[ zrachko @ 08.01.2010. 11:09 ] @
Combofix log: Code: ComboFix 10-01-04.01 - ArenaN1 01/08/2010 11:59:27.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1659 [GMT 1:00] Running from: E:\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2009-12-08 to 2010-01-08 ))))))))))))))))))))))))))))))) . 2010-01-08 10:44 . 2010-01-08 10:44 -------- d-----w- c:\program files\CCleaner 2010-01-08 10:43 . 2010-01-08 10:43 -------- d-----w- C:\ttcmd 2010-01-08 10:15 . 2010-01-08 10:15 -------- d--h--w- c:\windows\system32\GroupPolicy 2010-01-08 10:03 . 2010-01-08 10:03 388096 ----a-r- c:\documents and settings\ArenaN1\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe 2010-01-08 10:03 . 2010-01-08 10:03 -------- d-----w- c:\program files\TrendMicro 2010-01-08 09:59 . 2010-01-08 09:59 -------- d--h--w- c:\windows\$hf_mig$ 2010-01-08 09:59 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll 2010-01-08 09:58 . 2010-01-08 09:59 -------- d-----w- c:\documents and settings\ArenaN1\DoctorWeb . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-08 09:49 . 2009-04-03 22:04 67720 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2010-01-08 09:45 . 2009-03-15 01:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2010-01-05 15:57 . 2009-03-27 11:10 138920 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-01-05 15:57 . 2009-03-27 11:09 189072 ----a-w- c:\windows\system32\PnkBstrB.exe 2009-12-28 17:14 . 2009-04-04 10:02 -------- d-----w- c:\documents and settings\ArenaN1\Application Data\Skype 2009-12-27 17:50 . 2009-03-14 15:09 -------- d-----w- c:\program files\Garena 2009-12-20 19:11 . 2009-03-14 22:39 -------- d-----w- c:\documents and settings\ArenaN1\Application Data\DAEMON Tools 2009-11-17 13:02 . 2009-11-17 13:02 -------- d-----w- c:\program files\Common Files\DirectX 2009-11-17 13:01 . 2009-03-14 22:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-11-17 13:01 . 2009-03-14 22:30 -------- d-----w- c:\program files\AGEIA Technologies 2009-11-17 13:00 . 2009-11-17 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Divinity 2 2009-11-11 09:58 . 2009-03-14 22:22 -------- d--h--w- c:\program files\InstallShield Installation Information . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600] "nwiz"="nwiz.exe" [2009-02-18 1657376] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableChangePassword"= 1 (0x1) "DisableLockWorkstation"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoFileUrl"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoFileUrl"= 1 (0x1) "NoBandCustomize"= 1 (0x1) "NoLogoff"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoFileUrl"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\CCP Client\\CCPClient.exe"= "c:\\PROGRA~1\\CCPCLI~1\\ccpclient.exe"= "e:\\games\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"= "e:\\games\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "e:\\games\\Call of Duty - World at War\\CoDWaWmp.exe"= "e:\\games\\Call of Duty - World at War\\CoDWaW.exe"= "e:\\games\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "e:\\games\\Pro Evolution Soccer 2010\\pes2010.exe"= "e:\\games\\Football Manager 2010\\fm.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6218:TCP"= 6218:TCP:xdbdn S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/14/2009 11:37 PM 717296] S2 thijb;Time Security;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\ArenaN1\LOCALS~1\Temp\OZC23.tmp --> c:\docume~1\ArenaN1\LOCALS~1\Temp\OZC23.tmp [?] S4 LFUM;LFUM;c:\docume~1\ArenaN1\LOCALS~1\Temp\LFUM.exe --> c:\docume~1\ArenaN1\LOCALS~1\Temp\LFUM.exe [?] --- Other Services/Drivers In Memory --- *Deregistered* - PROCEXP111 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs klkqafnp . . ------- Supplementary Scan ------- . uInternet Connection Wizard,ShellNext = iexplore TCP: {EB3F7FF0-84FF-4C1E-8ACB-E03FE85C97AD} = 192.168.0.154 FF - ProfilePath - c:\documents and settings\ArenaN1\Application Data\Mozilla\Firefox\Profiles\czbpbbq1.default\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-08 12:00 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\ArenaN1\LOCALS~1\Temp\OZC23.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\thijb] "ServiceDll"="c:\windows\system32\ylinyfy.dll" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(724) c:\windows\system32\antiwpa.dll - - - - - - - > 'explorer.exe'(3624) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2010-01-08 12:01:14 ComboFix-quarantined-files.txt 2010-01-08 11:01 ComboFix2.txt 2010-01-08 10:54 ComboFix3.txt 2010-01-08 10:34 Pre-Run: 461,541,376 bytes free Post-Run: 450,703,360 bytes free - - End Of File - - 92BB4F888B645489271C58B185982DC0 ylinyfy.dll sam vec obrisao, ali i dalje ne mogu ici na sajtove... |