[ lukas19 @ 06.01.2010. 18:50 ] @
Imam problem sa virusom kojeg ne mogu da uklonim. Pokusavao sam da ga uklonim sa allatkicama poput "dr web curite", Malwarebytes' Anti-Malware, avast-home, combofix, ali nista.... Ima li ko resenje? Dole sam okacio logo fajl combofix-a i Hijacka ComboFix 10-01-04.01 - Administrator 01/06/2010 7:38.6.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1919.1504 [GMT 1:00] Running from: c:\users\Administrator\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\users\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ----- BITS: Possible infected sites ----- hxxp://au.download.j+|Cv+@J:NGD_DQ{zcxLJS@ c:\windows\system32\logonui.exe . . . is infected!! . ((((((((((((((((((((((((( Files Created from 2009-12-06 to 2010-01-06 ))))))))))))))))))))))))))))))) . 2010-01-06 05:53 . 2010-01-06 05:53 -------- d-----w- c:\users\Administrator\Application Data\Malwarebytes 2010-01-06 05:53 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-06 05:53 . 2010-01-06 05:53 -------- d-----w- c:\users\All Users\Application Data\Malwarebytes 2010-01-06 05:53 . 2010-01-06 05:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-06 05:53 . 2009-12-30 13:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-06 05:51 . 2010-01-06 05:52 -------- d-----w- c:\program files\RogueRemover FREE 2010-01-06 05:50 . 2010-01-06 06:17 -------- d-----w- c:\users\Administrator\Application Data\Software Informer 2010-01-06 05:50 . 2010-01-06 05:50 -------- d-----w- c:\program files\Software Informer 2010-01-06 03:42 . 2001-08-17 01:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2010-01-06 03:42 . 2008-04-13 12:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2010-01-06 00:32 . 2010-01-06 00:32 -------- d-----w- c:\users\Administrator\Local Settings\Application Data\Adobe 2010-01-05 23:13 . 2010-01-06 01:49 -------- d-----w- c:\users\Administrator\DoctorWeb 2010-01-05 22:50 . 2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe 2010-01-05 21:58 . 2010-01-05 21:58 -------- d-----w- c:\users\Default User\Local Settings\Application Data\Microsoft Help 2010-01-05 21:42 . 2010-01-05 21:42 -------- d-----w- c:\program files\MSXML 4.0 2010-01-05 21:08 . 2006-08-01 07:02 49152 ------r- c:\windows\system32\ChCfg.exe 2010-01-05 21:07 . 2010-01-05 21:07 -------- d-----w- c:\program files\Realtek 2010-01-05 21:07 . 2010-01-05 21:07 315392 ----a-w- c:\windows\HideWin.exe 2010-01-05 21:07 . 2007-07-26 09:09 520192 ------r- c:\windows\RtlExUpd.dll 2010-01-05 08:24 . 2009-10-29 07:45 17408 ------w- c:\windows\system32\dllcache\corpol.dll 2010-01-05 08:24 . 2009-10-29 07:45 78336 ------w- c:\windows\system32\dllcache\ieencode.dll 2010-01-05 08:23 . 2009-06-12 12:31 80896 ------w- c:\windows\system32\dllcache\tlntsess.exe 2010-01-05 08:23 . 2009-06-12 12:31 76288 ------w- c:\windows\system32\dllcache\telnet.exe 2010-01-05 08:21 . 2009-10-12 13:38 149504 ------w- c:\windows\system32\dllcache\rastls.dll 2010-01-05 08:21 . 2009-10-12 13:38 79872 ------w- c:\windows\system32\dllcache\raschap.dll 2010-01-05 08:21 . 2009-07-17 16:22 1435648 ------w- c:\windows\system32\dllcache\query.dll 2010-01-05 08:20 . 2009-07-29 04:37 81920 ------w- c:\windows\system32\dllcache\fontsub.dll 2010-01-05 08:20 . 2009-07-29 04:37 119808 ------w- c:\windows\system32\dllcache\t2embed.dll 2010-01-05 08:16 . 2009-06-10 06:17 134144 ------w- c:\windows\system32\dllcache\wkssvc.dll 2010-01-05 08:16 . 2009-06-10 14:13 84992 ------w- c:\windows\system32\dllcache\avifil32.dll 2010-01-05 08:15 . 2009-08-26 08:00 247326 ------w- c:\windows\system32\dllcache\strmdll.dll 2010-01-05 08:15 . 2009-05-07 15:14 346112 ------w- c:\windows\system32\dllcache\localspl.dll 2010-01-05 08:15 . 2009-06-03 19:09 1291264 ------w- c:\windows\system32\dllcache\quartz.dll 2010-01-05 08:14 . 2008-06-12 14:23 956928 ------w- c:\windows\system32\dllcache\msdtctm.dll 2010-01-05 08:14 . 2008-06-12 14:23 91648 ------w- c:\windows\system32\dllcache\mtxoci.dll 2010-01-05 08:14 . 2008-06-12 14:23 66560 ------w- c:\windows\system32\dllcache\mtxclu.dll 2010-01-05 08:14 . 2008-06-12 14:23 58880 ------w- c:\windows\system32\dllcache\msdtclog.dll 2010-01-05 08:14 . 2008-06-12 14:23 161792 ------w- c:\windows\system32\dllcache\msdtcuiu.dll 2010-01-05 08:14 . 2009-09-04 21:03 58880 ------w- c:\windows\system32\dllcache\msasn1.dll 2010-01-05 08:14 . 2009-07-17 19:01 58880 ------w- c:\windows\system32\dllcache\atl.dll 2010-01-05 08:08 . 2009-10-13 10:38 270336 ------w- c:\windows\system32\dllcache\oakley.dll 2010-01-05 08:07 . 2009-04-15 14:51 585216 ------w- c:\windows\system32\dllcache\rpcrt4.dll 2010-01-05 08:07 . 2008-12-16 12:30 354304 ------w- c:\windows\system32\dllcache\winhttp.dll 2010-01-05 08:06 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll 2010-01-05 07:57 . 2009-09-06 07:09 126976 ------w- c:\windows\system32\dllcache\ftpsvc2.dll 2010-01-05 07:48 . 2009-05-21 18:46 268288 ------w- c:\windows\system32\dllcache\httpext.dll 2010-01-05 07:25 . 2009-06-09 15:21 2067968 ------w- c:\windows\system32\dllcache\mstscax.dll 2010-01-05 07:24 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll 2010-01-05 07:24 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll 2010-01-05 07:24 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll 2010-01-05 07:24 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll 2010-01-05 07:24 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll 2010-01-05 07:24 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe 2010-01-05 07:24 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe 2010-01-05 07:24 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe 2010-01-05 07:24 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll 2010-01-05 07:17 . 2009-06-21 21:49 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2010-01-05 07:05 . 2009-09-11 14:13 136704 ------w- c:\windows\system32\dllcache\msv1_0.dll 2010-01-05 07:05 . 2009-06-25 08:41 56832 ------w- c:\windows\system32\dllcache\secur32.dll 2010-01-05 07:05 . 2009-06-25 08:41 54272 ------w- c:\windows\system32\dllcache\wdigest.dll 2010-01-05 07:05 . 2009-06-25 08:41 301568 ------w- c:\windows\system32\dllcache\kerberos.dll 2010-01-05 07:05 . 2009-06-24 10:28 92928 ------w- c:\windows\system32\dllcache\ksecdd.sys 2010-01-05 07:03 . 2009-07-31 04:24 1447424 ------w- c:\windows\system32\dllcache\msxml6.dll 2010-01-05 07:03 . 2009-07-31 04:24 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll 2010-01-05 07:01 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll 2010-01-05 06:46 . 2009-08-04 15:13 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe 2010-01-05 06:46 . 2009-08-04 14:20 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe 2010-01-05 06:46 . 2009-08-04 14:20 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe 2010-01-05 06:31 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll 2010-01-05 06:31 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe 2010-01-05 06:30 . 2009-08-13 15:02 512000 ------w- c:\windows\system32\dllcache\jscript.dll 2010-01-05 03:32 . 2010-01-05 03:32 0 ----a-w- c:\windows\nsreg.dat 2010-01-05 03:32 . 2010-01-05 03:32 -------- d-----w- c:\users\Administrator\Local Settings\Application Data\Mozilla 2010-01-05 03:18 . 2010-01-05 21:27 -------- d-----w- c:\users\Administrator\Tracing 2010-01-05 03:17 . 2010-01-05 21:44 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-05 03:16 . 2010-01-05 03:16 -------- d-----w- c:\program files\Microsoft Office Outlook Connector 2010-01-05 03:16 . 2009-08-05 21:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys 2010-01-05 03:16 . 2010-01-05 03:16 -------- d-----w- c:\program files\Microsoft Sync Framework 2010-01-05 03:15 . 2010-01-05 03:15 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2010-01-05 03:14 . 2010-01-05 03:17 -------- d-----w- c:\program files\Microsoft 2010-01-05 03:14 . 2010-01-05 03:14 -------- d-----w- c:\program files\Windows Live SkyDrive 2010-01-05 02:48 . 2010-01-05 02:48 -------- d-----w- c:\program files\Common Files\Windows Live 2010-01-05 01:55 . 2007-05-02 08:00 546976 ----a-w- c:\windows\system32\drivers\ar5211.sys 2010-01-05 01:47 . 2010-01-05 01:47 -------- d-----w- c:\program files\ASUS 2010-01-05 00:18 . 2008-04-13 13:15 6272 ----a-w- c:\windows\system32\drivers\splitter.sys 2010-01-05 00:18 . 2008-04-13 11:09 142592 ------w- c:\windows\system32\drivers\aec.sys 2010-01-05 00:18 . 2008-04-13 13:15 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys 2010-01-05 00:18 . 2008-04-13 13:09 4992 ----a-w- c:\windows\system32\drivers\MSPQM.sys 2010-01-05 00:18 . 2008-04-13 13:15 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys 2010-01-05 00:18 . 2008-04-13 13:47 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys 2010-01-05 00:18 . 2008-04-13 13:15 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys 2010-01-05 00:18 . 2008-04-13 13:09 7552 ----a-w- c:\windows\system32\drivers\MSKSSRV.sys 2010-01-05 00:18 . 2008-04-13 13:09 5376 ----a-w- c:\windows\system32\drivers\MSPCLOCK.sys 2010-01-05 00:18 . 2008-04-13 13:15 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys 2010-01-05 00:18 . 2008-04-13 13:45 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys 2010-01-05 00:17 . 2001-08-17 02:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys 2010-01-05 00:17 . 2010-01-05 22:51 -------- d-----w- c:\windows\system32\RTCOM 2010-01-05 00:17 . 2008-04-13 17:41 4096 ----a-w- c:\windows\system32\ksuser.dll 2010-01-05 00:17 . 2008-04-13 12:15 60160 ----a-w- c:\windows\system32\drivers\drmk.sys 2010-01-05 00:17 . 2008-03-21 10:35 146048 ----a-w- c:\windows\system32\drivers\portcls.sys 2010-01-05 00:17 . 2010-01-05 00:17 -------- d-----w- c:\program files\Alwil Software 2010-01-05 00:17 . 2008-04-13 13:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys 2010-01-05 00:17 . 2008-04-13 13:06 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys 2010-01-05 00:17 . 2008-04-13 13:06 13952 ----a-w- c:\windows\system32\drivers\CmBatt.sys 2010-01-05 00:17 . 2008-04-13 13:06 14208 ----a-w- c:\windows\system32\drivers\battc.sys 2010-01-05 00:16 . 2010-01-05 00:16 0 ----a-w- c:\windows\ativpsrm.bin 2010-01-05 00:15 . 2008-04-13 18:42 81920 ----a-w- c:\windows\system32\usbui.dll 2010-01-05 00:15 . 2001-08-17 02:51 3328 ----a-w- c:\windows\system32\drivers\pciide.sys 2010-01-05 00:11 . 2009-03-08 09:10 34816 ----a-w- c:\windows\system32\irclass.dll 2010-01-05 00:07 . 2007-12-05 09:30 4632576 ------r- c:\windows\system32\drivers\RtkHDAud.sys 2010-01-05 00:07 . 2007-11-20 10:15 1826816 ------r- c:\windows\SkyTel.exe 2010-01-05 00:07 . 2007-11-07 09:31 1191936 ------r- c:\windows\RtlUpd.exe 2010-01-05 00:07 . 2007-03-23 11:19 9715200 ------r- c:\windows\RTLCPL.exe 2010-01-05 00:07 . 2006-07-21 08:14 86016 ------r- c:\windows\SoundMan.exe 2010-01-05 00:07 . 2007-11-30 10:42 16858624 ------r- c:\windows\RTHDCPL.exe 2010-01-05 00:07 . 2007-06-28 08:44 2165760 ------r- c:\windows\MicCal.exe 2010-01-05 00:07 . 2006-05-04 08:26 2808832 ------r- c:\windows\alcwzrd.exe 2010-01-05 00:06 . 2007-03-09 08:56 1163616 ----a-w- c:\windows\system32\drivers\AGRSM.sys 2010-01-05 00:06 . 2006-10-26 07:08 50752 ----a-w- c:\windows\agrsmdel.exe 2010-01-05 00:06 . 2006-10-05 06:10 9216 ----a-w- c:\windows\system32\agrsmsvc.exe 2010-01-05 00:06 . 2006-09-11 08:34 13312 ----a-w- c:\windows\system32\agrscoin.dll 2010-01-05 00:06 . 2008-10-31 02:14 117888 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys 2010-01-05 00:06 . 2008-07-17 03:35 9728 ----a-w- c:\windows\system32\RtNicProp32.dll 2010-01-05 00:04 . 2010-01-05 00:04 -------- d-----w- c:\users\Administrator\Local Settings\Application Data\GHISLER 2010-01-05 00:00 . 2006-06-19 03:37 36864 ----a-w- c:\windows\system32\drivers\AmdK8.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-06 01:42 . 2010-01-04 14:32 -------- d-----w- c:\program files\Mv2Player 2010-01-05 21:58 . 2010-01-04 14:35 -------- d-----w- c:\users\All Users\Application Data\Microsoft Help 2010-01-05 21:47 . 2010-01-04 14:33 -------- d-----w- c:\program files\Microsoft SQL Server 2010-01-05 21:28 . 2010-01-04 14:23 -------- d-----w- c:\users\Administrator\Application Data\Skype 2010-01-05 21:07 . 2010-01-04 14:01 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-05 03:16 . 2010-01-04 13:43 -------- d-----w- c:\program files\Windows Live 2010-01-05 02:48 . 2010-01-05 00:11 70448 ----a-w- c:\users\Default User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-01-05 02:31 . 2010-01-04 13:59 -------- d-----w- c:\program files\SpeedFan 2010-01-05 01:57 . 2010-01-05 01:57 -------- d-----w- c:\program files\Atheros 2010-01-05 01:51 . 2010-01-04 14:01 -------- d-----w- c:\program files\Common Files\InstallShield 2010-01-05 01:45 . 2010-01-04 13:41 -------- d-----w- c:\program files\7-Zip 2010-01-05 00:11 . 2010-01-04 13:36 15184 ----a-w- c:\users\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-01-04 23:57 . 2010-01-04 23:57 32768 ----a-w- c:\windows\~DF7082.tmp 2010-01-04 15:14 . 2010-01-04 13:24 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-01-04 15:08 . 2010-01-04 15:08 -------- d-----w- c:\users\All Users\Application Data\Atheros 2010-01-04 15:01 . 2010-01-04 15:01 -------- d-----w- c:\program files\Microsoft Works 2010-01-04 14:59 . 2010-01-04 14:35 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2010-01-04 14:47 . 2010-01-04 14:47 -------- d-----w- c:\program files\MSXML 6.0 2010-01-04 14:42 . 2010-01-04 13:51 -------- d-----w- c:\program files\Microsoft.NET 2010-01-04 14:40 . 2010-01-04 14:40 -------- d-----w- c:\program files\SQLXML 4.0 2010-01-04 14:40 . 2010-01-04 14:40 -------- d-----w- c:\program files\Microsoft Analysis Services 2010-01-04 14:35 . 2010-01-04 14:35 -------- d-----w- c:\program files\Common Files\Merge Modules 2010-01-04 14:32 . 2010-01-04 14:32 -------- d-----w- c:\users\All Users\Application Data\CyberLink 2010-01-04 14:32 . 2010-01-04 14:32 -------- d-----w- c:\program files\CyberLink 2010-01-04 14:31 . 2010-01-04 14:31 -------- d-----w- c:\program files\Webteh 2010-01-04 14:31 . 2010-01-04 14:31 -------- d-----w- c:\program files\FLV Player 2010-01-04 14:31 . 2010-01-04 14:31 -------- d-----w- c:\program files\Yahoo! 2010-01-04 14:31 . 2010-01-04 14:31 -------- d-----w- c:\users\All Users\Application Data\Yahoo! Companion 2010-01-04 14:31 . 2010-01-04 14:31 -------- d-----w- c:\users\Administrator\Application Data\Yahoo! 2010-01-04 14:30 . 2010-01-04 14:30 -------- d-----w- c:\users\Administrator\Application Data\Media Player Classic 2010-01-04 14:30 . 2010-01-04 14:30 -------- d-----w- c:\program files\Recode Media 2010-01-04 14:30 . 2010-01-04 14:30 -------- d-----w- c:\program files\XVid;-) 2010-01-04 14:29 . 2010-01-04 14:29 -------- d-----w- c:\program files\Codec Pack - All In 1 2010-01-04 14:29 . 2010-01-04 14:29 737280 ----a-w- c:\windows\iun6002.exe 2010-01-04 14:27 . 2010-01-04 14:27 -------- d-----w- c:\program files\Opera 2010-01-04 14:26 . 2010-01-04 14:26 -------- d-----w- c:\program files\Morton Benson 2010-01-04 14:26 . 2010-01-04 14:26 -------- d-----w- c:\program files\MagicDisc 2010-01-04 14:25 . 2010-01-04 14:25 -------- d-----w- c:\program files\totalcmd 2010-01-04 14:15 . 2010-01-04 14:15 -------- d-----w- c:\program files\Microsoft FrontPage 2010-01-04 14:09 . 2010-01-04 14:09 -------- d-----w- c:\program files\AMD 2010-01-04 14:09 . 2010-01-04 14:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-01-04 14:08 . 2010-01-04 14:08 -------- d-----w- c:\program files\ATI 2010-01-04 14:04 . 2010-01-04 14:04 295 ----a-w- c:\windows\system32\StartAU.cmd 2010-01-04 14:03 . 2010-01-04 13:50 -------- d-----w- c:\program files\Windows Live Safety Center 2010-01-04 14:01 . 2010-01-04 14:01 -------- d-----w- c:\program files\ATI Technologies 2010-01-04 14:00 . 2010-01-04 14:00 -------- d-----w- c:\program files\CCFile 2010-01-04 14:00 . 2010-01-04 14:00 -------- d-----w- c:\program files\XnView 2010-01-04 14:00 . 2010-01-04 14:00 -------- d-----w- c:\program files\Winamp 2010-01-04 14:00 . 2010-01-04 14:00 -------- d-----w- c:\users\Administrator\Application Data\Winamp 2010-01-04 14:00 . 2010-01-04 13:59 -------- d-----w- c:\program files\TuneUp Utilities 2009 2010-01-04 14:00 . 2010-01-04 14:00 603904 ----a-w- c:\windows\system32\TUProgSt.exe 2010-01-04 14:00 . 2010-01-04 14:00 360192 ----a-w- c:\windows\system32\TuneUpDefragService.exe 2010-01-04 14:00 . 2010-01-04 14:00 -------- d-----w- c:\users\Administrator\Application Data\TuneUp Software 2010-01-04 13:59 . 2010-01-04 13:59 -------- d-----w- c:\users\All Users\Application Data\TuneUp Software 2010-01-04 13:59 . 2010-01-04 13:59 -------- d-----r- c:\program files\Skype 2010-01-04 13:59 . 2010-01-04 13:59 -------- d-----w- c:\users\All Users\Application Data\Skype 2010-01-04 13:52 . 2010-01-04 13:52 -------- d-----w- c:\program files\PDFCreator 2010-01-04 13:52 . 2010-01-04 13:52 -------- d-----w- c:\program files\Notepad++ 2010-01-04 13:52 . 2010-01-04 13:52 -------- d-----w- c:\program files\Nero 2010-01-04 13:51 . 2010-01-04 13:51 -------- d-----w- c:\program files\Nero Burning ROM Portable 2010-01-04 13:51 . 2010-01-04 13:51 -------- d-----w- c:\program files\Microsoft ActiveSync 2010-01-04 13:42 . 2010-01-04 13:42 -------- d-----w- c:\program files\Driver Magician 2010-01-04 13:42 . 2010-01-04 13:42 -------- d-----w- c:\program files\CCleaner 2010-01-04 13:42 . 2010-01-04 13:42 -------- d-----w- c:\program files\Common Files\Adobe 2010-01-04 13:41 . 2010-01-04 13:41 -------- d-----w- c:\program files\System 2010-01-04 13:39 . 2010-01-04 13:39 -------- d---a-w- c:\program files\Utilities 2010-01-04 13:37 . 2010-01-04 13:37 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2010-01-04 13:33 . 2010-01-04 13:36 40 ----a-w- c:\users\Administrator\SetupS.reg 2010-01-04 13:33 . 2010-01-04 13:36 0 ----a-w- c:\users\Administrator\SetupS.cmd 2010-01-04 13:33 . 2010-01-04 13:33 40 ----a-w- c:\windows\system32\config\systemprofile\SetupS.reg 2010-01-04 13:33 . 2010-01-04 13:33 0 ----a-w- c:\windows\system32\config\systemprofile\SetupS.cmd 2010-01-04 13:33 . 2010-01-04 13:31 40 ----a-w- c:\users\Default User\SetupS.reg 2010-01-04 13:33 . 2010-01-04 13:31 0 ----a-w- c:\users\Default User\SetupS.cmd 2010-01-04 13:32 . 2010-01-04 13:33 410984 ----a-w- c:\windows\system32\deploytk.dll 2010-01-04 13:32 . 2010-01-04 13:32 -------- d-----w- c:\program files\Java 2010-01-04 13:29 . 2010-01-04 13:29 68936 ----a-w- c:\users\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2010-01-04 13:28 . 2010-01-04 13:28 -------- d-----w- c:\program files\MSBuild 2010-01-04 13:28 . 2010-01-04 13:28 -------- d-----w- c:\program files\Reference Assemblies 2010-01-04 13:26 . 2010-01-04 13:26 -------- d-----w- c:\program files\Windows Sidebar 2010-01-04 13:25 . 2010-01-04 13:25 -------- d-----w- c:\program files\Alky for Applications 2010-01-04 13:21 . 2010-01-04 13:21 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2010-01-04 13:21 . 2010-01-04 13:21 -------- d-----w- c:\program files\Windows Media Connect 2 2009-10-29 07:45 . 2009-03-08 09:12 841216 ------w- c:\windows\system32\wininet.dll 2009-10-29 07:45 . 2009-03-08 09:03 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-10-29 07:45 . 2009-03-08 09:03 17408 ----a-w- c:\windows\system32\corpol.dll 2009-10-13 10:38 . 2009-03-08 09:02 270336 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:38 . 2008-04-14 03:42 149504 ----a-w- c:\windows\system32\rastls.dll 2009-10-12 13:38 . 2008-04-14 03:42 79872 ----a-w- c:\windows\system32\raschap.dll . ------- Sigcheck ------- [-] 2009-03-08 . FF267FF1D773BEA5522295E3A79701E9 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys [-] 2009-03-08 . 3D1ABDC3009D6B7CA7F9E66769C126CA . 568832 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe [-] 2009-03-08 . EA032FC150B9C6276C98EB3DED3B75C6 . 652800 . . [5.82] . . c:\windows\system32\comctl32.dll [-] 2009-03-08 . 99C1ACB1B8F0F2CECC56515E502B5120 . 575488 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll [-] 2009-03-08 . E1F5F729264C8AF1D6A95ECD1C8086DD . 1723904 . . [6.00.2900.5634] . . c:\windows\explorer.exe [-] 2009-03-08 . CBF5945651C96E471B3A004BBDC36864 . 37376 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-11-25 2011205] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2009-03-08 09:09 37376 ----a-w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ose"=3 (0x3) "odserv"=3 (0x3) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ctfmon.exe"=c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Alcmtr"=ALCMTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [1/5/2010 4:16 AM 54752] S0 ahci6xx;ahci6xx;c:\windows\system32\drivers\ahci6xx.sys [3/8/2009 10:36 AM 123392] S0 amdide1;amdide1;c:\windows\system32\drivers\amdide1.sys [3/8/2009 10:36 AM 9096] S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\windows\Temp\RarSFX1\kerneld.wnt --> c:\windows\Temp\RarSFX1\kerneld.wnt [?] S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 10:48 PM 704864] S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/22/2005 9:01 PM 2799808] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2010-01-06 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 10:36] . . ------- Supplementary Scan ------- . FF - ProfilePath - c:\users\Administrator\Application Data\Mozilla\Firefox\Profiles\2qiyfclt.default\ FF - prefs.js: browser.startup.homepage - hxxp://google.rs FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - HKCU-Run-fsm - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-06 07:40 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver] "ImagePath"="\??\c:\windows\Temp\RarSFX1\kerneld.wnt" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1032) c:\windows\system32\SETUPAPI.dll c:\windows\system32\athgina.dll c:\windows\system32\Ati2evxx.dll c:\windows\system32\COMRes.dll c:\windows\system32\cscui.dll - - - - - - - > 'lsass.exe'(1088) c:\windows\system32\wdigest.dll c:\windows\system32\SETUPAPI.dll . Completion time: 2010-01-06 07:41:58 ComboFix-quarantined-files.txt 2010-01-06 06:41 ComboFix2.txt 2010-01-06 04:19 Pre-Run: 11,207,720,960 bytes free Post-Run: 11,206,823,936 bytes free - - End Of File - - BA60CBF4F693563A0452A9C42A2447F0 --------------------------------------------------------------------------------------------------------------------------------------- *********************************************************************************************************** --------------------------------------------------------------------------------------------------------------------------------------- *********************************************************************************************************** HiJackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:49:06, on 1/6/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.21148) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\acs.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\snmp.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Software Informer\softinfo.exe C:\WINDOWS\explorer.exe C:\Program Files\Opera\opera.exe C:\Users\Administrator\Desktop\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe -- End of file - 3609 bytes |