Code:
ComboFix 10-01-04.01 - ArenaN1 01/08/2010 11:59:27.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1659 [GMT 1:00]
Running from: E:\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2009-12-08 to 2010-01-08 )))))))))))))))))))))))))))))))
.
2010-01-08 10:44 . 2010-01-08 10:44 -------- d-----w- c:\program files\CCleaner
2010-01-08 10:43 . 2010-01-08 10:43 -------- d-----w- C:\ttcmd
2010-01-08 10:15 . 2010-01-08 10:15 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-01-08 10:03 . 2010-01-08 10:03 388096 ----a-r- c:\documents and settings\ArenaN1\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-08 10:03 . 2010-01-08 10:03 -------- d-----w- c:\program files\TrendMicro
2010-01-08 09:59 . 2010-01-08 09:59 -------- d--h--w- c:\windows\$hf_mig$
2010-01-08 09:59 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-01-08 09:58 . 2010-01-08 09:59 -------- d-----w- c:\documents and settings\ArenaN1\DoctorWeb
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-08 09:49 . 2009-04-03 22:04 67720 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-08 09:45 . 2009-03-15 01:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-05 15:57 . 2009-03-27 11:10 138920 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-05 15:57 . 2009-03-27 11:09 189072 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-28 17:14 . 2009-04-04 10:02 -------- d-----w- c:\documents and settings\ArenaN1\Application Data\Skype
2009-12-27 17:50 . 2009-03-14 15:09 -------- d-----w- c:\program files\Garena
2009-12-20 19:11 . 2009-03-14 22:39 -------- d-----w- c:\documents and settings\ArenaN1\Application Data\DAEMON Tools
2009-11-17 13:02 . 2009-11-17 13:02 -------- d-----w- c:\program files\Common Files\DirectX
2009-11-17 13:01 . 2009-03-14 22:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-17 13:01 . 2009-03-14 22:30 -------- d-----w- c:\program files\AGEIA Technologies
2009-11-17 13:00 . 2009-11-17 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Divinity 2
2009-11-11 09:58 . 2009-03-14 22:22 -------- d--h--w- c:\program files\InstallShield Installation Information
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"nwiz"="nwiz.exe" [2009-02-18 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 1 (0x1)
"DisableLockWorkstation"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFileUrl"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFileUrl"= 1 (0x1)
"NoBandCustomize"= 1 (0x1)
"NoLogoff"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoFileUrl"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CCP Client\\CCPClient.exe"=
"c:\\PROGRA~1\\CCPCLI~1\\ccpclient.exe"=
"e:\\games\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"e:\\games\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\games\\Call of Duty - World at War\\CoDWaWmp.exe"=
"e:\\games\\Call of Duty - World at War\\CoDWaW.exe"=
"e:\\games\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\games\\Pro Evolution Soccer 2010\\pes2010.exe"=
"e:\\games\\Football Manager 2010\\fm.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6218:TCP"= 6218:TCP:xdbdn
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/14/2009 11:37 PM 717296]
S2 thijb;Time Security;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\ArenaN1\LOCALS~1\Temp\OZC23.tmp --> c:\docume~1\ArenaN1\LOCALS~1\Temp\OZC23.tmp [?]
S4 LFUM;LFUM;c:\docume~1\ArenaN1\LOCALS~1\Temp\LFUM.exe --> c:\docume~1\ArenaN1\LOCALS~1\Temp\LFUM.exe [?]
--- Other Services/Drivers In Memory ---
*Deregistered* - PROCEXP111
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
klkqafnp
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
TCP: {EB3F7FF0-84FF-4C1E-8ACB-E03FE85C97AD} = 192.168.0.154
FF - ProfilePath - c:\documents and settings\ArenaN1\Application Data\Mozilla\Firefox\Profiles\czbpbbq1.default\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-08 12:00
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\ArenaN1\LOCALS~1\Temp\OZC23.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\thijb]
"ServiceDll"="c:\windows\system32\ylinyfy.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\antiwpa.dll
- - - - - - - > 'explorer.exe'(3624)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-01-08 12:01:14
ComboFix-quarantined-files.txt 2010-01-08 11:01
ComboFix2.txt 2010-01-08 10:54
ComboFix3.txt 2010-01-08 10:34
Pre-Run: 461,541,376 bytes free
Post-Run: 450,703,360 bytes free
- - End Of File - - 92BB4F888B645489271C58B185982DC0
ComboFix 10-01-04.01 - ArenaN1 01/08/2010 11:59:27.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1659 [GMT 1:00]
Running from: E:\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2009-12-08 to 2010-01-08 )))))))))))))))))))))))))))))))
.
2010-01-08 10:44 . 2010-01-08 10:44 -------- d-----w- c:\program files\CCleaner
2010-01-08 10:43 . 2010-01-08 10:43 -------- d-----w- C:\ttcmd
2010-01-08 10:15 . 2010-01-08 10:15 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-01-08 10:03 . 2010-01-08 10:03 388096 ----a-r- c:\documents and settings\ArenaN1\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-08 10:03 . 2010-01-08 10:03 -------- d-----w- c:\program files\TrendMicro
2010-01-08 09:59 . 2010-01-08 09:59 -------- d--h--w- c:\windows\$hf_mig$
2010-01-08 09:59 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-01-08 09:58 . 2010-01-08 09:59 -------- d-----w- c:\documents and settings\ArenaN1\DoctorWeb
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-08 09:49 . 2009-04-03 22:04 67720 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-08 09:45 . 2009-03-15 01:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-05 15:57 . 2009-03-27 11:10 138920 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-05 15:57 . 2009-03-27 11:09 189072 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-28 17:14 . 2009-04-04 10:02 -------- d-----w- c:\documents and settings\ArenaN1\Application Data\Skype
2009-12-27 17:50 . 2009-03-14 15:09 -------- d-----w- c:\program files\Garena
2009-12-20 19:11 . 2009-03-14 22:39 -------- d-----w- c:\documents and settings\ArenaN1\Application Data\DAEMON Tools
2009-11-17 13:02 . 2009-11-17 13:02 -------- d-----w- c:\program files\Common Files\DirectX
2009-11-17 13:01 . 2009-03-14 22:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-17 13:01 . 2009-03-14 22:30 -------- d-----w- c:\program files\AGEIA Technologies
2009-11-17 13:00 . 2009-11-17 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Divinity 2
2009-11-11 09:58 . 2009-03-14 22:22 -------- d--h--w- c:\program files\InstallShield Installation Information
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"nwiz"="nwiz.exe" [2009-02-18 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 1 (0x1)
"DisableLockWorkstation"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFileUrl"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFileUrl"= 1 (0x1)
"NoBandCustomize"= 1 (0x1)
"NoLogoff"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoFileUrl"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CCP Client\\CCPClient.exe"=
"c:\\PROGRA~1\\CCPCLI~1\\ccpclient.exe"=
"e:\\games\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"e:\\games\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\games\\Call of Duty - World at War\\CoDWaWmp.exe"=
"e:\\games\\Call of Duty - World at War\\CoDWaW.exe"=
"e:\\games\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\games\\Pro Evolution Soccer 2010\\pes2010.exe"=
"e:\\games\\Football Manager 2010\\fm.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6218:TCP"= 6218:TCP:xdbdn
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/14/2009 11:37 PM 717296]
S2 thijb;Time Security;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 12:56 AM 14336]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\ArenaN1\LOCALS~1\Temp\OZC23.tmp --> c:\docume~1\ArenaN1\LOCALS~1\Temp\OZC23.tmp [?]
S4 LFUM;LFUM;c:\docume~1\ArenaN1\LOCALS~1\Temp\LFUM.exe --> c:\docume~1\ArenaN1\LOCALS~1\Temp\LFUM.exe [?]
--- Other Services/Drivers In Memory ---
*Deregistered* - PROCEXP111
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
klkqafnp
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
TCP: {EB3F7FF0-84FF-4C1E-8ACB-E03FE85C97AD} = 192.168.0.154
FF - ProfilePath - c:\documents and settings\ArenaN1\Application Data\Mozilla\Firefox\Profiles\czbpbbq1.default\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-08 12:00
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\ArenaN1\LOCALS~1\Temp\OZC23.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\thijb]
"ServiceDll"="c:\windows\system32\ylinyfy.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\antiwpa.dll
- - - - - - - > 'explorer.exe'(3624)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-01-08 12:01:14
ComboFix-quarantined-files.txt 2010-01-08 11:01
ComboFix2.txt 2010-01-08 10:54
ComboFix3.txt 2010-01-08 10:34
Pre-Run: 461,541,376 bytes free
Post-Run: 450,703,360 bytes free
- - End Of File - - 92BB4F888B645489271C58B185982DC0
ylinyfy.dll sam vec obrisao, ali i dalje ne mogu ici na sajtove...
Glupost je neunishtiva. Budala je nezajebljiva.
Stupidity is permanent; ignorance can be fixed.
Stupidity is permanent; ignorance can be fixed.