Win32/Rootkit.Agenr.ODG Trojan

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Evo ga.. i sad poslije skeniranja nod neprijavljuje nista

ComboFix 09-06-18.02 - Aco 06/19/2009 22:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.964 [GMT 2:00]
Running from: c:\documents and settings\Aco\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Aco\Application Data\inst.exe
c:\windows\system32\drivers\mcahsuja.sys
c:\windows\system32\drivers\qkciu.sys
c:\windows\system32\drivers\SKYNETgqlsqmgw.sys
c:\windows\system32\drivers\vdouw.sys
c:\windows\system32\SKYNETfbaksrta.dll
c:\windows\system32\SKYNEToytifpuw.dat
c:\windows\system32\SKYNETreltpcaq.dat
c:\windows\system32\SKYNETvvsaihfd.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETrpsspbll


((((((((((((((((((((((((( Files Created from 2009-05-19 to 2009-06-19 )))))))))))))))))))))))))))))))
.

2009-06-19 20:24 . 2009-06-19 20:24 -------- d-----w- c:\documents and settings\Aco\Application Data\Thinstall
2009-06-19 18:54 . 2009-06-19 19:36 0 ----a-w- C:\backup.reg
2009-06-19 18:40 . 2009-06-19 18:40 -------- d-----w- c:\program files\YouTube Downloader
2009-06-19 11:35 . 2009-06-19 11:35 -------- d-----w- c:\documents and settings\Aco\Local Settings\Application Data\ESET
2009-06-19 11:35 . 2009-06-19 11:35 -------- d-----w- c:\windows\Downloaded Installations
2009-06-19 11:16 . 2009-06-19 11:16 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-19 09:08 . 2009-06-19 09:20 -------- d-----w- c:\documents and settings\Aco\Ekahau Site Survey
2009-06-19 09:07 . 2009-06-19 09:21 -------- d-----w- c:\program files\Ekahau
2009-06-19 08:57 . 2009-06-19 08:57 -------- d-----w- c:\program files\MyLanViewer
2009-06-18 21:41 . 2009-06-18 21:41 -------- d-----w- c:\windows\Icons
2009-06-18 21:34 . 2009-06-18 22:33 -------- d-----w- c:\windows\system32\NtmsData
2009-06-18 21:07 . 2009-06-18 21:34 -------- d-----w- c:\documents and settings\Aco\Application Data\IObit
2009-06-18 21:07 . 2009-06-19 11:42 -------- d-----w- c:\program files\IObit
2009-06-18 20:48 . 2009-06-18 21:33 -------- d-----w- c:\program files\Wise Registry Cleaner
2009-06-18 19:24 . 2009-06-18 19:24 -------- d-----w- c:\program files\Unlocker
2009-06-18 19:10 . 2009-06-18 19:10 -------- d-----w- c:\documents and settings\Aco\Application Data\Media Player Classic
2009-06-18 17:58 . 1997-11-19 13:49 303616 ----a-w- c:\windows\IsUninst.exe
2009-06-18 17:58 . 2009-06-18 17:58 -------- d-----w- c:\documents and settings\Aco\WINDOWS
2009-06-18 17:08 . 2009-06-18 17:08 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-06-18 17:03 . 2009-06-18 17:03 -------- d-----w- c:\documents and settings\Aco\Local Settings\Application Data\Adobe
2009-06-18 16:57 . 2009-06-18 16:57 -------- d-----w- c:\program files\Common Files\Motorola Shared
2009-06-18 16:50 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll
2009-06-18 16:50 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-06-18 16:50 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-06-18 16:50 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-06-18 16:50 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-06-18 16:50 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-06-18 16:50 . 2009-06-02 16:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-06-18 16:50 . 2004-01-11 22:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-06-18 16:50 . 2009-06-18 21:33 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-06-18 16:15 . 2009-06-18 16:15 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-06-18 16:15 . 2009-06-18 16:15 47360 ------w- c:\documents and settings\Aco\Application Data\pcouffin.sys
2009-06-18 16:15 . 2009-06-18 21:33 -------- d-----w- c:\documents and settings\Aco\Application Data\Vso
2009-06-18 16:14 . 2007-03-18 19:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2009-06-18 16:14 . 2006-09-29 11:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2009-06-18 16:14 . 2006-09-29 11:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2009-06-18 16:14 . 2006-09-29 11:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2009-06-18 16:14 . 2006-05-20 15:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2009-06-18 16:14 . 2006-05-11 18:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2009-06-18 16:14 . 2002-12-10 01:20 102439 ----a-w- c:\windows\system32\sipr3260.dll
2009-06-18 16:14 . 2009-06-18 16:14 -------- d-----w- c:\program files\VSO
2009-06-18 15:15 . 2009-06-18 15:15 -------- d-----w- c:\windows\ie8updates
2009-06-18 15:00 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-18 15:00 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-18 15:00 . 2009-04-30 21:22 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-06-18 15:00 . 2009-04-30 21:22 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-19 19:39 . 2009-06-18 14:11 -------- d-----w- c:\program files\Mozilla Firefox 3.5 Beta 4
2009-06-19 14:50 . 2009-06-18 13:02 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-19 12:38 . 2009-06-18 13:28 -------- d-----w- c:\program files\1st Sound Recorder
2009-06-19 11:32 . 2009-06-18 14:03 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-06-18 21:14 . 2009-06-18 14:14 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-06-18 21:10 . 2009-06-18 12:48 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-18 17:22 . 2009-06-18 14:07 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-18 16:40 . 2009-06-18 14:07 -------- d-----w- c:\program files\AC3Filter
2009-06-18 14:27 . 2009-06-18 13:40 -------- d-----w- c:\program files\Java
2009-06-18 14:26 . 2009-06-18 14:26 152576 ------w- c:\documents and settings\Aco\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-18 14:17 . 2009-06-18 14:17 -------- d-----w- c:\documents and settings\Aco\Application Data\Malwarebytes
2009-06-18 14:17 . 2009-06-18 14:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-18 14:17 . 2009-06-18 14:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-18 14:15 . 2009-06-18 14:15 -------- d-----w- c:\documents and settings\Aco\Application Data\TuneUp Software
2009-06-18 14:15 . 2009-06-18 14:15 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-06-18 14:13 . 2009-06-18 14:13 -------- d-----w- c:\program files\VS Revo Group
2009-06-18 14:11 . 2009-06-18 14:11 0 ----a-w- c:\windows\nsreg.dat
2009-06-18 14:09 . 2009-06-18 14:09 -------- d-----w- c:\program files\Mv2Player
2009-06-18 14:09 . 2009-06-18 14:09 -------- d-----w- c:\program files\ASUSTeK
2009-06-18 14:09 . 2009-06-18 12:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-18 14:09 . 2009-06-18 12:55 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-18 14:08 . 2009-06-18 14:08 -------- d-----w- c:\program files\DivX_311alpha
2009-06-18 14:08 . 2009-06-18 14:08 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-18 14:08 . 2009-06-18 14:08 -------- d-----w- c:\program files\DivXCodec
2009-06-18 14:04 . 2009-06-18 14:04 3638 ------r- c:\documents and settings\Aco\Application Data\Microsoft\Installer\{B6BCCB80-B3FC-4E97-8513-A7BEE73A5C5A}\_98A101ADE6B49563D61EBE.exe
2009-06-18 14:04 . 2009-06-18 14:04 3638 ------r- c:\documents and settings\Aco\Application Data\Microsoft\Installer\{B6BCCB80-B3FC-4E97-8513-A7BEE73A5C5A}\_7EC000065F4FCD53105A1C.exe
2009-06-18 14:04 . 2009-06-18 14:04 10134 ------r- c:\documents and settings\Aco\Application Data\Microsoft\Installer\{B6BCCB80-B3FC-4E97-8513-A7BEE73A5C5A}\_C87C479E1DA6C42F6A34D4.exe
2009-06-18 14:04 . 2009-06-18 14:04 10134 ------r- c:\documents and settings\Aco\Application Data\Microsoft\Installer\{B6BCCB80-B3FC-4E97-8513-A7BEE73A5C5A}\_C080941B362BD02C8C608E.exe
2009-06-18 14:04 . 2009-06-18 14:04 10134 ------r- c:\documents and settings\Aco\Application Data\Microsoft\Installer\{B6BCCB80-B3FC-4E97-8513-A7BEE73A5C5A}\_1ACEE05C37FBBF5D65B447.exe
2009-06-18 14:04 . 2009-06-18 14:04 -------- d-----w- c:\program files\Teorex
2009-06-18 14:04 . 2009-06-18 14:04 -------- d-----w- c:\documents and settings\Aco\Application Data\ACD Systems
2009-06-18 14:00 . 2009-06-18 13:23 12912 ------w- c:\documents and settings\Aco\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-18 14:00 . 2009-06-18 14:00 -------- d-----w- c:\program files\TechSmith
2009-06-18 13:51 . 2009-06-18 13:51 -------- d-----w- c:\program files\MSBuild
2009-06-18 13:51 . 2009-06-18 13:51 -------- d-----w- c:\program files\Reference Assemblies
2009-06-18 13:47 . 2009-06-18 13:47 -------- d-----w- c:\program files\Google
2009-06-18 13:34 . 2009-06-18 13:34 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-18 13:34 . 2009-06-18 13:34 -------- d-----w- c:\program files\Microsoft
2009-06-18 13:34 . 2009-06-18 13:33 -------- d-----w- c:\program files\Windows Live
2009-06-18 13:33 . 2009-06-18 13:33 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-18 13:29 . 2009-06-18 13:29 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-18 13:28 . 2009-06-18 13:28 -------- d-----w- c:\documents and settings\Aco\Application Data\Apple Computer
2009-06-18 13:26 . 2009-06-18 13:26 -------- d-----w- c:\documents and settings\Aco\Application Data\Ahead
2009-06-18 13:25 . 2009-06-18 13:25 -------- d-----w- c:\program files\Nero
2009-06-18 13:25 . 2009-06-18 13:25 -------- d-----w- c:\program files\Common Files\Ahead
2009-06-18 13:24 . 2009-06-18 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-18 13:23 . 2009-06-18 13:23 -------- d-----w- c:\program files\QuickTime
2009-06-18 13:21 . 2009-06-18 13:21 -------- d-----w- c:\program files\Apple Software Update
2009-06-18 13:21 . 2009-06-18 13:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-18 13:20 . 2009-06-18 13:20 -------- d-----w- c:\program files\Windows Media Connect 2
2009-06-18 13:18 . 2009-06-18 13:17 -------- d-----w- c:\documents and settings\Aco\Application Data\Winamp
2009-06-18 13:18 . 2009-06-18 13:17 -------- d-----w- c:\program files\Winamp
2009-06-18 13:18 . 2009-06-18 13:17 -------- d-----w- c:\program files\CDex_140b9
2009-06-18 13:15 . 2009-06-18 13:13 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-06-18 13:10 . 2009-06-18 13:10 -------- d-----w- c:\program files\ESET
2009-06-18 13:10 . 2009-06-18 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-06-18 13:06 . 2009-06-18 13:06 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-06-18 13:06 . 2009-06-18 13:06 -------- d-----w- c:\program files\Ovislink
2009-06-18 13:06 . 2009-06-18 13:06 -------- d-----w- c:\documents and settings\Aco\Application Data\InstallShield
2009-06-18 13:02 . 2009-06-18 13:02 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-18 13:00 . 2009-06-18 13:00 -------- d-----w- c:\program files\Realtek
2009-06-18 12:59 . 2009-06-18 12:59 315392 ----a-w- c:\windows\HideWin.exe
2009-06-18 12:55 . 2009-06-18 12:55 -------- d-----w- c:\program files\VIA
2009-06-18 12:49 . 2009-06-18 12:49 -------- d-----w- c:\program files\microsoft frontpage
2009-06-18 12:45 . 2009-06-18 12:45 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-17 09:27 . 2009-06-18 14:17 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 09:27 . 2009-06-18 14:17 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-10 06:28 . 2009-06-10 06:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 06:28 . 2009-06-10 06:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 06:28 . 2009-06-10 06:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 06:28 . 2009-06-10 06:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 06:28 . 2009-06-10 06:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 06:28 . 2009-06-10 06:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 06:28 . 2009-06-10 06:28 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-06-10 04:03 . 2009-06-18 13:02 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 04:03 . 2009-04-30 20:02 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 04:03 . 2009-04-30 20:02 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 04:03 . 2009-04-30 20:02 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 04:03 . 2009-04-30 20:02 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 04:03 . 2009-04-30 20:02 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-06-10 04:03 . 2009-04-30 20:02 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 04:03 . 2009-04-30 20:02 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 04:03 . 2009-04-30 20:02 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 04:03 . 2009-04-30 20:02 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 04:03 . 2009-04-30 20:02 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-08 15:30 . 2009-06-08 15:30 1614848 ----a-w- c:\windows\system32\sfcfiles.dll
2009-06-08 15:30 . 2009-06-08 15:30 990208 ----a-w- c:\windows\system32\syssetup.dll
2009-06-04 14:39 . 2009-06-18 13:02 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-05-14 13:49 . 2009-05-14 13:49 94360 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-05-14 13:47 . 2009-05-14 13:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 13:41 . 2009-05-14 13:41 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-05-13 05:15 . 2008-04-14 03:42 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2008-04-14 03:41 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 21:02 . 2001-12-18 21:02 685056 ----a-w- c:\windows\system32\divx.dll
2009-04-17 12:26 . 2008-04-13 23:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2008-04-14 03:42 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-07 12:45 . 2009-04-07 12:45 12416 ----a-w- c:\windows\system32\drivers\ekauio.sys
2009-04-03 10:39 . 2009-04-03 10:39 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
.

------- Sigcheck -------

[-] 2009-06-08 15:30 1614848 9AEA06C8403D4A20C606CDC242312B41 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-06-17 414992]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-02-26 16125440]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AirLive 802.11G Wireless Utility.lnk - c:\program files\Ovislink\Common\AirLiveUI.exe [2009-6-18 1748992]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"RemoteControl"="c:\program files\ASUSTeK\ASUSDVD\PDVDServ.exe"
"WinampAgent"="c:\program files\Winamp\winampa.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 ViBus;ViBus;c:\windows\system32\drivers\ViBus.sys [4/16/2009 13:33 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\drivers\ViPrt.sys [4/16/2009 13:33 52224]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [5/14/2009 15:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [5/14/2009 15:49 94360]
R2 Ekauio;Ekahau NDIS Usermode I/O Protocol;c:\windows\system32\drivers\ekauio.sys [4/7/2009 14:45 12416]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [5/14/2009 15:47 731840]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/18/2009 16:17 195856]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\Ovislink\Common\RalinkRegistryWriter.exe [6/18/2009 15:06 69632]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/18/2009 16:17 19096]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]

2009-06-18 c:\windows\Tasks\Wise Registry Cleaner 4.job
- c:\program files\Wise Registry Cleaner\WiseRegistryCleaner.exe [2009-06-18 23:07]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.winzip.com/instcmplt.cgi?pid=WNZP&ver=12.1.8497.0&lang=EN&vid=ekln&3pa=ggle:0
FF - ProfilePath -

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-19 22:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-06-19 22:47
ComboFix-quarantined-files.txt 2009-06-19 20:47

Pre-Run: 45,151,162,368 bytes free
Post-Run: 45,193,863,168 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

304

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ne bi ni trebao da prijavljuje... Ovo izgleda čisto.

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

combofix /u

Primeti da postoji razmak između "ComboFix" i "/u".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.


To bi bilo to.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

OK... Ziv bio