windows live messenger problem!!

1

windows live messenger problem!!

offline
  • Pridružio: 26 Apr 2009
  • Poruke: 42
  • Gde živiš: Bijeljina

Napisano: 10 Avg 2009 17:11

Zdravo,
Evo ovako, problem je pocheo da se pojavljuje pre 5 minuta..ali tachno kada sam instalirao jedan software(magix music maker)..tada mi je izbacilo prvi put, mislio da je zbog njega (i dalje stojim iza toga) onda sam uninstallirao taj software medjutim i dalje imam isti error koji glasi "windows live messenger has encountered a problem and needs to close"
od antivirusa imam NOD32 .. shto se tiche konekcije..kablovski internet download 1Mb/s a upload 128 Kb/s...rachunar lap top: acer aspire7520...






DDS (Ver_09-07-30.01) - NTFSx86
Run by drummer at 15:55:17,48 on pon 10.08.2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1791.1126 [GMT 2:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\LAUNCH~1\LManager.exe
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
D:\Program Files\LogMeIn\x86\LogMeInSystray.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\LogMeIn\x86\LMIGuardian.exe
E:\Program Files\DAEMON Tools Lite\daemon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
D:\Program Files\ICQ6Toolbar\ICQ Service.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\LogMeIn\x86\RaMaint.exe
D:\Program Files\LogMeIn\x86\LogMeIn.exe
D:\Program Files\LogMeIn\x86\LMIGuardian.exe
D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
D:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
D:\WINDOWS\Packs\Crystal XP\YzToolbar\YzToolbar.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
"D:\WINDOWS\system32\svchost.exe" 40706
D:\DOCUME~1\drummer\LOCALS~1\Temp\RtkBtMnt.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Windows Media Player\wmplayer.exe
D:\Documents and Settings\drummer\Application Data\taskeng.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\drummer\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.bearshare.com/intl/
uInternet Connection Wizard,ShellNext = login.live.com/ppsecure/sha1auth.srf?lc=1033
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - d:\program files\icq6toolbar\ICQToolBar.dll
mWinlogon: Taskman=d:\recycler\s-1-5-21-4456771915-1687149246-966499079-6899\rundll32.exe
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - e:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - e:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - d:\program files\bearshare applications\bearshare mediabar\BearShareIEHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - d:\program files\bs_player\tbBS_1.dll
TB: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - d:\program files\bs_player\tbBS_1.dll
TB: BearShare MediaBar: {d3dee18f-db64-4beb-9ff1-e1f0a5033e4a} - d:\program files\bearshare applications\bearshare mediabar\BearShareMediaBar.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - d:\program files\icq6toolbar\ICQToolBar.dll
EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - d:\program files\icq6toolbar\ICQToolBar.dll
uRun: [NVIDIA nTune] "d:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [Skype] "d:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [msnmsgr] "d:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [DAEMON Tools Lite] e:\program files\daemon tools lite\daemon.exe -autorun
uRun: [SpybotSD TeaTimer] e:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [MSMSGS] "d:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "d:\documents and settings\drummer\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ICQ] "d:\program files\icq6\ICQ.exe" silent
uRun: [ALLUpdate] "e:\program files\allplayer\ALLUpdate.exe" "sleep"
uRun: [MicrosoftUpdate] d:\documents and settings\drummer\application data\taskeng.exe
mRun: [LManager] d:\progra~1\launch~1\LManager.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE d:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [egui] "d:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [NeroFilterCheck] d:\windows\system32\NeroCheck.exe
mRun: [H2O] d:\program files\syncrosoft\pos\h2o\cledx.exe
mRun: [LogMeIn GUI] "d:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [SunJavaUpdateSched] "d:\program files\java\jre6\bin\jusched.exe"
mRun: [Google Desktop Search] "d:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRunOnce: [GrpConv] grpconv.exe -o
mRunOnce: [WMC_0] d:\windows\system32\regsvr32.exe /s "d:\windows\system32\wmv8dmod.dll"
mRunOnce: [WMC_1] d:\windows\system32\regsvr32.exe /s "d:\windows\system32\mp4sds32.ax"
StartupFolder: d:\docume~1\drummer\startm~1\programs\startup\hamachi.lnk - d:\program files\hamachi\hamachi.exe
StartupFolder: d:\docume~1\drummer\startm~1\programs\startup\y'ztoo~1.lnk - d:\windows\packs\crystal xp\yztoolbar\YzToolbar.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - e:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\blueso~1.lnk - d:\program files\ivt corporation\bluesoleil\BlueSoleil.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - e:\program files\intervideo\common\bin\WinCinemaMgr.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - e:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - e:\progra~1\micros~1\office10\EXCEL.EXE/3000
IE: {B863453A-26C3-4e1f-A54D-A2CD196348E9} - e:\program files\icqlite\ICQLite.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\program files\icq6.5\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - d:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - e:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
TCP: {512B50B8-37F8-4254-AA4E-70F697A51494} = 77.239.64.19,77.239.64.20
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - d:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LMIinit - LMIinit.dll
AppInit_DLLs: d:\progra~1\google\google~1\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\drummer\applic~1\mozilla\firefox\profiles\v28llpsn.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: d:\documents and settings\drummer\application data\mozilla\firefox\profiles\v28llpsn.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFAlert.dll
FF - component: d:\documents and settings\drummer\application data\mozilla\firefox\profiles\v28llpsn.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: d:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: d:\documents and settings\drummer\application data\mozilla\firefox\profiles\v28llpsn.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: d:\documents and settings\drummer\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: e:\program files\adobe\acrobat 7.0\reader\browser\nppdf32.dll
FF - plugin: e:\program files\divx\divx player\npDivxPlayerPlugin.dll
FF - plugin: e:\program files\divx\divx web player\npdivx32.dll
FF - plugin: e:\program files\google\picasa3\npPicasa3.dll
FF - plugin: e:\program files\itunes\mozilla plugins\npitunes.dll
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;d:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]
R2 ekrn;Eset Service;d:\program files\eset\eset nod32 antivirus\ekrn.exe [2007-12-21 468224]
R2 ICQ Service;ICQ Service;d:\program files\icq6toolbar\ICQ Service.exe [2009-6-26 222968]
R2 LMIInfo;LogMeIn Kernel Information Provider;d:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;d:\windows\system32\drivers\LMIRfsDriver.sys [2009-6-18 47640]
R3 CLEDX;Team H2O CLEDX service;d:\windows\system32\drivers\cledx.sys [2009-4-27 33792]
S2 RPCHGM;Remote Procedure Call (HGM);d:\program files\netmeeting\secedit.exe [2009-7-9 22863560]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;d:\program files\google\google desktop search\GoogleDesktop.exe [2009-7-5 30192]
S3 iadusb;MT882;d:\windows\system32\drivers\glauiad.sys [2009-7-19 30336]
S3 NPF;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [2003-4-4 30336]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-08-10 15:34 28 a------- d:\windows\Robota.INI
2009-08-10 15:34 <DIR> --d----- d:\docume~1\drummer\applic~1\MAGIX
2009-08-10 15:34 420,240 a------- d:\windows\system32\mpg4c32.dll
2009-08-10 15:34 309,616 a------- d:\windows\system32\wmv8dmod.dll
2009-08-10 15:34 245,760 a------- d:\windows\system32\mp4sds32.ax
2009-08-10 15:33 <DIR> --d----- d:\docume~1\alluse~1\applic~1\MAGIX
2009-08-10 15:32 55,296 a------- d:\docume~1\drummer\applic~1\taskeng.exe
2009-08-10 15:32 120,200 a------- d:\windows\system32\DLLDEV32i.dll
2009-08-10 15:31 700,416 a------- d:\windows\system32\mgxoschk.dll
2009-08-10 15:31 5,937 a------- d:\windows\mgxoschk.ini
2009-08-10 15:31 <DIR> --d----- d:\windows\system32\MAGIX
2009-08-06 22:48 <DIR> --d----- d:\docume~1\drummer\applic~1\pokerth
2009-08-04 15:41 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Messenger Plus!
2009-08-04 15:25 <DIR> --d----- d:\program files\Messenger Plus! Live
2009-07-28 03:19 10 a------- d:\windows\system32\810429tv4-test.jun
2009-07-27 12:26 90,624 a------- d:\windows\system32\drivers\kswdmcap.ax
2009-07-27 12:26 61,952 a------- d:\windows\system32\drivers\kstvtune.ax
2009-07-27 12:26 28,672 a------- d:\windows\system32\drivers\vidcap.ax
2009-07-27 12:26 53,760 a------- d:\windows\system32\drivers\vfwwdm32.dll
2009-07-27 12:26 43,008 a------- d:\windows\system32\drivers\ksxbar.ax
2009-07-27 12:25 <DIR> --d----- d:\program files\IVT Corporation
2009-07-23 17:57 73,728 a------- d:\windows\system32\np_plugin.dll
2009-07-23 15:06 <DIR> --d----- d:\program files\Hamachi
2009-07-21 14:15 978 a------- d:\windows\eReg.dat
2009-07-19 17:23 38,400 a------- d:\windows\system32\CoInst.dll
2009-07-19 17:23 30,336 a------- d:\windows\system32\drivers\glauiad.sys
2009-07-19 17:23 <DIR> --d----- d:\program files\MT882
2009-07-19 17:23 19,220 -------- d:\windows\wwdslcfg.ini
2009-07-19 13:03 356,352 a------- d:\windows\system32\nvunrm.exe
2009-07-19 13:03 3,903 a------- d:\windows\system32\nvnrm.nvu
2009-07-19 13:02 110,592 a------- d:\windows\system32\drivers\nvtcp.sys
2009-07-19 13:02 927,616 a------- d:\windows\system32\drivers\nvnrm.sys
2009-07-19 13:02 261,632 a------- d:\windows\system32\drivers\nvsnpu.sys
2009-07-19 13:02 196,096 a------- d:\windows\system32\fdco1.dll
2009-07-19 13:02 46,720 a------- d:\windows\system32\drivers\NVENETFD.sys
2009-07-19 13:02 37,888 a------- d:\windows\system32\nvconrm.dll
2009-07-19 13:02 19,968 a------- d:\windows\system32\drivers\nvnetbus.sys
2009-07-19 13:02 9,216 a------- d:\windows\system32\bdco1.dll
2009-07-18 13:57 <DIR> --d----- d:\program files\Windows Journal Viewer
2009-07-14 20:00 287 a------- d:\windows\game.ini

==================== Find3M ====================

2009-07-23 15:06 25,280 a------- d:\windows\system32\drivers\hamachi.sys
2009-07-14 20:01 163,644 a------- d:\windows\system32\drivers\secdrv.sys
2009-07-09 13:24 4,224 a------- d:\windows\system32\drivers\beep.sys
2009-06-30 15:44 410,984 a------- d:\windows\system32\deploytk.dll
2009-04-20 23:15 321,144 ---sh--- d:\windows\system\taksmgr.exe

============= FINISH: 15:55:32,28 ===============



mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

Dopuna: 10 Avg 2009 17:30

btw..evo sad mi je nod32 nashao "agent trojan"

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Pozdrav


Možeš li da mi napišeš tačan naziv toga što je Nod pronašao ili da postaviš screenshot.

offline
  • Pridružio: 26 Apr 2009
  • Poruke: 42
  • Gde živiš: Bijeljina

naravno da mogu..evo =)

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 26 Apr 2009
  • Poruke: 42
  • Gde živiš: Bijeljina

Napisano: 10 Avg 2009 20:40

ComboFix 09-08-10.01 - drummer 10.08.2009 20:25.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1791.1199 [GMT 2:00]
Running from: d:\documents and settings\drummer\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

?
d:\program files\WinPCap
d:\recycler\S-1-5-21-0056532458-2609463537-714068108-3946
d:\recycler\S-1-5-21-0590401594-6593298714-219960741-7251
d:\recycler\S-1-5-21-2197395233-5248240419-077525495-4148
d:\recycler\S-1-5-21-3822486133-5703383009-008114228-9295
d:\recycler\S-1-5-21-4456771915-1687149246-966499079-6899
d:\recycler\S-1-5-21-5291197734-9644642997-082478803-0022
d:\recycler\S-1-5-21-5415480734-9121397537-086191643-2756
d:\recycler\S-1-5-21-9840785061-2071684429-652846412-1914

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-07-10 to 2009-08-10 )))))))))))))))))))))))))))))))
.

2009-08-10 13:34 . 2009-08-10 13:34 -------- d-----w- d:\documents and settings\drummer\Application Data\MAGIX
2009-08-10 13:34 . 2001-05-16 15:54 309616 ----a-w- d:\windows\system32\wmv8dmod.dll
2009-08-10 13:34 . 2001-05-11 11:18 420240 ----a-w- d:\windows\system32\mpg4c32.dll
2009-08-10 13:32 . 2009-08-10 13:32 55296 ----a-w- d:\documents and settings\drummer\Application Data\taskeng.exe
2009-08-10 13:32 . 2007-04-27 08:43 120200 ----a-w- d:\windows\system32\DLLDEV32i.dll
2009-08-10 13:31 . 2009-08-10 13:40 -------- d-----w- d:\windows\system32\MAGIX
2009-08-10 13:31 . 2008-04-15 14:14 700416 ----a-w- d:\windows\system32\mgxoschk.dll
2009-08-06 20:48 . 2009-08-06 20:48 -------- d-----w- d:\documents and settings\drummer\Application Data\pokerth
2009-08-04 13:41 . 2009-08-04 13:41 -------- d-----w- d:\documents and settings\All Users\Application Data\Messenger Plus!
2009-08-04 13:25 . 2009-08-04 13:25 -------- d-----w- d:\program files\Messenger Plus! Live
2009-07-27 10:43 . 2009-07-27 10:43 -------- d-----w- d:\documents and settings\All Users\Application Data\Bluetooth
2009-07-27 10:26 . 2004-08-03 22:56 53760 ----a-w- d:\windows\system32\drivers\vfwwdm32.dll
2009-07-23 15:57 . 2009-07-23 15:57 73728 ----a-w- d:\windows\system32\np_plugin.dll
2009-07-23 13:06 . 2009-07-23 13:07 -------- d-----w- d:\program files\Hamachi
2009-07-23 11:41 . 2009-07-23 11:41 -------- d-----w- d:\documents and settings\drummer\Local Settings\Application Data\Ahead
2009-07-21 12:15 . 2009-07-21 12:28 978 ----a-w- d:\windows\eReg.dat
2009-07-19 15:23 . 2006-03-20 07:32 30336 ----a-w- d:\windows\system32\drivers\glauiad.sys
2009-07-19 15:23 . 2005-08-22 09:22 38400 ----a-w- d:\windows\system32\CoInst.dll
2009-07-19 15:23 . 2009-07-19 15:23 -------- d-----w- d:\program files\MT882
2009-07-19 11:03 . 2007-07-23 21:11 356352 ----a-w- d:\windows\system32\nvunrm.exe
2009-07-19 11:02 . 2007-07-23 21:11 110592 ----a-w- d:\windows\system32\drivers\nvtcp.sys
2009-07-19 11:02 . 2007-07-23 21:11 927616 ----a-w- d:\windows\system32\drivers\nvnrm.sys
2009-07-19 11:02 . 2007-07-23 21:11 9216 ----a-w- d:\windows\system32\bdco1.dll
2009-07-19 11:02 . 2007-07-23 21:11 46720 ----a-w- d:\windows\system32\drivers\NVENETFD.sys
2009-07-19 11:02 . 2007-07-23 21:11 37888 ----a-w- d:\windows\system32\nvconrm.dll
2009-07-19 11:02 . 2007-07-23 21:11 261632 ----a-w- d:\windows\system32\drivers\nvsnpu.sys
2009-07-19 11:02 . 2007-07-23 21:11 19968 ----a-w- d:\windows\system32\drivers\nvnetbus.sys
2009-07-19 11:02 . 2007-07-23 21:11 196096 ----a-w- d:\windows\system32\fdco1.dll
2009-07-18 11:57 . 2009-07-18 11:57 -------- d-----w- d:\program files\Windows Journal Viewer
2009-07-17 15:18 . 2009-08-02 10:20 -------- d-----w- d:\documents and settings\drummer\Local Settings\Application Data\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-10 18:35 . 2009-04-18 10:07 -------- d-----w- d:\documents and settings\drummer\Application Data\Skype
2009-08-10 18:35 . 2009-04-22 20:23 -------- d-----w- d:\documents and settings\drummer\Application Data\Hamachi
2009-08-10 13:39 . 2009-08-10 13:33 -------- d-----w- d:\documents and settings\All Users\Application Data\MAGIX
2009-08-10 13:35 . 2009-04-18 09:53 36424 ----a-w- d:\documents and settings\drummer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-10 13:30 . 2009-04-18 17:21 -------- d-----w- d:\documents and settings\drummer\Application Data\uTorrent
2009-08-10 00:08 . 2009-06-18 13:30 -------- d-----w- d:\program files\SpeedFan
2009-08-09 23:37 . 2009-06-18 15:44 -------- d-----w- d:\program files\LogMeIn
2009-08-09 15:36 . 2009-04-18 10:08 -------- d-----w- d:\documents and settings\drummer\Application Data\skypePM
2009-08-08 16:54 . 2009-05-08 07:33 -------- d-----w- d:\documents and settings\drummer\Application Data\Audacity
2009-08-01 17:40 . 2009-05-13 20:41 -------- d-----w- d:\documents and settings\drummer\Application Data\gtk-2.0
2009-07-30 20:54 . 2009-04-18 09:40 -------- d-----w- d:\program files\Launch Manager
2009-07-27 18:31 . 2009-06-30 13:45 -------- d-----w- d:\documents and settings\drummer\Application Data\LimeWire
2009-07-27 10:25 . 2009-07-27 10:25 -------- d-----w- d:\program files\IVT Corporation
2009-07-27 10:25 . 2009-04-18 09:34 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-07-23 13:06 . 2009-04-22 20:23 25280 ----a-w- d:\windows\system32\drivers\hamachi.sys
2009-07-20 12:33 . 2009-04-18 22:15 -------- d-----w- d:\documents and settings\drummer\Application Data\BSplayer
2009-07-14 18:01 . 2004-07-17 09:36 163644 ----a-w- d:\windows\system32\drivers\secdrv.sys
2009-07-09 14:50 . 2009-04-18 22:15 -------- d-----w- d:\program files\BS_Player
2009-07-09 12:50 . 2009-07-09 12:50 -------- d-----w- d:\documents and settings\All Users\Application Data\Blizzard
2009-07-09 11:24 . 2001-08-23 19:00 4224 ----a-w- d:\windows\system32\drivers\beep.sys
2009-07-05 11:20 . 2009-04-26 13:38 -------- d-----w- d:\program files\Google
2009-07-02 10:20 . 2009-06-27 14:54 -------- d-----w- d:\documents and settings\drummer\Application Data\ICQ
2009-06-30 13:44 . 2009-06-30 13:44 410984 ----a-w- d:\windows\system32\deploytk.dll
2009-06-30 13:44 . 2009-06-30 13:44 -------- d-----w- d:\program files\Java
2009-06-30 13:44 . 2009-06-30 13:44 152576 ----a-w- d:\documents and settings\drummer\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-28 01:22 . 2009-06-26 17:58 -------- d-----w- d:\program files\ICQ6Toolbar
2009-06-27 17:42 . 2009-06-27 17:42 -------- d-----w- d:\documents and settings\drummer\Application Data\DivX
2009-06-27 15:35 . 2009-06-27 15:32 -------- d-----w- d:\program files\ICQ6.5
2009-06-27 15:34 . 2009-06-26 17:58 -------- d-----w- d:\documents and settings\All Users\Application Data\ICQ
2009-06-27 15:33 . 2009-06-27 14:53 -------- d-----w- d:\program files\ICQ6
2009-06-27 14:39 . 2009-06-26 23:17 -------- d-----w- d:\documents and settings\drummer\Application Data\ICQLite
2009-06-18 15:44 . 2009-06-18 15:44 -------- d-----w- d:\documents and settings\All Users\Application Data\LogMeIn
2009-06-17 20:57 . 2009-06-17 20:57 -------- d-----w- d:\program files\Atheros
2009-06-17 20:57 . 2009-04-25 14:16 -------- d-----w- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-21 19:12 . 2009-05-21 19:12 78376 ----a-w- d:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-21 19:02 . 2009-05-21 18:55 52770576 ----a-w- d:\documents and settings\drummer\Application Data\Sony Setup\64993CD0-67D1-4244-A2BC-FD73F4DA5B62\dotnetfx3.exe
2009-07-05 11:20 . 2009-07-05 11:20 122880 ----a-w- d:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- d:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- d:\program files\mozilla firefox\plugins\ssldivx.dll
2009-04-20 21:15 . 2009-04-20 21:15 321144 --sh--w- d:\windows\system\taksmgr.exe
.

------- Sigcheck -------

[-] 2004-08-03 22:56 1134080 0657A5B234A9ABB3F0B63E2F422220B5 d:\windows\system32\WININET.DLL
[-] 2004-08-03 22:56 1134080 0657A5B234A9ABB3F0B63E2F422220B5 d:\windows\system32\dllcache\wininet.dll

[-] 2004-08-03 22:56 2710528 8A5CD5A66652EF0C3A1DA80E1BBD13AA d:\windows\explorer.exe
[-] 2004-08-03 22:56 2710528 8A5CD5A66652EF0C3A1DA80E1BBD13AA d:\windows\system32\dllcache\explorer.exe

[-] 2004-08-03 22:56 247808 90F22357BDE642442720A09BBCF8031E d:\windows\system32\wuauclt.exe
[-] 2004-08-03 22:56 247808 90F22357BDE642442720A09BBCF8031E d:\windows\system32\dllcache\wuauclt.exe

[-] 2004-08-03 22:56 5198336 A2793E050FE486677885C3F27CCC0C9E d:\windows\system32\MSHTML.DLL
[-] 2004-08-03 22:56 5198336 A2793E050FE486677885C3F27CCC0C9E d:\windows\system32\dllcache\mshtml.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2008-09-02 14:05 398776 ----a-w- d:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-05-21 06:25 2094616 ----a-w- d:\program files\BS_Player\tbBS_1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "d:\program files\BS_Player\tbBS_1.dll" [2009-05-21 2094616]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "d:\program files\BS_Player\tbBS_1.dll" [2009-05-21 2094616]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="d:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-20 81920]
"Skype"="d:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
"msnmsgr"="d:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"SpybotSD TeaTimer"="e:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"Google Update"="d:\documents and settings\drummer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-11 133104]
"ALLUpdate"="e:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="d:\progra~1\LAUNCH~1\LManager.exe" [2007-07-23 752136]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2009-02-20 8433664]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2009-02-20 81920]
"egui"="d:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"NeroFilterCheck"="d:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"H2O"="d:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]
"LogMeIn GUI"="d:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-06-30 148888]
"Google Desktop Search"="d:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-07-05 30192]
"RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.EXE [2008-09-30 16864768]
"nwiz"="nwiz.exe" - d:\windows\system32\nwiz.exe [2009-02-20 1626112]

d:\documents and settings\drummer\Start Menu\Programs\Startup\
hamachi.lnk - d:\program files\Hamachi\hamachi.exe [2009-7-23 625952]
Y'z Toolbar.lnk - d:\windows\Packs\Crystal XP\YzToolbar\YzToolbar.exe [2009-4-20 90112]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - e:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
BlueSoleil.lnk - d:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2009-7-27 1183744]
InterVideo WinCinema Manager.lnk - e:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-5-17 114688]
Microsoft Office.lnk - e:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-7 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 18:35 87352 ----a-w- d:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"e:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"e:\\Program Files\\Valve\\hl.exe"=
"d:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Worms 4 Mayhem\\Worms 4 - Mayhem\\WORMS 4 MAYHEM.EXE"=
"e:\\worms\\WWP\\wwp.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 epfwtdir;epfwtdir;d:\windows\system32\drivers\epfwtdir.sys [21.12.2007 8:21 33800]
R2 ekrn;Eset Service;d:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 8:21 468224]
R2 ICQ Service;ICQ Service;d:\program files\ICQ6Toolbar\ICQ Service.exe [26.6.2009 19:58 222968]
R2 LMIInfo;LogMeIn Kernel Information Provider;d:\program files\LogMeIn\x86\rainfo.sys [24.7.2008 18:46 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;d:\windows\system32\drivers\LMIRfsDriver.sys [18.6.2009 17:44 47640]
R3 CLEDX;Team H2O CLEDX service;d:\windows\system32\drivers\cledx.sys [27.4.2009 18:38 33792]
S2 RPCHGM;Remote Procedure Call (HGM);d:\program files\NetMeeting\secedit.exe [9.7.2009 13:00 22863560]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;d:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5.7.2009 13:20 30192]
S3 iadusb;MT882;d:\windows\system32\drivers\glauiad.sys [19.7.2009 17:23 30336]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-08-08 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-08-09 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1979792683-725345543-1003Core.job
- d:\documents and settings\drummer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-11 18:16]

2009-08-10 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1979792683-725345543-1003UA.job
- d:\documents and settings\drummer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-11 18:16]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ICQ - d:\program files\ICQ6\ICQ.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.bearshare.com/intl/
uInternet Connection Wizard,ShellNext = login.live.com/ppsecure/sha1auth.srf?lc=1033
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
TCP: {512B50B8-37F8-4254-AA4E-70F697A51494} = 77.239.64.19,77.239.64.20
FF - ProfilePath - d:\documents and settings\drummer\Application Data\Mozilla\Firefox\Profiles\v28llpsn.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: d:\documents and settings\drummer\Application Data\Mozilla\Firefox\Profiles\v28llpsn.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFAlert.dll
FF - component: d:\documents and settings\drummer\Application Data\Mozilla\Firefox\Profiles\v28llpsn.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: d:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: d:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: d:\documents and settings\drummer\Application Data\Mozilla\Firefox\Profiles\v28llpsn.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: d:\documents and settings\drummer\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: e:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF - plugin: e:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: e:\program files\DivX\DivX Web Player\npdivx32.dll
FF - plugin: e:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: e:\program files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-08-10 20:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-1979792683-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0D652261-5448-9EDE-3CCB-097AABB7C6BF}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hanffdagmghdhjno"=hex:61,61,00,7c
"janffdagmghdhjnoamen"=hex:63,61,6d,70,64,67,00,7c
"pafhiebijaefgmnlkidbdklaeknimjij"=hex:64,61,65,6a,61,69,6e,64,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(900)
d:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(3544)
d:\windows\system32\CRYPT32.dll
d:\windows\system32\MSASN1.dll
d:\windows\System32\cscui.dll
d:\windows\system32\ntshrui.dll
d:\windows\system32\SETUPAPI.dll
d:\windows\system32\NETSHELL.dll
d:\windows\system32\credui.dll
e:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
d:\windows\system32\nvcpl.dll
d:\windows\system32\OLEACC.dll
d:\windows\system32\MSVCP60.dll
d:\windows\system32\nvapi.dll
d:\windows\system32\nvshell.dll
d:\windows\system32\browselc.dll
e:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
e:\progra~1\SPYBOT~1\SDHelper.dll
d:\windows\system32\LMIRfsClientNP.dll
e:\program files\Microsoft Office\Office10\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
d:\windows\system32\rundll32.exe
d:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\program files\LogMeIn\x86\LMIGuardian.exe
d:\program files\Bonjour\mDNSResponder.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\LogMeIn\x86\ramaint.exe
d:\program files\LogMeIn\x86\LogMeIn.exe
d:\program files\LogMeIn\x86\LMIGuardian.exe
d:\program files\NVIDIA Corporation\nTune\nTuneService.exe
d:\windows\system32\nvsvc32.exe
d:\windows\system32\wdfmgr.exe
d:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-08-10 20:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-10 18:38
ComboFix2.txt 2009-04-26 20:50

Pre-Run: 2.256.793.600 bytes free
Post-Run: 2.181.730.304 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
multi(0)disk(0)rdisk(0)partition(4)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

291

Dopuna: 10 Avg 2009 21:30

ej Smile
sad sam otvorio msn..i josh mi nije izbacio error...
ali ne znam da li je ochishceno .. Very Happy

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Otvoriti Notepad i iskopirati sledeci tekst:

File::
d:\documents and settings\drummer\Application Data\taskeng.exe
d:\windows\system\taksmgr.exe
d:\program files\NetMeeting\secedit.exe

Driver::
RPCHGM



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 26 Apr 2009
  • Poruke: 42
  • Gde živiš: Bijeljina

Napisano: 10 Avg 2009 23:38

ComboFix 09-08-10.01 - drummer 10.08.2009 23:28.4.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1791.1129 [GMT 2:00]
Running from: d:\documents and settings\drummer\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\drummer\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FILE ::
"d:\documents and settings\drummer\Application Data\taskeng.exe"
"d:\program files\NetMeeting\secedit.exe"
"d:\windows\system\taksmgr.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

?

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RPCHGM
-------\Service_RPCHGM


((((((((((((((((((((((((( Files Created from 2009-07-10 to 2009-08-10 )))))))))))))))))))))))))))))))
.

2009-08-10 13:34 . 2009-08-10 13:34 -------- d-----w- d:\documents and settings\drummer\Application Data\MAGIX
2009-08-10 13:34 . 2001-05-16 15:54 309616 ----a-w- d:\windows\system32\wmv8dmod.dll
2009-08-10 13:34 . 2001-05-11 11:18 420240 ----a-w- d:\windows\system32\mpg4c32.dll
2009-08-10 13:32 . 2009-08-10 21:28 55296 ----a-w- d:\documents and settings\drummer\Application Data\taskeng.exe
2009-08-10 13:32 . 2007-04-27 08:43 120200 ----a-w- d:\windows\system32\DLLDEV32i.dll
2009-08-10 13:31 . 2009-08-10 13:40 -------- d-----w- d:\windows\system32\MAGIX
2009-08-10 13:31 . 2008-04-15 14:14 700416 ----a-w- d:\windows\system32\mgxoschk.dll
2009-08-06 20:48 . 2009-08-06 20:48 -------- d-----w- d:\documents and settings\drummer\Application Data\pokerth
2009-08-04 13:41 . 2009-08-04 13:41 -------- d-----w- d:\documents and settings\All Users\Application Data\Messenger Plus!
2009-08-04 13:25 . 2009-08-04 13:25 -------- d-----w- d:\program files\Messenger Plus! Live
2009-07-27 10:43 . 2009-07-27 10:43 -------- d-----w- d:\documents and settings\All Users\Application Data\Bluetooth
2009-07-27 10:26 . 2004-08-03 22:56 53760 ----a-w- d:\windows\system32\drivers\vfwwdm32.dll
2009-07-23 15:57 . 2009-07-23 15:57 73728 ----a-w- d:\windows\system32\np_plugin.dll
2009-07-23 13:06 . 2009-07-23 13:07 -------- d-----w- d:\program files\Hamachi
2009-07-23 11:41 . 2009-07-23 11:41 -------- d-----w- d:\documents and settings\drummer\Local Settings\Application Data\Ahead
2009-07-21 12:15 . 2009-07-21 12:28 978 ----a-w- d:\windows\eReg.dat
2009-07-19 15:23 . 2006-03-20 07:32 30336 ----a-w- d:\windows\system32\drivers\glauiad.sys
2009-07-19 15:23 . 2005-08-22 09:22 38400 ----a-w- d:\windows\system32\CoInst.dll
2009-07-19 15:23 . 2009-07-19 15:23 -------- d-----w- d:\program files\MT882
2009-07-19 11:03 . 2007-07-23 21:11 356352 ----a-w- d:\windows\system32\nvunrm.exe
2009-07-19 11:02 . 2007-07-23 21:11 110592 ----a-w- d:\windows\system32\drivers\nvtcp.sys
2009-07-19 11:02 . 2007-07-23 21:11 927616 ----a-w- d:\windows\system32\drivers\nvnrm.sys
2009-07-19 11:02 . 2007-07-23 21:11 9216 ----a-w- d:\windows\system32\bdco1.dll
2009-07-19 11:02 . 2007-07-23 21:11 46720 ----a-w- d:\windows\system32\drivers\NVENETFD.sys
2009-07-19 11:02 . 2007-07-23 21:11 37888 ----a-w- d:\windows\system32\nvconrm.dll
2009-07-19 11:02 . 2007-07-23 21:11 261632 ----a-w- d:\windows\system32\drivers\nvsnpu.sys
2009-07-19 11:02 . 2007-07-23 21:11 19968 ----a-w- d:\windows\system32\drivers\nvnetbus.sys
2009-07-19 11:02 . 2007-07-23 21:11 196096 ----a-w- d:\windows\system32\fdco1.dll
2009-07-18 11:57 . 2009-07-18 11:57 -------- d-----w- d:\program files\Windows Journal Viewer
2009-07-17 15:18 . 2009-08-02 10:20 -------- d-----w- d:\documents and settings\drummer\Local Settings\Application Data\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-10 21:33 . 2009-04-22 20:23 -------- d-----w- d:\documents and settings\drummer\Application Data\Hamachi
2009-08-10 21:27 . 2009-04-18 10:07 -------- d-----w- d:\documents and settings\drummer\Application Data\Skype
2009-08-10 19:27 . 2009-04-18 10:08 -------- d-----w- d:\documents and settings\drummer\Application Data\skypePM
2009-08-10 13:39 . 2009-08-10 13:33 -------- d-----w- d:\documents and settings\All Users\Application Data\MAGIX
2009-08-10 13:35 . 2009-04-18 09:53 36424 ----a-w- d:\documents and settings\drummer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-10 13:30 . 2009-04-18 17:21 -------- d-----w- d:\documents and settings\drummer\Application Data\uTorrent
2009-08-10 00:08 . 2009-06-18 13:30 -------- d-----w- d:\program files\SpeedFan
2009-08-09 23:37 . 2009-06-18 15:44 -------- d-----w- d:\program files\LogMeIn
2009-08-08 16:54 . 2009-05-08 07:33 -------- d-----w- d:\documents and settings\drummer\Application Data\Audacity
2009-08-01 17:40 . 2009-05-13 20:41 -------- d-----w- d:\documents and settings\drummer\Application Data\gtk-2.0
2009-07-30 20:54 . 2009-04-18 09:40 -------- d-----w- d:\program files\Launch Manager
2009-07-27 18:31 . 2009-06-30 13:45 -------- d-----w- d:\documents and settings\drummer\Application Data\LimeWire
2009-07-27 10:25 . 2009-07-27 10:25 -------- d-----w- d:\program files\IVT Corporation
2009-07-27 10:25 . 2009-04-18 09:34 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-07-23 13:06 . 2009-04-22 20:23 25280 ----a-w- d:\windows\system32\drivers\hamachi.sys
2009-07-20 12:33 . 2009-04-18 22:15 -------- d-----w- d:\documents and settings\drummer\Application Data\BSplayer
2009-07-14 18:01 . 2004-07-17 09:36 163644 ----a-w- d:\windows\system32\drivers\secdrv.sys
2009-07-09 14:50 . 2009-04-18 22:15 -------- d-----w- d:\program files\BS_Player
2009-07-09 12:50 . 2009-07-09 12:50 -------- d-----w- d:\documents and settings\All Users\Application Data\Blizzard
2009-07-09 11:24 . 2001-08-23 19:00 4224 ----a-w- d:\windows\system32\drivers\beep.sys
2009-07-05 11:20 . 2009-04-26 13:38 -------- d-----w- d:\program files\Google
2009-07-02 10:20 . 2009-06-27 14:54 -------- d-----w- d:\documents and settings\drummer\Application Data\ICQ
2009-06-30 13:44 . 2009-06-30 13:44 410984 ----a-w- d:\windows\system32\deploytk.dll
2009-06-30 13:44 . 2009-06-30 13:44 -------- d-----w- d:\program files\Java
2009-06-30 13:44 . 2009-06-30 13:44 152576 ----a-w- d:\documents and settings\drummer\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-28 01:22 . 2009-06-26 17:58 -------- d-----w- d:\program files\ICQ6Toolbar
2009-06-27 17:42 . 2009-06-27 17:42 -------- d-----w- d:\documents and settings\drummer\Application Data\DivX
2009-06-27 15:35 . 2009-06-27 15:32 -------- d-----w- d:\program files\ICQ6.5
2009-06-27 15:34 . 2009-06-26 17:58 -------- d-----w- d:\documents and settings\All Users\Application Data\ICQ
2009-06-27 15:33 . 2009-06-27 14:53 -------- d-----w- d:\program files\ICQ6
2009-06-27 14:39 . 2009-06-26 23:17 -------- d-----w- d:\documents and settings\drummer\Application Data\ICQLite
2009-06-18 15:44 . 2009-06-18 15:44 -------- d-----w- d:\documents and settings\All Users\Application Data\LogMeIn
2009-06-17 20:57 . 2009-06-17 20:57 -------- d-----w- d:\program files\Atheros
2009-06-17 20:57 . 2009-04-25 14:16 -------- d-----w- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-21 19:12 . 2009-05-21 19:12 78376 ----a-w- d:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-21 19:02 . 2009-05-21 18:55 52770576 ----a-w- d:\documents and settings\drummer\Application Data\Sony Setup\64993CD0-67D1-4244-A2BC-FD73F4DA5B62\dotnetfx3.exe
2009-07-05 11:20 . 2009-07-05 11:20 122880 ----a-w- d:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- d:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- d:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2004-08-03 22:56 1134080 0657A5B234A9ABB3F0B63E2F422220B5 d:\windows\system32\WININET.DLL
[-] 2004-08-03 22:56 1134080 0657A5B234A9ABB3F0B63E2F422220B5 d:\windows\system32\dllcache\wininet.dll

[-] 2004-08-03 22:56 2710528 8A5CD5A66652EF0C3A1DA80E1BBD13AA d:\windows\explorer.exe
[-] 2004-08-03 22:56 2710528 8A5CD5A66652EF0C3A1DA80E1BBD13AA d:\windows\system32\dllcache\explorer.exe

[-] 2004-08-03 22:56 247808 90F22357BDE642442720A09BBCF8031E d:\windows\system32\wuauclt.exe
[-] 2004-08-03 22:56 247808 90F22357BDE642442720A09BBCF8031E d:\windows\system32\dllcache\wuauclt.exe

[-] 2004-08-03 22:56 5198336 A2793E050FE486677885C3F27CCC0C9E d:\windows\system32\MSHTML.DLL
[-] 2004-08-03 22:56 5198336 A2793E050FE486677885C3F27CCC0C9E d:\windows\system32\dllcache\mshtml.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-08-10_18.35.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-10 21:33 . 2009-08-10 21:33 16384 d:\windows\Temp\Perflib_Perfdata_ca8.dat
+ 2009-08-10 21:33 . 2009-08-10 21:33 16384 d:\windows\Temp\Perflib_Perfdata_80.dat
+ 2009-08-10 21:33 . 2009-08-10 21:33 16384 d:\windows\Temp\Perflib_Perfdata_668.dat
- 2001-08-23 19:00 . 2009-08-09 17:12 66778 d:\windows\system32\perfc009.dat
+ 2001-08-23 19:00 . 2009-08-10 18:39 66778 d:\windows\system32\perfc009.dat
- 2009-08-10 18:33 . 2009-08-10 18:33 8192 d:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
+ 2009-08-10 21:31 . 2009-08-10 21:31 8192 d:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
- 2009-08-10 18:33 . 2009-08-10 18:33 8192 d:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
+ 2009-08-10 21:31 . 2009-08-10 21:31 8192 d:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
+ 2001-08-23 19:00 . 2009-08-10 18:39 428160 d:\windows\system32\perfh009.dat
- 2001-08-23 19:00 . 2009-08-09 17:12 428160 d:\windows\system32\perfh009.dat
- 2009-04-20 21:15 . 2009-04-20 21:15 321144 d:\windows\system\taksmgr.exe
+ 2009-04-20 21:15 . 2009-08-10 21:28 321144 d:\windows\system\taksmgr.exe
+ 2009-08-10 21:31 . 2009-08-10 21:31 294912 d:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
- 2009-08-10 18:33 . 2009-08-10 18:33 294912 d:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
+ 2009-08-10 21:31 . 2009-08-10 21:31 225280 d:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
- 2009-08-10 18:33 . 2009-08-10 18:33 225280 d:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
- 2009-08-10 18:33 . 2009-08-10 18:33 225280 d:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-10 21:31 . 2009-08-10 21:31 225280 d:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-10 21:31 . 2009-08-10 21:31 5373952 d:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
- 2009-08-10 18:33 . 2009-08-10 18:33 5373952 d:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2008-09-02 14:05 398776 ----a-w- d:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-05-21 06:25 2094616 ----a-w- d:\program files\BS_Player\tbBS_1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "d:\program files\BS_Player\tbBS_1.dll" [2009-05-21 2094616]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "d:\program files\BS_Player\tbBS_1.dll" [2009-05-21 2094616]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="d:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-20 81920]
"Skype"="d:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
"msnmsgr"="d:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"SpybotSD TeaTimer"="e:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"Google Update"="d:\documents and settings\drummer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-11 133104]
"ALLUpdate"="e:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="d:\progra~1\LAUNCH~1\LManager.exe" [2007-07-23 752136]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2009-02-20 8433664]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2009-02-20 81920]
"egui"="d:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"NeroFilterCheck"="d:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"H2O"="d:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]
"LogMeIn GUI"="d:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-06-30 148888]
"Google Desktop Search"="d:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-07-05 30192]
"RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.EXE [2008-09-30 16864768]
"nwiz"="nwiz.exe" - d:\windows\system32\nwiz.exe [2009-02-20 1626112]

d:\documents and settings\drummer\Start Menu\Programs\Startup\
hamachi.lnk - d:\program files\Hamachi\hamachi.exe [2009-7-23 625952]
Y'z Toolbar.lnk - d:\windows\Packs\Crystal XP\YzToolbar\YzToolbar.exe [2009-4-20 90112]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - e:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
BlueSoleil.lnk - d:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2009-7-27 1183744]
InterVideo WinCinema Manager.lnk - e:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-5-17 114688]
Microsoft Office.lnk - e:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-7 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 18:35 87352 ----a-w- d:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"e:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"e:\\Program Files\\Valve\\hl.exe"=
"d:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Worms 4 Mayhem\\Worms 4 - Mayhem\\WORMS 4 MAYHEM.EXE"=
"e:\\worms\\WWP\\wwp.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 epfwtdir;epfwtdir;d:\windows\system32\drivers\epfwtdir.sys [21.12.2007 8:21 33800]
R2 ekrn;Eset Service;d:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 8:21 468224]
R2 ICQ Service;ICQ Service;d:\program files\ICQ6Toolbar\ICQ Service.exe [26.6.2009 19:58 222968]
R2 LMIInfo;LogMeIn Kernel Information Provider;d:\program files\LogMeIn\x86\rainfo.sys [24.7.2008 18:46 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;d:\windows\system32\drivers\LMIRfsDriver.sys [18.6.2009 17:44 47640]
R3 CLEDX;Team H2O CLEDX service;d:\windows\system32\drivers\cledx.sys [27.4.2009 18:38 33792]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;d:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5.7.2009 13:20 30192]
S3 iadusb;MT882;d:\windows\system32\drivers\glauiad.sys [19.7.2009 17:23 30336]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-08-08 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-08-09 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1979792683-725345543-1003Core.job
- d:\documents and settings\drummer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-11 18:16]

2009-08-10 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1979792683-725345543-1003UA.job
- d:\documents and settings\drummer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-11 18:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.bearshare.com/intl/
uInternet Connection Wizard,ShellNext = login.live.com/ppsecure/sha1auth.srf?lc=1033
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
TCP: {512B50B8-37F8-4254-AA4E-70F697A51494} = 77.239.64.19,77.239.64.20
FF - ProfilePath - d:\documents and settings\drummer\Application Data\Mozilla\Firefox\Profiles\v28llpsn.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: d:\documents and settings\drummer\Application Data\Mozilla\Firefox\Profiles\v28llpsn.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFAlert.dll
FF - component: d:\documents and settings\drummer\Application Data\Mozilla\Firefox\Profiles\v28llpsn.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: d:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: d:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: d:\documents and settings\drummer\Application Data\Mozilla\Firefox\Profiles\v28llpsn.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: d:\documents and settings\drummer\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: e:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF - plugin: e:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: e:\program files\DivX\DivX Web Player\npdivx32.dll
FF - plugin: e:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: e:\program files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-08-10 23:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-1979792683-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0D652261-5448-9EDE-3CCB-097AABB7C6BF}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hanffdagmghdhjno"=hex:61,61,00,7c
"janffdagmghdhjnoamen"=hex:63,61,6d,70,64,67,00,7c
"pafhiebijaefgmnlkidbdklaeknimjij"=hex:64,61,65,6a,61,69,6e,64,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(900)
d:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(2768-)
d:\windows\system32\CRYPT32.dll
d:\windows\system32\MSASN1.dll
d:\windows\System32\cscui.dll
d:\windows\system32\ntshrui.dll
d:\windows\system32\SETUPAPI.dll
d:\windows\system32\NETSHELL.dll
d:\windows\system32\credui.dll
e:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
d:\windows\system32\nvcpl.dll
d:\windows\system32\MSVCP60.dll
d:\windows\system32\nvapi.dll
d:\windows\system32\nvshell.dll
d:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
d:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\program files\Bonjour\mDNSResponder.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\LogMeIn\x86\ramaint.exe
d:\program files\LogMeIn\x86\LogMeIn.exe
d:\program files\LogMeIn\x86\LMIGuardian.exe
d:\program files\NVIDIA Corporation\nTune\nTuneService.exe
d:\windows\system32\nvsvc32.exe
d:\windows\system32\wdfmgr.exe
d:\windows\system32\rundll32.exe
d:\program files\LogMeIn\x86\LMIGuardian.exe
d:\docume~1\drummer\LOCALS~1\temp\RtkBtMnt.exe
d:\program files\Skype\Plugin Manager\skypePM.exe
d:\windows\system32\wscntfy.exe
d:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Completion time: 2009-08-10 23:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-10 21:36
ComboFix2.txt 2009-08-10 18:38
ComboFix3.txt 2009-04-26 20:50

Pre-Run: 2.250.158.080 bytes free
Post-Run: 2.182.615.040 bytes free

299

Dopuna: 11 Avg 2009 0:30

??? Very Happy imal' shta Smile

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Ima Smile

Obriši taj ComboFix.

Preuzmi novu verziju sa linka gore i ponovi postupak sa CFScript koju sam ti napisao.


Napomena: Nemoj deinstalirati ComboFix već ga samo obriši sa desktopa.

offline
  • Pridružio: 26 Apr 2009
  • Poruke: 42
  • Gde živiš: Bijeljina

Napisano: 11 Avg 2009 20:51

ComboFix 09-08-10.06 - drummer 11.08.2009 20:40.5.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1791.1134 [GMT 2:00]
Running from: d:\documents and settings\drummer\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\drummer\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FILE ::
"d:\documents and settings\drummer\Application Data\taskeng.exe"
"d:\program files\NetMeeting\secedit.exe"
"d:\windows\system\taksmgr.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\documents and settings\drummer\Application Data\taskeng.exe
d:\program files\Internet Explorer\ods.exe
d:\program files\NetMeeting\secedit.exe
d:\windows\system\taksmgr.exe
d:\windows\system32\drivers\npf.sys
d:\windows\system32\Packet.dll
d:\windows\system32\pthreadVC.dll
d:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((( Files Created from 2009-07-11 to 2009-08-11 )))))))))))))))))))))))))))))))
.

2009-08-10 13:34 . 2009-08-10 13:34 -------- d-----w- d:\documents and settings\drummer\Application Data\MAGIX
2009-08-10 13:34 . 2001-05-16 15:54 309616 ----a-w- d:\windows\system32\wmv8dmod.dll
2009-08-10 13:34 . 2001-05-11 11:18 420240 ----a-w- d:\windows\system32\mpg4c32.dll
2009-08-10 13:32 . 2007-04-27 08:43 120200 ----a-w- d:\windows\system32\DLLDEV32i.dll
2009-08-10 13:31 . 2009-08-10 13:40 -------- d-----w- d:\windows\system32\MAGIX
2009-08-10 13:31 . 2008-04-15 14:14 700416 ----a-w- d:\windows\system32\mgxoschk.dll
2009-08-06 20:48 . 2009-08-06 20:48 -------- d-----w- d:\documents and settings\drummer\Application Data\pokerth
2009-08-04 13:41 . 2009-08-11 18:14 -------- d-----w- d:\documents and settings\All Users\Application Data\Messenger Plus!
2009-08-04 13:25 . 2009-08-04 13:25 -------- d-----w- d:\program files\Messenger Plus! Live
2009-07-27 10:43 . 2009-07-27 10:43 -------- d-----w- d:\documents and settings\All Users\Application Data\Bluetooth
2009-07-27 10:26 . 2004-08-03 22:56 53760 ----a-w- d:\windows\system32\drivers\vfwwdm32.dll
2009-07-23 15:57 . 2009-07-23 15:57 73728 ----a-w- d:\windows\system32\np_plugin.dll
2009-07-23 13:06 . 2009-07-23 13:07 -------- d-----w- d:\program files\Hamachi
2009-07-23 11:41 . 2009-07-23 11:41 -------- d-----w- d:\documents and settings\drummer\Local Settings\Application Data\Ahead
2009-07-21 12:15 . 2009-07-21 12:28 978 ----a-w- d:\windows\eReg.dat
2009-07-19 15:23 . 2006-03-20 07:32 30336 ----a-w- d:\windows\system32\drivers\glauiad.sys
2009-07-19 15:23 . 2005-08-22 09:22 38400 ----a-w- d:\windows\system32\CoInst.dll
2009-07-19 15:23 . 2009-07-19 15:23 -------- d-----w- d:\program files\MT882
2009-07-19 11:03 . 2007-07-23 21:11 356352 ----a-w- d:\windows\system32\nvunrm.exe
2009-07-19 11:02 . 2007-07-23 21:11 110592 ----a-w- d:\windows\system32\drivers\nvtcp.sys
2009-07-19 11:02 . 2007-07-23 21:11 927616 ----a-w- d:\windows\system32\drivers\nvnrm.sys
2009-07-19 11:02 . 2007-07-23 21:11 9216 ----a-w- d:\windows\system32\bdco1.dll
2009-07-19 11:02 . 2007-07-23 21:11 46720 ----a-w- d:\windows\system32\drivers\NVENETFD.sys
2009-07-19 11:02 . 2007-07-23 21:11 37888 ----a-w- d:\windows\system32\nvconrm.dll
2009-07-19 11:02 . 2007-07-23 21:11 261632 ----a-w- d:\windows\system32\drivers\nvsnpu.sys
2009-07-19 11:02 . 2007-07-23 21:11 19968 ----a-w- d:\windows\system32\drivers\nvnetbus.sys
2009-07-19 11:02 . 2007-07-23 21:11 196096 ----a-w- d:\windows\system32\fdco1.dll
2009-07-18 11:57 . 2009-07-18 11:57 -------- d-----w- d:\program files\Windows Journal Viewer
2009-07-17 15:18 . 2009-08-02 10:20 -------- d-----w- d:\documents and settings\drummer\Local Settings\Application Data\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-11 18:44 . 2009-04-18 10:07 -------- d-----w- d:\documents and settings\drummer\Application Data\Skype
2009-08-11 14:03 . 2009-04-18 10:08 -------- d-----w- d:\documents and settings\drummer\Application Data\skypePM
2009-08-11 11:53 . 2009-04-22 20:23 -------- d-----w- d:\documents and settings\drummer\Application Data\Hamachi
2009-08-11 02:18 . 2009-06-18 15:44 -------- d-----w- d:\program files\LogMeIn
2009-08-11 01:40 . 2009-06-18 13:30 -------- d-----w- d:\program files\SpeedFan
2009-08-11 00:45 . 2009-05-08 07:33 -------- d-----w- d:\documents and settings\drummer\Application Data\Audacity
2009-08-10 13:39 . 2009-08-10 13:33 -------- d-----w- d:\documents and settings\All Users\Application Data\MAGIX
2009-08-10 13:35 . 2009-04-18 09:53 36424 ----a-w- d:\documents and settings\drummer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-10 13:30 . 2009-04-18 17:21 -------- d-----w- d:\documents and settings\drummer\Application Data\uTorrent
2009-08-01 17:40 . 2009-05-13 20:41 -------- d-----w- d:\documents and settings\drummer\Application Data\gtk-2.0
2009-07-30 20:54 . 2009-04-18 09:40 -------- d-----w- d:\program files\Launch Manager
2009-07-27 18:31 . 2009-06-30 13:45 -------- d-----w- d:\documents and settings\drummer\Application Data\LimeWire
2009-07-27 10:25 . 2009-07-27 10:25 -------- d-----w- d:\program files\IVT Corporation
2009-07-27 10:25 . 2009-04-18 09:34 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-07-23 13:06 . 2009-04-22 20:23 25280 ----a-w- d:\windows\system32\drivers\hamachi.sys
2009-07-20 12:33 . 2009-04-18 22:15 -------- d-----w- d:\documents and settings\drummer\Application Data\BSplayer
2009-07-14 18:01 . 2004-07-17 09:36 163644 ----a-w- d:\windows\system32\drivers\secdrv.sys
2009-07-09 14:50 . 2009-04-18 22:15 -------- d-----w- d:\program files\BS_Player
2009-07-09 12:50 . 2009-07-09 12:50 -------- d-----w- d:\documents and settings\All Users\Application Data\Blizzard
2009-07-09 11:24 . 2001-08-23 19:00 4224 ----a-w- d:\windows\system32\drivers\beep.sys
2009-07-05 11:20 . 2009-04-26 13:38 -------- d-----w- d:\program files\Google
2009-07-02 10:20 . 2009-06-27 14:54 -------- d-----w- d:\documents and settings\drummer\Application Data\ICQ
2009-06-30 13:44 . 2009-06-30 13:44 410984 ----a-w- d:\windows\system32\deploytk.dll
2009-06-30 13:44 . 2009-06-30 13:44 -------- d-----w- d:\program files\Java
2009-06-30 13:44 . 2009-06-30 13:44 152576 ----a-w- d:\documents and settings\drummer\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-28 01:22 . 2009-06-26 17:58 -------- d-----w- d:\program files\ICQ6Toolbar
2009-06-27 17:42 . 2009-06-27 17:42 -------- d-----w- d:\documents and settings\drummer\Application Data\DivX
2009-06-27 15:35 . 2009-06-27 15:32 -------- d-----w- d:\program files\ICQ6.5
2009-06-27 15:34 . 2009-06-26 17:58 -------- d-----w- d:\documents and settings\All Users\Application Data\ICQ
2009-06-27 15:33 . 2009-06-27 14:53 -------- d-----w- d:\program files\ICQ6
2009-06-27 14:39 . 2009-06-26 23:17 -------- d-----w- d:\documents and settings\drummer\Application Data\ICQLite
2009-06-18 15:44 . 2009-06-18 15:44 -------- d-----w- d:\documents and settings\All Users\Application Data\LogMeIn
2009-06-17 20:57 . 2009-06-17 20:57 -------- d-----w- d:\program files\Atheros
2009-06-17 20:57 . 2009-04-25 14:16 -------- d-----w- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-21 19:12 . 2009-05-21 19:12 78376 ----a-w- d:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-21 19:02 . 2009-05-21 18:55 52770576 ----a-w- d:\documents and settings\drummer\Application Data\Sony Setup\64993CD0-67D1-4244-A2BC-FD73F4DA5B62\dotnetfx3.exe
2009-07-05 11:20 . 2009-07-05 11:20 122880 ----a-w- d:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- d:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- d:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2004-08-03 22:56 1134080 0657A5B234A9ABB3F0B63E2F422220B5 d:\windows\system32\WININET.DLL
[-] 2004-08-03 22:56 1134080 0657A5B234A9ABB3F0B63E2F422220B5 d:\windows\system32\dllcache\wininet.dll

[-] 2004-08-03 22:56 2710528 8A5CD5A66652EF0C3A1DA80E1BBD13AA d:\windows\explorer.exe
[-] 2004-08-03 22:56 2710528 8A5CD5A66652EF0C3A1DA80E1BBD13AA d:\windows\system32\dllcache\explorer.exe

[-] 2004-08-03 22:56 247808 90F22357BDE642442720A09BBCF8031E d:\windows\system32\wuauclt.exe
[-] 2004-08-03 22:56 247808 90F22357BDE642442720A09BBCF8031E d:\windows\system32\dllcache\wuauclt.exe

[-] 2004-08-03 22:56 5198336 A2793E050FE486677885C3F27CCC0C9E d:\windows\system32\MSHTML.DLL
[-] 2004-08-03 22:56 5198336 A2793E050FE486677885C3F27CCC0C9E d:\windows\system32\dllcache\mshtml.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-08-10_18.35.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-11 11:52 . 2009-08-11 11:52 16384 d:\windows\Temp\Perflib_Perfdata_780.dat
+ 2009-08-11 11:52 . 2009-08-11 11:52 16384 d:\windows\Temp\Perflib_Perfdata_2ec.dat
- 2001-08-23 19:00 . 2009-08-09 17:12 66778 d:\windows\system32\perfc009.dat
+ 2001-08-23 19:00 . 2009-08-11 11:56 66778 d:\windows\system32\perfc009.dat
- 2009-08-10 18:33 . 2009-08-10 18:33 8192 d:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
+ 2009-08-10 21:31 . 2009-08-10 21:31 8192 d:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
- 2009-08-10 18:33 . 2009-08-10 18:33 8192 d:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
+ 2009-08-10 21:31 . 2009-08-10 21:31 8192 d:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
+ 2001-08-23 19:00 . 2009-08-11 11:56 428160 d:\windows\system32\perfh009.dat
- 2001-08-23 19:00 . 2009-08-09 17:12 428160 d:\windows\system32\perfh009.dat
- 2009-08-10 18:33 . 2009-08-10 18:33 294912 d:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
+ 2009-08-10 21:31 . 2009-08-10 21:31 294912 d:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
- 2009-08-10 18:33 . 2009-08-10 18:33 225280 d:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
+ 2009-08-10 21:31 . 2009-08-10 21:31 225280 d:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
- 2009-08-10 18:33 . 2009-08-10 18:33 225280 d:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-10 21:31 . 2009-08-10 21:31 225280 d:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-10 21:31 . 2009-08-10 21:31 5373952 d:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
- 2009-08-10 18:33 . 2009-08-10 18:33 5373952 d:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2008-09-02 14:05 398776 ----a-w- d:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-05-21 06:25 2094616 ----a-w- d:\program files\BS_Player\tbBS_1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "d:\program files\BS_Player\tbBS_1.dll" [2009-05-21 2094616]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "d:\program files\BS_Player\tbBS_1.dll" [2009-05-21 2094616]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="d:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-20 81920]
"Skype"="d:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
"msnmsgr"="d:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"SpybotSD TeaTimer"="e:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"Google Update"="d:\documents and settings\drummer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-11 133104]
"ALLUpdate"="e:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="d:\progra~1\LAUNCH~1\LManager.exe" [2007-07-23 752136]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2009-02-20 8433664]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2009-02-20 81920]
"egui"="d:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"NeroFilterCheck"="d:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"H2O"="d:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]
"LogMeIn GUI"="d:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-06-30 148888]
"Google Desktop Search"="d:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-07-05 30192]
"RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.EXE [2008-09-30 16864768]
"nwiz"="nwiz.exe" - d:\windows\system32\nwiz.exe [2009-02-20 1626112]

d:\documents and settings\drummer\Start Menu\Programs\Startup\
hamachi.lnk - d:\program files\Hamachi\hamachi.exe [2009-7-23 625952]
Y'z Toolbar.lnk - d:\windows\Packs\Crystal XP\YzToolbar\YzToolbar.exe [2009-4-20 90112]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - e:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
BlueSoleil.lnk - d:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2009-7-27 1183744]
InterVideo WinCinema Manager.lnk - e:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-5-17 114688]
Microsoft Office.lnk - e:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-7 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 18:35 87352 ----a-w- d:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"e:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"e:\\Program Files\\Valve\\hl.exe"=
"d:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Worms 4 Mayhem\\Worms 4 - Mayhem\\WORMS 4 MAYHEM.EXE"=
"e:\\worms\\WWP\\wwp.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 epfwtdir;epfwtdir;d:\windows\system32\drivers\epfwtdir.sys [21.12.2007 8:21 33800]
R2 ekrn;Eset Service;d:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 8:21 468224]
R2 ICQ Service;ICQ Service;d:\program files\ICQ6Toolbar\ICQ Service.exe [26.6.2009 19:58 222968]
R2 LMIInfo;LogMeIn Kernel Information Provider;d:\program files\LogMeIn\x86\rainfo.sys [24.7.2008 18:46 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;d:\windows\system32\drivers\LMIRfsDriver.sys [18.6.2009 17:44 47640]
R3 CLEDX;Team H2O CLEDX service;d:\windows\system32\drivers\cledx.sys [27.4.2009 18:38 33792]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;d:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5.7.2009 13:20 30192]
S3 iadusb;MT882;d:\windows\system32\drivers\glauiad.sys [19.7.2009 17:23 30336]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-08-08 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-08-09 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1979792683-725345543-1003Core.job
- d:\documents and settings\drummer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-11 18:16]

2009-08-11 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1979792683-725345543-1003UA.job
- d:\documents and settings\drummer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-11 18:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.bearshare.com/intl/
uInternet Connection Wizard,ShellNext = login.live.com/ppsecure/sha1auth.srf?lc=1033
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
TCP: {512B50B8-37F8-4254-AA4E-70F697A51494} = 77.239.64.19,77.239.64.20
FF - ProfilePath - d:\documents and settings\drummer\Application Data\Mozilla\Firefox\Profiles\v28llpsn.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: d:\documents and settings\drummer\Application Data\Mozilla\Firefox\Profiles\v28llpsn.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFAlert.dll
FF - component: d:\documents and settings\drummer\Application Data\Mozilla\Firefox\Profiles\v28llpsn.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: d:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: d:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: d:\documents and settings\drummer\Application Data\Mozilla\Firefox\Profiles\v28llpsn.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: d:\documents and settings\drummer\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: e:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF - plugin: e:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: e:\program files\DivX\DivX Web Player\npdivx32.dll
FF - plugin: e:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: e:\program files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-08-11 20:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-1979792683-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0D652261-5448-9EDE-3CCB-097AABB7C6BF}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hanffdagmghdhjno"=hex:61,61,00,7c
"janffdagmghdhjnoamen"=hex:63,61,6d,70,64,67,00,7c
"pafhiebijaefgmnlkidbdklaeknimjij"=hex:64,61,65,6a,61,69,6e,64,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(896)
d:\windows\system32\LMIinit.dll
.
Completion time: 2009-08-11 20:45
ComboFix-quarantined-files.txt 2009-08-11 18:45
ComboFix2.txt 2009-08-10 21:36
ComboFix3.txt 2009-08-10 18:38
ComboFix4.txt 2009-04-26 20:50

Pre-Run: 2.086.400.000 bytes free
Post-Run: 2.027.507.712 bytes free

265

Dopuna: 11 Avg 2009 21:17

Jel' sad valja?? Very Happy

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Kakvo je sada stanje?

Ko je trenutno na forumu
 

Ukupno su 922 korisnika na forumu :: 73 registrovanih, 10 sakrivenih i 839 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: alkatraz080, armor, arzak, Atomski čoban, b_z_b, bojank, bojcistv, Boter, dragoljub11987, Duh sa sekirom, dule10savic, Dulmitur, famoso, FileFinder, Frunze, goflja76, goran.vvv, Griffon vulture, ikan, indja, ivan979, JOntra, krlebgd77, kunktator, kybonacci, ladro, Leonov, M1los, Mahovljani, Marko Marković, mercedesamg, mgolub, milos.cbr, mkukoleca, Mlav, mnn2, moldway, mrvica78, Nobunaga, nobutado, nuke92, opt1, Oscar, pacika, Panter, Paor, pceklic, pein, peruni, powSrb, Profica, proka89, Rabit, Ravac, raykan, RJ, RobinHood12, rodoljub, sajkaca, slonic_tonic, solic, Stoilkovic, strn, Stuka76, tmanda323, tubular, upitnik, vaso1, VJ, Vlad000, W123, ween, Zoca