 . 2008-04-14 15:15 85,056 --a------ C:\WINDOWS\system32\pgeyoawm.dll.ren 2008-04-13 15:06 . 2008-04-16 08:35 168,141 --ahs---- C:\WINDOWS\system32\ststv.ini.ren 2008-04-13 15:06 . 2008-04-16 08:33 168,026 --a------ C:\WINDOWS\system32\ststv.ini2.ren 2008-04-13 14:30 . 2008-04-13 14:30 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-13 14:12 . 2008-04-13 14:36 708,603 --a------ C:\WINDOWS\system32\mejdmjxc.ini.ren 2008-04-13 13:42 . 2008-04-18 08:59 <DIR> d-------- C:\VundoFix Backups 2008-04-13 10:23 . 2008-04-13 10:23 708,374 --a------ C:\WINDOWS\system32\psqawxgr.ini.ren 2008-04-12 22:07 . 2008-04-12 23:19 845,875 --a------ C:\WINDOWS\system32\fbakuhpa.ini.ren 2008-04-12 22:07 . 2008-04-12 22:07 86,592 --a------ C:\WINDOWS\system32\aphukabf.dll.ren 2008-04-12 09:58 . 2008-04-12 09:58 54,882 --a------ C:\WINDOWS\kjo23bk.dll.vir 2008-04-04 20:43 . 2008-04-05 20:15 414 ---hs---- C:\WINDOWS\system32\lokelibo.ini 2008-04-03 20:44 . 2008-04-04 19:13 2,916,326 ---hs---- C:\WINDOWS\system32\hwbmerxw.ini 2008-04-03 16:19 . 2008-04-03 19:38 2,927,688 ---hs---- C:\WINDOWS\system32\debolwpl.ini 2008-04-02 16:18 . 2008-04-03 14:34 3,016,887 ---hs---- C:\WINDOWS\system32\vfxwqpjr.ini 2008-04-01 16:18 . 2008-04-02 07:48 1,419,930 ---hs---- C:\WINDOWS\system32\vfstodtr.ini 2008-03-31 16:17 . 2008-04-01 13:48 1,419,750 ---hs---- C:\WINDOWS\system32\iyfctevv.ini 2008-03-31 14:16 . 2008-03-31 15:12 1,419,608 ---hs---- C:\WINDOWS\system32\drgymhey.ini 2008-03-31 10:07 . 2008-03-31 10:07 <DIR> d-------- C:\Program Files\Water Desktop 2008-03-31 10:07 . 2005-08-26 22:03 32,768 --a------ C:\WINDOWS\system32\Menu.dll 2008-03-31 10:07 . 2008-03-31 10:12 67 --a------ C:\WINDOWS\Water Desktop.INI 2008-03-30 14:15 . 2008-03-31 14:16 1,421,090 ---hs---- C:\WINDOWS\system32\varqtqgp.ini 2008-03-30 13:14 . 2008-03-30 14:09 1,408,723 ---hs---- C:\WINDOWS\system32\vteocdeu.ini 2008-03-29 13:13 . 2008-03-30 13:14 1,408,601 ---hs---- C:\WINDOWS\system32\fwfwmwvo.ini 2008-03-28 13:09 . 2008-03-29 13:09 1,423,527 ---hs---- C:\WINDOWS\system32\uaotucis.ini 2008-03-27 22:17 . 2008-03-27 22:17 <DIR> d-------- C:\Documents and Settings\Shadow Hunter\Application Data\dvdcss 2008-03-27 20:15 . 2008-03-27 20:15 <DIR> d-------- C:\Program Files\ImTOO 2008-03-27 20:15 . 2005-11-21 07:48 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL 2008-03-27 20:15 . 2005-11-21 07:48 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS 2008-03-27 13:07 . 2008-03-28 13:08 1,513,803 ---hs---- C:\WINDOWS\system32\mpfcxtag.ini 2008-03-25 12:05 . 2008-03-27 12:07 1,583,379 ---hs---- C:\WINDOWS\system32\doehuetl.ini 2008-03-24 13:36 . 2008-04-05 10:43 <DIR> d-------- C:\Program Files\Electronic Arts 2008-03-24 10:48 . 2008-03-25 00:36 1,472,785 ---hs---- C:\WINDOWS\system32\doqvxdav.ini 2008-03-23 20:46 . 2008-03-23 20:46 <DIR> d-------- C:\WINDOWS\speech 2008-03-23 20:46 . 2008-03-23 20:46 <DIR> d-------- C:\Program Files\Mini recnik 2008-03-23 10:50 . 2008-03-24 05:58 1,471,662 ---hs---- C:\WINDOWS\system32\ugdjwait.ini 2008-03-22 16:48 . 2008-03-23 08:38 1,471,062 ---hs---- C:\WINDOWS\system32\hksesxqv.ini 2008-03-20 11:21 . 2008-03-20 11:21 <DIR> d-------- C:\Program Files\JoWood 2008-03-20 02:24 . 2008-03-22 16:47 1,542,779 ---hs---- C:\WINDOWS\system32\moykpspo.ini 2008-03-19 01:22 . 2008-03-20 01:31 1,544,371 ---hs---- C:\WINDOWS\system32\nxhomtst.ini 2008-03-19 01:19 . 2008-04-13 10:54 176,140 --a------ C:\WINDOWS\system32\vvvwa.ini.ren 2008-03-19 01:19 . 2008-04-13 10:52 174,158 --a------ C:\WINDOWS\system32\vvvwa.ini2.ren 2008-03-19 01:19 . 2008-04-18 08:53 101,091 --a------ C:\WINDOWS\BM47868ee6.xml 2008-03-18 22:23 . 2008-03-18 12:02 2,359,350 --a------ C:\WINDOWS\FrameShow Wallpaper.BMP 2008-03-18 21:53 . 2008-03-18 21:53 <DIR> d-------- C:\Program Files\ESET 2008-03-18 17:59 . 2008-03-18 17:59 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment 2008-03-18 17:56 . 2008-03-18 17:56 74,334 --a------ C:\WINDOWS\system32\akqbodvo.dll 2008-03-18 17:55 . 2008-03-31 14:11 <DIR> d-------- C:\Program Files\World of Warcraft 2008-03-18 17:53 . 2008-03-18 17:53 92,736 --a------ C:\WINDOWS\system32\pfjolbta.dll.vir 2008-03-18 17:50 . 2008-03-18 17:50 1,354,920 --ahs---- C:\WINDOWS\system32\sfnrmhrj.ini 2008-03-18 11:56 . 2008-03-18 11:56 <DIR> d-------- C:\Program Files\Common Files\Bcgsoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-18 07:06 --------- d-----w C:\Program Files\FlashGet 2008-04-17 07:02 --------- d-----w C:\Program Files\Trojan Remover 2008-04-17 07:01 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-14 22:09 --------- d-----w C:\Program Files\Fraps 2008-04-13 13:25 --------- d-----w C:\Program Files\Atomic Alarm Clock 2008-04-13 12:03 --------- d-----w C:\Program Files\PowerISO 2008-04-05 18:00 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-05 09:13 --------- d-----w C:\Program Files\Sega 2008-03-31 06:44 --------- d-----w C:\Documents and Settings\Shadow Hunter\Application Data\Vso 2008-03-20 16:54 --------- d-----w C:\Program Files\Bit Che 2008-03-20 16:53 --------- d-----w C:\Program Files\Master of Defense 2008-03-20 16:44 --------- d-----w C:\Program Files\ArtMoney 2008-03-18 20:28 --------- d-----w C:\Program Files\YouTube Downloader 2008-03-17 13:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-03-17 13:56 --------- d-----w C:\Program Files\DVD Shrink 2008-03-16 15:40 54,882 ----a-w C:\WINDOWS\kjo23bk.dll 2008-03-16 15:40 42,496 ----a-w C:\WINDOWS\system32\wvussqn.dll 2008-03-16 15:39 58,368 ----a-w C:\axmfr.exe.vir 2008-03-16 12:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Simply Super Software 2008-03-16 09:08 --------- d-----w C:\Documents and Settings\Shadow Hunter\Application Data\Simply Super Software 2008-03-12 22:23 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-12 22:23 --------- d-----w C:\Program Files\Bonjour 2008-03-12 22:15 --------- d-----w C:\Program Files\Common Files\Macrovision Shared 2008-03-12 18:46 --------- d-----w C:\Program Files\AmitySource 2008-03-11 13:06 --------- d-----w C:\Program Files\Azgard Defence 2008-03-06 13:11 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-03-02 15:01 4,608 ----a-w C:\WINDOWS\system32\BReWErS.dll 2008-03-01 21:56 --------- d-----w C:\Program Files\Windows Live 2008-02-29 18:29 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-02-29 18:25 --------- d-----w C:\Program Files\MSN Messenger 2008-02-29 18:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-02-29 13:32 --------- d-----w C:\Program Files\AGEIA Technologies 2008-02-28 12:35 --------- d-----w C:\Documents and Settings\Shadow Hunter\Application Data\Skype 2008-02-28 12:30 --------- d-----w C:\Documents and Settings\Shadow Hunter\Application Data\skypePM 2008-02-27 20:52 --------- d-----w C:\Program Files\TrojanHunter 5.0 2008-02-26 21:14 --------- d-----w C:\Documents and Settings\Shadow Hunter\Application Data\Imperium Romanum 2008-02-26 21:11 --------- d-----w C:\Program Files\Kalypso 2008-02-20 10:11 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys 2008-02-20 10:02 29,704 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys 2008-02-20 10:01 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys 2008-02-13 17:24 418,480 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2008-02-13 17:24 115,432 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2008-02-07 18:12 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-02-04 16:34 5,642 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-02-02 18:07 457 ----a-w C:\d_v_t.reg 2008-02-02 18:07 3,584 ----a-w C:\dvt.exe 2008-02-01 17:26 274,432 ----a-w C:\WINDOWS\system32\imon.dll 2008-01-29 08:03 87,608 ----a-w C:\Documents and Settings\Shadow Hunter\Application Data\inst.exe 2008-01-29 08:03 47,360 ----a-w C:\Documents and Settings\Shadow Hunter\Application Data\pcouffin.sys 2008-01-16 17:00 22,328 ----a-w C:\Documents and Settings\Shadow Hunter\Application Data\PnkBstrK.sys 2008-01-08 16:10 151,552 ----a-w C:\WINDOWS\Media\csrss.exe 2007-11-15 13:00 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007111520071116\index.dat . ((((((((((((((((((((((((((((( snapshot@2008-04-17_ 8.48.39.71 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-17 06:43:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-04-18 07:07:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B1DEEA6A-74DA-44F9-82A9-6BF7B1211D5D}] 2008-03-16 17:40 42496 --a------ C:\WINDOWS\system32\wvussqn.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E3F1800A-2DC7-4543-931F-9F5163828D57}] 2008-04-18 09:13 272896 --a------ C:\WINDOWS\system32\sstqq.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 12:06 1443072] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:56 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="regsvr32 /s /n /i:u shell32" [] "IE7-11"="advpack.dll" [2007-03-21 12:11 124928 C:\WINDOWS\system32\advpack.dll] C:\Documents and Settings\Shadow Hunter\Start Menu\Programs\Startup\ Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 19:57:16 2913584] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ FlashGet.lnk - C:\Program Files\FlashGet\flashget.exe [2007-12-08 03:05:29 1318912] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{B1DEEA6A-74DA-44F9-82A9-6BF7B1211D5D}"= C:\WINDOWS\system32\wvussqn.dll [2008-03-16 17:40 42496] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvussqn] wvussqn.dll 2008-03-16 17:40 42496 C:\WINDOWS\system32\wvussqn.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\sstqq [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM47868ee6] C:\WINDOWS\system32\xmoqbgpn.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] --a------ 2007-02-07 17:21 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2006-10-22 13:22 7700480 C:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R1 cdawdm;CDAWDM;C:\WINDOWS\system32\DRIVERS\CDAWDM.sys [2003-02-25 11:38] R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 12:11] R1 kjo23bk;kjo23bk;C:\WINDOWS\kjo23bk.dll [2008-03-16 17:40] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 17:51] R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 01:56] R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 12:31] S3 Droppix Service;Droppix Service;"C:\Program Files\Common Files\Droppix\DxService.exe" [2007-09-28 16:31] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\O] \Shell\AutoRun\command - O:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{caa65853-c1cf-11dc-bcfd-0019dbd04196}] \Shell\AutoRun\command - F:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder "2008-04-11 15:17:42 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe . ************************************************************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-04-18 09:08:24 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl" . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\wvussqn.dll PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\system32\wabvwrjg.dll -> C:\WINDOWS\system32\sstqq.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe . ************************************************************************ . Completion time: 2008-04-18 9:15:01 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-18 07:14:39 Pre-Run: 50,652,299,264 bytes free Post-Run: 50,687,381,504 bytes free Dopuna: 18 Apr 2008 9:23 Logfile of HijackThis v1.99.1 Scan saved at 8:58:59, on 18.4.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\FlashGet\flashget.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\Shadow Hunter\Desktop\New Folder\TR3.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {A52B11B0-E69C-4D4E-A368-F52F7E53D3B8} - C:\WINDOWS\system32\ddcyy.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: (no name) - {B1DEEA6A-74DA-44F9-82A9-6BF7B1211D5D} - C:\WINDOWS\system32\wvussqn.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [BM47868ee6] Rundll32.exe "C:\WINDOWS\system32\sicwwbnj.dll",s O4 - HKLM\..\Run: [44b5bd7a] rundll32.exe "C:\WINDOWS\system32\httfbson.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe O4 - Global Startup: FlashGet.lnk = C:\Program Files\FlashGet\flashget.exe O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O11 - Options group: [INTERNATIONAL] International O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{D596BA87-1A40-4ED2-838A-059E3CE84F6C}: NameServer = 192.168.1.1 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: wvussqn - C:\WINDOWS\SYSTEM32\wvussqn.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing) O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing) O23 - Service: avast! Mail Scanner - Unknown owner - (no file) O23 - Service: avast! Web Scanner - Unknown owner - (no file) O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Droppix Service - Droppix - C:\Program Files\Common Files\Droppix\DxService.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Nero AG - (no file) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

Profil

DEMIAN Poslao: 18 Apr 2008 16:43 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: File:: C:\WINDOWS\system32\gembljjk.ini.ren C:\WINDOWS\system32\kjjlbmeg.dll.ren C:\WINDOWS\system32\rrqss.ini2.ren C:\WINDOWS\system32\rrqss.ini.ren C:\WINDOWS\system32\srngstku.ini.ren C:\WINDOWS\system32\uktsgnrs.dll.ren C:\WINDOWS\system32\ukpuvvpf.ini C:\WINDOWS\system32\fpvvupku.dll.ren C:\WINDOWS\system32\gytgxvnx.ini.ren C:\WINDOWS\system32\xnvxgtyg.dll.ren C:\WINDOWS\system32\mtvmynkd.ini.ren C:\WINDOWS\system32\dknymvtm.dll.ren C:\WINDOWS\system32\pgeyoawm.dll.ren C:\WINDOWS\system32\ststv.ini.ren C:\WINDOWS\system32\ststv.ini2.ren C:\WINDOWS\system32\mejdmjxc.ini.ren C:\WINDOWS\system32\psqawxgr.ini.ren C:\WINDOWS\system32\fbakuhpa.ini.ren C:\WINDOWS\system32\aphukabf.dll.ren C:\WINDOWS\kjo23bk.dll.vir C:\WINDOWS\system32\lokelibo.ini C:\WINDOWS\system32\hwbmerxw.ini C:\WINDOWS\system32\debolwpl.ini C:\WINDOWS\system32\vfxwqpjr.ini C:\WINDOWS\system32\vfstodtr.ini C:\WINDOWS\system32\iyfctevv.ini C:\WINDOWS\system32\drgymhey.ini C:\WINDOWS\system32\varqtqgp.ini C:\WINDOWS\system32\vteocdeu.ini C:\WINDOWS\system32\fwfwmwvo.ini C:\WINDOWS\system32\uaotucis.ini C:\WINDOWS\system32\mpfcxtag.ini C:\WINDOWS\system32\doehuetl.ini C:\WINDOWS\system32\doqvxdav.ini C:\WINDOWS\system32\ugdjwait.ini C:\WINDOWS\system32\hksesxqv.ini C:\WINDOWS\system32\moykpspo.ini C:\WINDOWS\system32\nxhomtst.ini C:\WINDOWS\system32\vvvwa.ini.ren C:\WINDOWS\system32\vvvwa.ini2.ren C:\WINDOWS\system32\akqbodvo.dll C:\WINDOWS\system32\pfjolbta.dll.vir C:\WINDOWS\system32\sfnrmhrj.ini C:\WINDOWS\kjo23bk.dll C:\WINDOWS\system32\wvussqn.dll C:\axmfr.exe.vir C:\WINDOWS\system32\BReWErS.dll C:\Documents and Settings\All Users\Application Data\ezsid.dat C:\d_v_t.reg C:\dvt.exe C:\Documents and Settings\Shadow Hunter\Application Data\inst.exe C:\WINDOWS\Media\csrss.exe C:\WINDOWS\system32\sstqq.dll C:\WINDOWS\system32\wvussqn.dll C:\WINDOWS\system32\ddcyy.dll C:\WINDOWS\BM47868ee6.xml C:\WINDOWS\system32\wabvwrjg.dll Driver:: kjo23bk Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B1DEEA6A-74DA-44F9-82A9-6BF7B1211D5D}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E3F1800A-2DC7-4543-931F-9F5163828D57}] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"=- [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{B1DEEA6A-74DA-44F9-82A9-6BF7B1211D5D}"=- [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvussqn] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM47868ee6] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\O] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{caa65853-c1cf-11dc-bcfd-0019dbd04196}] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

KPCTA Poslao: 18 Apr 2008 17:30 Idi na vrh
offline KPCTA Novi MyCity građanin Pridružio: 17 Apr 2008 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-04-16.5 - Shadow Hunter 2008-04-18 16:45:02.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1423 [GMT 2:00] Running from: C:\Documents and Settings\Shadow Hunter\Desktop\Download\ComboFix.exe Command switches used :: C:\Documents and Settings\Shadow Hunter\Desktop\CFScript.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\axmfr.exe.vir C:\d_v_t.reg C:\Documents and Settings\All Users\Application Data\ezsid.dat C:\Documents and Settings\Shadow Hunter\Application Data\inst.exe C:\dvt.exe C:\WINDOWS\BM47868ee6.xml C:\WINDOWS\kjo23bk.dll C:\WINDOWS\kjo23bk.dll.vir C:\WINDOWS\Media\csrss.exe C:\WINDOWS\system32\akqbodvo.dll C:\WINDOWS\system32\aphukabf.dll.ren C:\WINDOWS\system32\BReWErS.dll C:\WINDOWS\system32\ddcyy.dll C:\WINDOWS\system32\debolwpl.ini C:\WINDOWS\system32\dknymvtm.dll.ren C:\WINDOWS\system32\doehuetl.ini C:\WINDOWS\system32\doqvxdav.ini C:\WINDOWS\system32\drgymhey.ini C:\WINDOWS\system32\fbakuhpa.ini.ren C:\WINDOWS\system32\fpvvupku.dll.ren C:\WINDOWS\system32\fwfwmwvo.ini C:\WINDOWS\system32\gembljjk.ini.ren C:\WINDOWS\system32\gytgxvnx.ini.ren C:\WINDOWS\system32\hksesxqv.ini C:\WINDOWS\system32\hwbmerxw.ini C:\WINDOWS\system32\iyfctevv.ini C:\WINDOWS\system32\kjjlbmeg.dll.ren C:\WINDOWS\system32\lokelibo.ini C:\WINDOWS\system32\mejdmjxc.ini.ren C:\WINDOWS\system32\moykpspo.ini C:\WINDOWS\system32\mpfcxtag.ini C:\WINDOWS\system32\mtvmynkd.ini.ren C:\WINDOWS\system32\nxhomtst.ini C:\WINDOWS\system32\pfjolbta.dll.vir C:\WINDOWS\system32\pgeyoawm.dll.ren C:\WINDOWS\system32\psqawxgr.ini.ren C:\WINDOWS\system32\rrqss.ini.ren C:\WINDOWS\system32\rrqss.ini2.ren C:\WINDOWS\system32\sfnrmhrj.ini C:\WINDOWS\system32\srngstku.ini.ren C:\WINDOWS\system32\sstqq.dll C:\WINDOWS\system32\ststv.ini.ren C:\WINDOWS\system32\ststv.ini2.ren C:\WINDOWS\system32\uaotucis.ini C:\WINDOWS\system32\ugdjwait.ini C:\WINDOWS\system32\ukpuvvpf.ini C:\WINDOWS\system32\uktsgnrs.dll.ren C:\WINDOWS\system32\varqtqgp.ini C:\WINDOWS\system32\vfstodtr.ini C:\WINDOWS\system32\vfxwqpjr.ini C:\WINDOWS\system32\vteocdeu.ini C:\WINDOWS\system32\vvvwa.ini.ren C:\WINDOWS\system32\vvvwa.ini2.ren C:\WINDOWS\system32\wabvwrjg.dll C:\WINDOWS\system32\wvussqn.dll C:\WINDOWS\system32\xnvxgtyg.dll.ren . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\axmfr.exe.vir C:\d_v_t.reg C:\Documents and Settings\All Users\Application Data\ezsid.dat C:\Documents and Settings\Shadow Hunter\Application Data\inst.exe C:\dvt.exe C:\WINDOWS\BM47868ee6.xml C:\WINDOWS\kjo23bk.dll C:\WINDOWS\kjo23bk.dll.vir C:\WINDOWS\Media\csrss.exe C:\WINDOWS\system32\akqbodvo.dll C:\WINDOWS\system32\aphukabf.dll.ren C:\WINDOWS\system32\BReWErS.dll C:\WINDOWS\system32\debolwpl.ini C:\WINDOWS\system32\dknymvtm.dll.ren C:\WINDOWS\system32\doehuetl.ini C:\WINDOWS\system32\doqvxdav.ini C:\WINDOWS\system32\drgymhey.ini C:\WINDOWS\system32\fbakuhpa.ini.ren C:\WINDOWS\system32\fpvvupku.dll.ren C:\WINDOWS\system32\fwfwmwvo.ini C:\WINDOWS\system32\gembljjk.ini.ren C:\WINDOWS\system32\gytgxvnx.ini.ren C:\WINDOWS\system32\hksesxqv.ini C:\WINDOWS\system32\hwbmerxw.ini C:\WINDOWS\system32\iyfctevv.ini C:\WINDOWS\system32\kjjlbmeg.dll.ren C:\WINDOWS\system32\lokelibo.ini C:\WINDOWS\system32\mejdmjxc.ini.ren C:\WINDOWS\system32\moykpspo.ini C:\WINDOWS\system32\mpfcxtag.ini C:\WINDOWS\system32\mtvmynkd.ini.ren C:\WINDOWS\system32\nxhomtst.ini C:\WINDOWS\system32\pfjolbta.dll.vir C:\WINDOWS\system32\pgeyoawm.dll.ren C:\WINDOWS\system32\psqawxgr.ini.ren C:\WINDOWS\system32\qqtss.ini C:\WINDOWS\system32\qqtss.ini2 C:\WINDOWS\system32\rrqss.ini.ren C:\WINDOWS\system32\rrqss.ini2.ren C:\WINDOWS\system32\sfnrmhrj.ini C:\WINDOWS\system32\srngstku.ini.ren C:\WINDOWS\system32\sstqq.dll C:\WINDOWS\system32\ststv.ini.ren C:\WINDOWS\system32\ststv.ini2.ren C:\WINDOWS\system32\uaotucis.ini C:\WINDOWS\system32\ugdjwait.ini C:\WINDOWS\system32\ukpuvvpf.ini C:\WINDOWS\system32\uktsgnrs.dll.ren C:\WINDOWS\system32\varqtqgp.ini C:\WINDOWS\system32\vfstodtr.ini C:\WINDOWS\system32\vfxwqpjr.ini C:\WINDOWS\system32\vteocdeu.ini C:\WINDOWS\system32\vvvwa.ini.ren C:\WINDOWS\system32\vvvwa.ini2.ren C:\WINDOWS\system32\wabvwrjg.dll C:\WINDOWS\system32\wvussqn.dll C:\WINDOWS\system32\xnvxgtyg.dll.ren . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_KJO23BK -------\Service_kjo23bk ((((((((((((((((((((((((( Files Created from 2008-03-18 to 2008-04-18 ))))))))))))))))))))))))))))))) . 2008-04-18 09:14 . 2008-04-18 16:45 1,529,260 --ahs---- C:\WINDOWS\system32\gjrwvbaw.ini 2008-04-16 10:06 . 2008-04-16 10:08 <DIR> d-------- C:\Documents and Settings\Administrator 2008-04-13 14:30 . 2008-04-13 14:30 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-13 13:42 . 2008-04-18 08:59 <DIR> d-------- C:\VundoFix Backups 2008-03-31 10:07 . 2008-03-31 10:07 <DIR> d-------- C:\Program Files\Water Desktop 2008-03-31 10:07 . 2005-08-26 22:03 32,768 --a------ C:\WINDOWS\system32\Menu.dll 2008-03-31 10:07 . 2008-03-31 10:12 67 --a------ C:\WINDOWS\Water Desktop.INI 2008-03-27 22:17 . 2008-03-27 22:17 <DIR> d-------- C:\Documents and Settings\Shadow Hunter\Application Data\dvdcss 2008-03-27 20:15 . 2008-03-27 20:15 <DIR> d-------- C:\Program Files\ImTOO 2008-03-27 20:15 . 2005-11-21 07:48 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL 2008-03-27 20:15 . 2005-11-21 07:48 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS 2008-03-24 13:36 . 2008-04-05 10:43 <DIR> d-------- C:\Program Files\Electronic Arts 2008-03-23 20:46 . 2008-03-23 20:46 <DIR> d-------- C:\WINDOWS\speech 2008-03-23 20:46 . 2008-03-23 20:46 <DIR> d-------- C:\Program Files\Mini recnik 2008-03-20 11:21 . 2008-03-20 11:21 <DIR> d-------- C:\Program Files\JoWood 2008-03-18 22:23 . 2008-03-18 12:02 2,359,350 --a------ C:\WINDOWS\FrameShow Wallpaper.BMP 2008-03-18 21:53 . 2008-03-18 21:53 <DIR> d-------- C:\Program Files\ESET 2008-03-18 17:59 . 2008-03-18 17:59 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment 2008-03-18 17:55 . 2008-03-31 14:11 <DIR> d-------- C:\Program Files\World of Warcraft 2008-03-18 11:56 . 2008-03-18 11:56 <DIR> d-------- C:\Program Files\Common Files\Bcgsoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-18 14:50 --------- d-----w C:\Program Files\FlashGet 2008-04-17 07:02 --------- d-----w C:\Program Files\Trojan Remover 2008-04-17 07:01 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-14 22:09 --------- d-----w C:\Program Files\Fraps 2008-04-13 13:25 --------- d-----w C:\Program Files\Atomic Alarm Clock 2008-04-13 12:03 --------- d-----w C:\Program Files\PowerISO 2008-04-05 18:00 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-05 09:13 --------- d-----w C:\Program Files\Sega 2008-03-31 06:44 --------- d-----w C:\Documents and Settings\Shadow Hunter\Application Data\Vso 2008-03-20 16:54 --------- d-----w C:\Program Files\Bit Che 2008-03-20 16:53 --------- d-----w C:\Program Files\Master of Defense 2008-03-20 16:44 --------- d-----w C:\Program Files\ArtMoney 2008-03-18 20:28 --------- d-----w C:\Program Files\YouTube Downloader 2008-03-17 13:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-03-17 13:56 --------- d-----w C:\Program Files\DVD Shrink 2008-03-16 12:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Simply Super Software 2008-03-16 09:08 --------- d-----w C:\Documents and Settings\Shadow Hunter\Application Data\Simply Super Software 2008-03-12 22:23 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-12 22:23 --------- d-----w C:\Program Files\Bonjour 2008-03-12 22:15 --------- d-----w C:\Program Files\Common Files\Macrovision Shared 2008-03-12 18:46 --------- d-----w C:\Program Files\AmitySource 2008-03-11 13:06 --------- d-----w C:\Program Files\Azgard Defence 2008-03-06 13:11 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-03-01 21:56 --------- d-----w C:\Program Files\Windows Live 2008-02-29 18:29 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-02-29 18:25 --------- d-----w C:\Program Files\MSN Messenger 2008-02-29 18:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-02-29 13:32 --------- d-----w C:\Program Files\AGEIA Technologies 2008-02-28 12:35 --------- d-----w C:\Documents and Settings\Shadow Hunter\Application Data\Skype 2008-02-28 12:30 --------- d-----w C:\Documents and Settings\Shadow Hunter\Application Data\skypePM 2008-02-27 20:52 --------- d-----w C:\Program Files\TrojanHunter 5.0 2008-02-26 21:14 --------- d-----w C:\Documents and Settings\Shadow Hunter\Application Data\Imperium Romanum 2008-02-26 21:11 --------- d-----w C:\Program Files\Kalypso 2008-02-20 10:11 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys 2008-02-20 10:02 29,704 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys 2008-02-20 10:01 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys 2008-02-13 17:24 418,480 ----a-w C:\WINDOWS\system32\wrap_oal.dll 2008-02-13 17:24 115,432 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2008-02-04 16:34 5,642 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2008-02-01 17:26 274,432 ----a-w C:\WINDOWS\system32\imon.dll 2008-01-29 08:03 47,360 ----a-w C:\Documents and Settings\Shadow Hunter\Application Data\pcouffin.sys 2008-01-16 17:00 22,328 ----a-w C:\Documents and Settings\Shadow Hunter\Application Data\PnkBstrK.sys 2007-11-15 13:00 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007111520071116\index.dat . ((((((((((((((((((((((((((((( snapshot@2008-04-17_ 8.48.39.71 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-17 06:43:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-04-18 14:51:56 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 12:06 1443072] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480] "44b5bd7a"="C:\WINDOWS\system32\wabvwrjg.dll" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:56 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IE7-11"="advpack.dll" [2007-03-21 12:11 124928 C:\WINDOWS\system32\advpack.dll] C:\Documents and Settings\Shadow Hunter\Start Menu\Programs\Startup\ Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 19:57:16 2913584] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ FlashGet.lnk - C:\Program Files\FlashGet\flashget.exe [2007-12-08 03:05:29 1318912] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] --a------ 2007-02-07 17:21 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2006-10-22 13:22 7700480 C:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R1 cdawdm;CDAWDM;C:\WINDOWS\system32\DRIVERS\CDAWDM.sys [2003-02-25 11:38] R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 12:11] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 17:51] R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 01:56] R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 12:31] S3 Droppix Service;Droppix Service;"C:\Program Files\Common Files\Droppix\DxService.exe" [2007-09-28 16:31] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder "2008-04-11 15:17:42 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe . ************************************************************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-04-18 16:52:16 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl" . ------------------------ Other Running Processes ------------------------ . C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************ . Completion time: 2008-04-18 16:57:48 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-18 14:57:32 ComboFix2.txt 2008-04-18 07:15:03 Pre-Run: 42,082,865,152 bytes free Post-Run: 42,035,744,768 bytes free

Profil

DEMIAN Poslao: 18 Apr 2008 18:17 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Skini ovaj reg fajl https://www.mycity.rs/must-login.png Dvoklikom ga importuj u registry, potvrdi sa Yes upit o tome. Restaruj PC. Postavi novi log programa ComboFix.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Virtumonde :(

Ko je trenutno na forumu

Ukupno su 1088 korisnika na forumu :: 56 registrovanih, 5 sakrivenih i 1027 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: _Sale, A.R.Chafee.Jr., Andrija357, atmel, Atomski čoban, babaroga, Bobrock1, bojank, bokisha253, Buzdovan, cavatina, darkojbn, Dimitrise93, doklevise, dragoljub11987, FOX, Gargantua, goxin, ivica976, JimmyNapoli, Karla, Koridor, krkalon, Leonov, Lošmi, Magistar78, mikki jons, mikrimaus, milenko crazy north, Milos ZA, Ne doznajem se u oružje, Nobunaga, nuke92, Oscar, ozzy, panzerwaffe, Parker, procesor, raketaš, repac, robert1979, Rogan33, royst33, ruger357, sasa76, savaskytec, slonic_tonic, Smiljke, Srki94, tubular, VP6919, wolverined4, YugoSlav, zdrebac, zziko, 79693

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by