Poslao: 01 Feb 2009 01:40
|
offline
- pinklady
- Novi MyCity građanin
- Pridružio: 01 Feb 2009
- Poruke: 28
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:35:37 AM, on 2/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Intelinet] C:\Program Files\Intelinet\Intelinet.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?c90749cda4b949aeb3bca2d323ea8c8f
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?c90749cda4b949aeb3bca2d323ea8c8f
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IntelinetSecure - Unknown owner - C:\Program Files\Intelinet\intelin2.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
--
End of file - 5953 bytes
|
|
|
|
|
Poslao: 01 Feb 2009 13:01
|
offline
- pinklady
- Novi MyCity građanin
- Pridružio: 01 Feb 2009
- Poruke: 28
|
ComboFix 09-01-31.02 - Administrator 2009-02-01 12:53:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.135 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\Sa Interneta\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090131-0] *On-access scanning disabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2009-01-01 to 2009-02-01 )))))))))))))))))))))))))))))))
.
2009-01-31 23:23 . 2009-01-31 23:23 <DIR> d-------- c:\program files\Alwil Software
2009-01-30 21:01 . 2009-01-30 21:01 <DIR> d-------- c:\program files\Google
2009-01-30 21:01 . 2009-01-31 23:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater
2009-01-27 21:47 . 2009-01-27 21:47 249,592 --a------ c:\windows\system32\cssdll32.dll
2009-01-27 15:45 . 2009-01-27 15:45 <DIR> d--h----- c:\windows\$hf_mig$
2009-01-10 12:19 . 2009-01-30 23:43 <DIR> d-------- c:\program files\Common Files\System Internals 32bits
2009-01-09 18:49 . 2009-01-09 18:49 0 --a------ c:\windows\nsreg.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-31 21:55 --------- d-----w c:\program files\mama
2009-01-31 21:46 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-01-30 23:25 --------- d-----w c:\documents and settings\Administrator\Application Data\Skype
2009-01-30 23:05 --------- d-----w c:\documents and settings\Administrator\Application Data\skypePM
2009-01-30 21:45 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-01-30 21:18 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-30 20:49 --------- d-----w c:\program files\BitComet
2009-01-30 17:04 --------- d-----w c:\program files\XoftSpySE
2009-01-28 12:06 --------- d-----w c:\program files\SpywareBlaster
2008-12-24 13:53 --------- d-----w c:\program files\FLV Player
2008-12-24 13:33 --------- d-----w c:\program files\RegCleaner
2008-12-24 12:27 --------- d-----w c:\program files\CCleaner
2008-12-24 12:16 --------- d-----w c:\program files\XP AntiSpy
2008-12-24 12:03 --------- d-----w c:\program files\Trend Micro
2008-12-18 10:03 --------- d-----w c:\documents and settings\Administrator\Application Data\DNA
2008-12-18 10:02 --------- d-----w c:\program files\DNA
2008-12-06 20:58 --------- d-----w c:\program files\Common Files\Adobe
2008-12-05 15:43 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-12-05 14:20 --------- d-----w c:\documents and settings\All Users\Application Data\Winamp Toolbar
2008-12-05 14:16 --------- d-----w c:\program files\Winamp
2008-04-22 19:35 18,480 ----a-w c:\documents and settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 45056]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= divxa32.acm
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 02:07 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\ApexDC++_Gusari_XY6\\ApexDC.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\3ivxConfig.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7315:TCP"= 7315:TCP:DC++TCP
"2206:UDP"= 2206:UDP:DC++UDP
"20645:TCP"= 20645:TCP:BitComet 20645 TCP
"20645:UDP"= 20645:UDP:BitComet 20645 UDP
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-31 111184]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-31 20560]
S1 is-H8IDHdrv;is-H8IDHdrv;c:\windows\system32\DRIVERS\37792908.sys --> c:\windows\system32\DRIVERS\37792908.sys [?]
S3 IntelinetSecure;IntelinetSecure;c:\program files\Intelinet\intelin2.exe --> c:\program files\Intelinet\intelin2.exe [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e25f30a-df29-11dc-ab05-001a4d632f28}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bb5f4e9-accb-11dd-b583-001a4d632f28}]
\Shell\AutoRun\command - gg.exe 0o
\Shell\explore\Command - gg.exe 0e
\Shell\open\Command - gg.exe 0o
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adc52ed4-cb7a-11dd-b64d-001a4d632f28}]
\Shell\AutoRun\command - h:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
\Shell\open\command - h:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c459cb7a-f4f5-11dc-ab4a-c52b40cd5321}]
\Shell\AutoRun\command - E:\Setup.exe
.
Contents of the 'Scheduled Tasks' folder
2008-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []
2008-12-13 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]
2009-02-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-30 21:01]
2008-12-24 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe [2009-01-14 15:42]
2008-12-24 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2009-01-14 15:42]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-Intelinet - c:\program files\Intelinet\Intelinet.exe
MSConfigStartUp-TuneUp - c:\program files\Common Files\System Internals 32bits\TuneUp.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?c90749cda4b949aeb3bca2d323ea8c8f
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?c90749cda4b949aeb3bca2d323ea8c8f
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\eyyd22kf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - IMDB
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10587&gct=&gc=1&q=
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\eyyd22kf.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-02-01 12:54:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(520)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-02-01 12:55:23
ComboFix-quarantined-files.txt 2009-02-01 11:55:21
Pre-Run: 69,989,957,632 bytes free
Post-Run: 70,107,398,144 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
164 --- E O F --- 2008-12-12 11:11:28
avast je detektovao trojanac win 32u fajlu-program files-sistem internal 32bits
|
|
|
|
|
Poslao: 01 Feb 2009 13:35
|
offline
- pinklady
- Novi MyCity građanin
- Pridružio: 01 Feb 2009
- Poruke: 28
|
evo upload je zavrsen-uspesno
Dopuna: 01 Feb 2009 13:34
i jos jedno pitanje-vec 2 puta me banuju sa haba zbog virusa ali avast mi to ne detektuje rekli su mi da je to 2.dcf32.avi.avi.exe-nariyh worm
pa mozda i to moze pomoci-hvala unapred
Dopuna: 01 Feb 2009 13:35
narith worm-malopre sam pogresno napisala
|
|
|
|
|
Poslao: 01 Feb 2009 15:08
|
offline
- pinklady
- Novi MyCity građanin
- Pridružio: 01 Feb 2009
- Poruke: 28
|
ima li nade za mene
Dopuna: 01 Feb 2009 14:20
ja ne razumem koji notepad da otvorim
Dopuna: 01 Feb 2009 14:40
ne mogu da snimim kao SFCript
Dopuna: 01 Feb 2009 14:47
ComboFix 09-01-31.03 - Administrator 2009-02-01 14:40:13.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.111 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\Sa Interneta\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090131-0] *On-access scanning disabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2009-01-01 to 2009-02-01 )))))))))))))))))))))))))))))))
.
2009-01-31 23:23 . 2009-01-31 23:23 <DIR> d-------- c:\program files\Alwil Software
2009-01-30 21:01 . 2009-01-30 21:01 <DIR> d-------- c:\program files\Google
2009-01-30 21:01 . 2009-01-31 23:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater
2009-01-27 21:47 . 2009-01-27 21:47 249,592 --a------ c:\windows\system32\cssdll32.dll
2009-01-27 15:45 . 2009-01-27 15:45 <DIR> d--h----- c:\windows\$hf_mig$
2009-01-10 12:19 . 2009-01-30 23:43 <DIR> d-------- c:\program files\Common Files\System Internals 32bits
2009-01-09 18:49 . 2009-01-09 18:49 0 --a------ c:\windows\nsreg.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-31 21:55 --------- d-----w c:\program files\mama
2009-01-31 21:46 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-01-30 23:25 --------- d-----w c:\documents and settings\Administrator\Application Data\Skype
2009-01-30 23:05 --------- d-----w c:\documents and settings\Administrator\Application Data\skypePM
2009-01-30 21:45 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-01-30 21:18 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-30 20:49 --------- d-----w c:\program files\BitComet
2009-01-30 17:04 --------- d-----w c:\program files\XoftSpySE
2009-01-28 12:06 --------- d-----w c:\program files\SpywareBlaster
2008-12-24 13:53 --------- d-----w c:\program files\FLV Player
2008-12-24 13:33 --------- d-----w c:\program files\RegCleaner
2008-12-24 12:27 --------- d-----w c:\program files\CCleaner
2008-12-24 12:16 --------- d-----w c:\program files\XP AntiSpy
2008-12-24 12:03 --------- d-----w c:\program files\Trend Micro
2008-12-18 10:03 --------- d-----w c:\documents and settings\Administrator\Application Data\DNA
2008-12-18 10:02 --------- d-----w c:\program files\DNA
2008-12-06 20:58 --------- d-----w c:\program files\Common Files\Adobe
2008-12-05 15:43 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-12-05 14:20 --------- d-----w c:\documents and settings\All Users\Application Data\Winamp Toolbar
2008-12-05 14:16 --------- d-----w c:\program files\Winamp
2008-04-22 19:35 18,480 ----a-w c:\documents and settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 45056]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= divxa32.acm
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 02:07 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\ApexDC++_Gusari_XY6\\ApexDC.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\3ivxConfig.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7315:TCP"= 7315:TCP:DC++TCP
"2206:UDP"= 2206:UDP:DC++UDP
"20645:TCP"= 20645:TCP:BitComet 20645 TCP
"20645:UDP"= 20645:UDP:BitComet 20645 UDP
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-31 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-31 20560]
S1 is-H8IDHdrv;is-H8IDHdrv;c:\windows\system32\DRIVERS\37792908.sys --> c:\windows\system32\DRIVERS\37792908.sys [?]
S3 IntelinetSecure;IntelinetSecure;c:\program files\Intelinet\intelin2.exe --> c:\program files\Intelinet\intelin2.exe [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e25f30a-df29-11dc-ab05-001a4d632f28}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bb5f4e9-accb-11dd-b583-001a4d632f28}]
\Shell\AutoRun\command - gg.exe 0o
\Shell\explore\Command - gg.exe 0e
\Shell\open\Command - gg.exe 0o
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adc52ed4-cb7a-11dd-b64d-001a4d632f28}]
\Shell\AutoRun\command - h:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
\Shell\open\command - h:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c459cb7a-f4f5-11dc-ab4a-c52b40cd5321}]
\Shell\AutoRun\command - E:\Setup.exe
.
Contents of the 'Scheduled Tasks' folder
2008-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []
2008-12-13 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]
2009-02-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-30 21:01]
2008-12-24 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe [2009-01-14 15:42]
2008-12-24 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2009-01-14 15:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?c90749cda4b949aeb3bca2d323ea8c8f
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?c90749cda4b949aeb3bca2d323ea8c8f
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\eyyd22kf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - IMDB
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10587&gct=&gc=1&q=
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\eyyd22kf.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-02-01 14:41:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(520)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-02-01 14:42:20
ComboFix-quarantined-files.txt 2009-02-01 13:42:18
ComboFix2.txt 2009-02-01 11:55:24
Pre-Run: 70,138,867,712 bytes free
Post-Run: 70,125,498,368 bytes free
155 --- E O F --- 2008-12-12 11:11:28
uspela sam
Dopuna: 01 Feb 2009 15:08
malo je potrajalo ali sta da se radi-mozak stao
|
|
|
|
|
Poslao: 01 Feb 2009 16:17
|
offline
- pinklady
- Novi MyCity građanin
- Pridružio: 01 Feb 2009
- Poruke: 28
|
ComboFix 09-01-31.03 - Administrator 2009-02-01 15:25:25.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.142 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\Sa Interneta\ComboFix.exe
Command switches used :: C:\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090131-0] *On-access scanning disabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2009-01-01 to 2009-02-01 )))))))))))))))))))))))))))))))
.
2009-01-31 23:23 . 2009-01-31 23:23 <DIR> d-------- c:\program files\Alwil Software
2009-01-30 21:01 . 2009-01-30 21:01 <DIR> d-------- c:\program files\Google
2009-01-30 21:01 . 2009-01-31 23:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater
2009-01-27 21:47 . 2009-01-27 21:47 249,592 --a------ c:\windows\system32\cssdll32.dll
2009-01-27 15:45 . 2009-01-27 15:45 <DIR> d--h----- c:\windows\$hf_mig$
2009-01-10 12:19 . 2009-01-30 23:43 <DIR> d-------- c:\program files\Common Files\System Internals 32bits
2009-01-09 18:49 . 2009-01-09 18:49 0 --a------ c:\windows\nsreg.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-31 21:55 --------- d-----w c:\program files\mama
2009-01-31 21:46 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-01-30 23:25 --------- d-----w c:\documents and settings\Administrator\Application Data\Skype
2009-01-30 23:05 --------- d-----w c:\documents and settings\Administrator\Application Data\skypePM
2009-01-30 21:45 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-01-30 21:18 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-30 20:49 --------- d-----w c:\program files\BitComet
2009-01-30 17:04 --------- d-----w c:\program files\XoftSpySE
2009-01-28 12:06 --------- d-----w c:\program files\SpywareBlaster
2008-12-24 13:53 --------- d-----w c:\program files\FLV Player
2008-12-24 13:33 --------- d-----w c:\program files\RegCleaner
2008-12-24 12:27 --------- d-----w c:\program files\CCleaner
2008-12-24 12:16 --------- d-----w c:\program files\XP AntiSpy
2008-12-24 12:03 --------- d-----w c:\program files\Trend Micro
2008-12-18 10:03 --------- d-----w c:\documents and settings\Administrator\Application Data\DNA
2008-12-18 10:02 --------- d-----w c:\program files\DNA
2008-12-06 20:58 --------- d-----w c:\program files\Common Files\Adobe
2008-12-05 15:43 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-12-05 14:20 --------- d-----w c:\documents and settings\All Users\Application Data\Winamp Toolbar
2008-12-05 14:16 --------- d-----w c:\program files\Winamp
2008-04-22 19:35 18,480 ----a-w c:\documents and settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 45056]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= divxa32.acm
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 02:07 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\ApexDC++_Gusari_XY6\\ApexDC.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\3ivxConfig.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7315:TCP"= 7315:TCP:DC++TCP
"2206:UDP"= 2206:UDP:DC++UDP
"20645:TCP"= 20645:TCP:BitComet 20645 TCP
"20645:UDP"= 20645:UDP:BitComet 20645 UDP
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-31 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-31 20560]
S1 is-H8IDHdrv;is-H8IDHdrv;c:\windows\system32\DRIVERS\37792908.sys --> c:\windows\system32\DRIVERS\37792908.sys [?]
S3 IntelinetSecure;IntelinetSecure;c:\program files\Intelinet\intelin2.exe --> c:\program files\Intelinet\intelin2.exe [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e25f30a-df29-11dc-ab05-001a4d632f28}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bb5f4e9-accb-11dd-b583-001a4d632f28}]
\Shell\AutoRun\command - gg.exe 0o
\Shell\explore\Command - gg.exe 0e
\Shell\open\Command - gg.exe 0o
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adc52ed4-cb7a-11dd-b64d-001a4d632f28}]
\Shell\AutoRun\command - h:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
\Shell\open\command - h:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c459cb7a-f4f5-11dc-ab4a-c52b40cd5321}]
\Shell\AutoRun\command - E:\Setup.exe
.
Contents of the 'Scheduled Tasks' folder
2008-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []
2008-12-13 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]
2009-02-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-30 21:01]
2008-12-24 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe [2009-01-14 15:42]
2008-12-24 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2009-01-14 15:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?c90749cda4b949aeb3bca2d323ea8c8f
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?c90749cda4b949aeb3bca2d323ea8c8f
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\eyyd22kf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - IMDB
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10587&gct=&gc=1&q=
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\eyyd22kf.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-02-01 15:26:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(520)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-02-01 15:27:35
ComboFix-quarantined-files.txt 2009-02-01 14:27:33
ComboFix2.txt 2009-02-01 13:42:21
ComboFix3.txt 2009-02-01 11:55:24
Pre-Run: 70,115,373,056 bytes free
Post-Run: 70,100,238,336 bytes free
156 --- E O F --- 2008-12-12 11:11:28
valja li sad
Dopuna: 01 Feb 2009 15:55
jesi li tu
Dopuna: 01 Feb 2009 16:08
molim te obraduj me i reci da je ok
Dopuna: 01 Feb 2009 16:17
mozda sam malo dosadna ,izvini ali bas bi mi znacilo da resim ovaj problem
|
|
|
|
Poslao: 01 Feb 2009 16:32
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
Pa i nije ok. Negde postoji greška. Nisam siguran u čemu, no...
Odradimo ovo na drugi način.
Obriši sledeće foldere:
c:\program files\Common Files\System Internals 32bits
c:\program files\Intelinet
Skini i pokreni ovaj file: https://www.mycity.rs/must-login.png
Nakon toga restartuj kompjuter i dvoklikom pokreni ComboFix - postavi ovde log koji dobiješ.
|
|
|
|