Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Winfixer,trojandownloader.xs,trojanC.sbi


  • Please log in to reply

#1
Katarina Bader

Katarina Bader

    New Member

  • Member
  • Pip
  • 1 posts
Combofixer result:

ComboFix 08-04-24.1 - Korisnik 2008-04-25 21:04:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.167 [GMT 2:00]
Running from: C:\Documents and Settings\Korisnik\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Korisnik\Application Data\macromedia\Flash Player\#SharedObjects\7LRNJ4XH\www.broadcaster.com
C:\Documents and Settings\Korisnik\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Korisnik\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\LocalService\Application Data\WinIFixer.com
C:\WINDOWS\PerfInfo
C:\WINDOWS\SW_Win2000X5.DLL
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\CbEvtSvc.exe
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\sft.res
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\Web\def.htm

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_CBEVTSVC
-------\Legacy_NPF
-------\Service_6to4
-------\Service_CbEvtSvc
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-03-25 to 2008-04-25 )))))))))))))))))))))))))))))))
.

2008-04-25 19:02 . 2008-04-25 19:02 <DIR> d-------- C:\Program Files\ESET
2008-04-25 19:02 . 2008-04-25 19:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-04-25 18:22 . 2008-04-25 18:22 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-25 18:22 . 2008-04-25 18:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-25 18:21 . 2008-04-25 18:21 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-25 17:54 . 2008-04-25 17:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-04-25 16:37 . 2008-04-25 16:37 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-25 16:37 . 2008-04-25 16:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-25 14:09 . 2008-04-25 14:17 <DIR> d-------- C:\Program Files\Win_Performance
2008-04-25 13:32 . 2008-04-25 13:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nqjinszi
2008-04-25 13:32 . 2008-04-25 13:32 75,264 --a------ C:\Documents and Settings\All Users\Application Data\gxglenen.dll
2008-04-24 19:06 . 2008-04-24 19:07 <DIR> d-------- C:\Program Files\Macromedia
2008-04-24 19:06 . 2008-04-24 19:08 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-04-23 10:21 . 2008-04-24 04:57 151,552 --a------ C:\Documents and Settings\LocalService\Application Data\869715802.exe
2008-04-21 21:45 . 2008-04-24 21:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Micro Niche Finder
2008-04-21 21:44 . 2008-04-21 21:44 <DIR> d-------- C:\Program Files\Micro Niche Finder
2008-04-21 20:06 . 2008-04-21 20:06 269,334 --a------ C:\WINDOWS\system32\ctfmonb.bmp
2008-04-21 20:06 . 2008-04-21 20:06 160,256 --a------ C:\WINDOWS\system32\blackster.scr
2008-04-21 11:51 . 2008-04-21 11:51 147,456 --a------ C:\Documents and Settings\LocalService\Application Data\907608617.exe
2008-04-20 20:12 . 2008-04-20 20:12 245,760 --a------ C:\WINDOWS\system32\vshost.exe
2008-04-20 20:12 . 2008-01-03 19:04 237,568 --a------ C:\WINDOWS\system32\vtempfile.exe
2008-04-20 20:12 . 2008-01-03 19:04 225,280 --a------ C:\WINDOWS\system32\winsmss.exe
2008-04-20 20:10 . 2008-04-20 20:20 <DIR> d-------- C:\Program Files\SpecialOperationsSoftware
2008-04-20 10:23 . 2008-04-23 19:06 578 --a------ C:\WINDOWS\index.html
2008-04-20 10:22 . 2008-04-20 10:22 151,552 --a------ C:\Documents and Settings\LocalService\Application Data\951192718.exe
2008-04-19 18:17 . 2008-04-19 18:18 <DIR> d-------- C:\Program Files\QuickTime
2008-04-19 18:16 . 2008-04-19 18:16 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-19 18:16 . 2008-04-19 18:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-14 13:26 . 2008-04-14 13:27 1,048,587 --a------ C:\123
2008-04-12 15:57 . 2008-04-12 15:57 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-04-12 15:57 . 2008-04-12 15:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-04-12 09:16 . 2008-04-12 09:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-10 02:01 . 2008-04-10 02:07 <DIR> d-------- C:\Program Files\SEO Elite 4
2008-04-03 21:33 . 2007-12-24 20:51 <DIR> d-------- C:\Program Files\Where Is It_-_v3.90_Full[labud]
2008-04-03 08:51 . 2008-04-03 08:51 <DIR> d-------- C:\Program Files\GPLGS
2008-04-03 08:50 . 2008-04-03 08:50 <DIR> d-------- C:\Program Files\Acro Software
2008-04-03 08:50 . 2007-07-12 22:33 87,552 --a------ C:\WINDOWS\system32\cpwmon2k.dll
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-25 19:12 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\Skype
2008-04-25 14:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-25 13:29 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-23 20:32 --------- d-----w C:\Program Files\Ad Word Analyzer
2008-04-15 16:42 304,160 ----a-w C:\StiImg.dat
2008-04-12 13:55 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-12 09:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-04-02 17:56 5,064,168 ----a-w C:\Program Files\Where_Is_It_-_v3.90_Full_labud_.rar
2008-03-28 18:27 --------- d-----w C:\Program Files\Java
2008-03-26 15:36 --------- d-----w C:\Program Files\PQDVD
2008-03-24 20:19 --------- d-----w C:\Program Files\TextPad 5
2008-03-24 20:19 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\Helios
2008-03-23 17:43 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\TypingMaster7
2008-03-20 12:10 --------- d-----w C:\Program Files\Real Link Finder
2008-03-13 21:47 --------- d-----w C:\Program Files\Conference
2008-03-04 02:50 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\Move Networks
2008-03-02 21:48 --------- d-----w C:\Program Files\AdSenseTrackerUpdate2.2
2008-03-01 15:23 --------- d-----w C:\Program Files\DC++
2008-02-28 19:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-28 19:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-02-28 18:39 --------- d-----w C:\Program Files\TechSmith
2008-02-28 18:39 --------- d-----w C:\Program Files\Common Files\TechSmith Shared
2008-01-26 16:45 434,688 ----a-w C:\WINDOWS\system32\ss2uinst.exe
2007-06-11 23:39 65,904 ----a-w C:\Documents and Settings\Korisnik\Application Data\GDIPFONTCACHEV1.DAT
2007-05-10 15:46 1,163,592 ----a-w C:\Program Files\install_flash_player.exe
2007-06-13 21:18 80 --sh--r C:\WINDOWS\system32\2E7B46D71B.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5ce97466-1dd2-11b2-bf9a-c8a2fa743965}]
2008-04-25 13:32 75264 --a------ C:\WINDOWS\ngzapqvo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8799A9A8-3075-44CD-86B8-AD78BF022E3B}]
C:\WINDOWS\system32\pmnno.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{baa4966c-c1a2-4883-8aab-d6fd0f13d11d}]
C:\WINDOWS\system32\krxuthys.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-BBBB-4146-86FD-A722E8AB3489}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-07-02 17:10 23237416]
"Mp4 Player"="C:\Program Files\Mp4 Player\Mp4Player.exe" [ ]
"knicxixx"="C:\WINDOWS\system32\noxqpatq.exe" [2008-04-25 13:32 110592]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"tcomantidialerrun"="C:\Program Files\T-Com Antidialer\T-Com Antidialer.exe" [ ]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 01:07 61440]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 16:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"Cmaudio"="cmicnfg.cpl" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"109cc8a6"="C:\WINDOWS\system32\dipwenhr.dll" [ ]
"StormCodec_Helper"="C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-26 20:30 97357]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-14 15:05 1410304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]

C:\Documents and Settings\Korisnik\Start Menu\Programs\Startup\
VistaMessage.exe [2007-12-19 20:35:50 585728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebProxy"= {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.CSCD"= camcodec.dll
"MSVideo"= CSvidcap.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"C:\\Program Files\\BlazeFtp\\BlazeFtp.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Conference\\Conference.dll"=
"C:\\Program Files\\Micro Niche Finder\\microniche.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-11-14 15:06]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 winsmss;Windows Session Manager Services;C:\WINDOWS\system32\winsmss.exe [2008-01-03 19:04]
R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2004-10-21 20:56]
R3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29]
S0 ntcdrdrv;ntcdrdrv;C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5cf090f7-51e8-11db-8856-806d6172696f}]
\Shell\AutoRun\command - D:\ASUSACPI.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{66186F05-BBBB-4a39-864F-72D84615C679}]
rundll32 sockins32.dll,InitModule
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-25 21:12:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PAStiSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Documents and Settings\Korisnik\Start Menu\Programs\Startup\VistaMessage.exe
C:\WINDOWS\system32\vshost.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-04-25 21:14:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-25 19:14:48

Pre-Run: 3,584,892,928 bytes free
Post-Run: 4,291,956,736 bytes free

209
===================================================



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:56:44, on 25.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CbEvtSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\vshost.exe
C:\WINDOWS\system32\winsmss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\noxqpatq.exe
C:\Documents and Settings\Korisnik\Start Menu\Programs\Startup\VistaMessage.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Korisnik\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.defaulthomepage.info
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5ce97466-1dd2-11b2-bf9a-c8a2fa743965} - C:\WINDOWS\ngzapqvo.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8799A9A8-3075-44CD-86B8-AD78BF022E3B} - C:\WINDOWS\system32\pmnno.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: {d11d31f0-df6d-baa8-3884-2a1cc6694aab} - {baa4966c-c1a2-4883-8aab-d6fd0f13d11d} - C:\WINDOWS\system32\krxuthys.dll (file missing)
O2 - BHO: Microsoft copyright - {FFFFFFFF-BBBB-4146-86FD-A722E8AB3489} - sockins32.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [tcomantidialerrun] C:\Program Files\T-Com Antidialer\T-Com Antidialer.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [109cc8a6] rundll32.exe "C:\WINDOWS\system32\dipwenhr.dll",b
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WinIFixer] C:\Program Files\WinIFixer\WinIFixer.exe
O4 - HKLM\..\Run: [gxglenen] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\gxglenen.dll"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Mp4 Player] "C:\Program Files\Mp4 Player\Mp4Player.exe" hmw
O4 - HKCU\..\Run: [knicxixx] C:\WINDOWS\system32\noxqpatq.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: VistaMessage.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - C:\PROGRA~1\INSTAN~1\IBBar.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Istraživanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.softpedia.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WebProxy - {66186F05-BBBB-4a39-864F-72D84615C679} - sockins32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CbEvtSvc - Unknown owner - C:\WINDOWS\System32\CbEvtSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 9512 bytes
==================================
Kaspersky log

C:\WINDOWS\system32\winsmss.exe Infected: Trojan-Downloader.MSIL.Agent.q skipped
=============
nod32 - 0 infected files

Attached Thumbnails

  • 4.JPG

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP